[Dúvida em Formatação condicional no Excel]

Na realidade eu não tenho nenhum código, fiz pela "formatação condicional" mesmo, sem nenhum código.

[Dúvida em Formatação condicional no Excel]

Bom dia galera do fórum, tenho uma dúvida que sei que não é um bicho de sete cabeças, mas ainda não tenho experiencia com o EXCEL por isso pra mim está impossível.

Eu gostaria de colorir uma linha inteira com base na informção de uma célula. Vou detalhar melhor:

Estou fazendo uma epécie de escala de trabalho, quando digito o dia que o cara trabalhou na célula "1o SERVIÇO", a coluna "QUANTIDADE" recebe o valor 1.

Eu gostaria que toda a linha ficasse colorida de lilás com base no valor 1. Se o cara tirasse dois serviços, a linha deverá ficar verde. E por último, se o cara tirar 3 serviços a linha deverá ficar azul.

O máximo que eu consegui com a formatação condicional, foi deixar apenas a célula com o valor 1, 2 ou 3 colorida, mas isso ainda não resolve o meu problema.

Pelo que eu entendi, vou ter que usar alguma fórmula, mas não tenho experiência o suficiente pra desenvolvê-la.

Espero que alguém possa me ajudar. Desde já obrigado.

[[Resolvido]PC com vírus]

ComboFix 10-06-06.01 - Júnior 06/06/2010 18:36:56.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.263 [GMT -3:00]

Executando de: C:\Documents and Settings\Júnior\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

ADS - drivers: deleted 208 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\DOCUME~1\JNIOR~1\DADOSD~1\MEDIA_~1\flASh.dll

C:\DOCUME~1\JNIOR~1\DADOSD~1\MEDIA_~1\LIVElo~1.dll

C:\WINDOWS\eudr322.exe

C:\WINDOWS\help\ohb4776.exe

C:\WINDOWS\Help\wrb879.exe

C:\WINDOWS\system32\Process.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-05-06 to 2010-06-06 ))))))))))))))))))))))))))))

.

2010-06-03 21:20:25 . 2010-06-03 21:20:25 -------- d-sh--w- C:\WINDOWS\ftpcache

2010-06-03 16:03:47 . 2010-04-12 20:29:19 411368 ----a-w- C:\WINDOWS\system32\deployJava1.dll

2010-06-01 01:06:01 . 2010-06-01 13:52:43 -------- d-----w- C:\Abuse

2010-05-30 15:41:56 . 2010-05-30 15:45:11 2226176 ----a-w- C:\WINDOWS\system32\winmoto.exe

2010-05-30 15:39:50 . 2010-05-30 15:41:53 1283584 ----a-w- C:\WINDOWS\system32\wintalk.exe

2010-05-30 15:37:15 . 2010-05-30 15:39:47 1929216 ----a-w- C:\WINDOWS\system32\taskghl.exe

2010-05-17 11:04:00 . 2010-04-23 18:31:36 30504 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys

2010-05-17 11:03:45 . 2010-05-17 11:04:00 -------- d-----w- C:\Arquivos de programas\GbPlugin

2010-05-17 11:03:45 . 2010-05-17 11:03:45 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

2010-05-13 23:14:01 . 2010-05-13 23:20:46 -------- d--h--w- C:\Arquivos de programas\Zero G Registry

2010-05-13 17:17:33 . 2010-05-13 17:17:34 -------- d-----w- C:\Arquivos de programas\CCleaner

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-03 16:03:29 . 2010-04-02 14:24:43 -------- d-----w- C:\Arquivos de programas\Java

2010-05-24 22:26:53 . 2010-03-10 00:29:21 664 ----a-w- C:\WINDOWS\system32\d3d9caps.dat

2010-05-13 17:39:42 . 2010-02-21 22:07:28 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

2010-05-06 20:59:36 . 2010-02-21 21:27:25 165032 ----a-w- C:\WINDOWS\system32\aswBoot.exe

2010-05-06 20:39:23 . 2010-02-21 21:27:48 46672 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys

2010-05-06 20:39:00 . 2010-02-21 21:27:50 164048 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys

2010-05-06 20:34:27 . 2010-02-21 21:27:49 23376 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys

2010-05-06 20:33:59 . 2010-02-21 21:27:47 100432 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys

2010-05-06 20:33:55 . 2010-02-21 21:27:47 94800 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys

2010-05-06 20:33:47 . 2010-02-21 21:27:50 19024 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys

2010-05-06 20:33:29 . 2010-02-21 21:27:46 28880 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys

2010-05-04 01:11:51 . 2010-03-12 02:06:30 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Messenger Plus!

2010-04-26 23:05:52 . 2010-04-26 23:00:28 -------- d-----w- C:\Arquivos de programas\Canon

2010-04-26 23:02:51 . 2010-04-26 23:02:51 -------- d--h--w- C:\Documents and Settings\All Users\Dados de aplicativos\CanonBJ

2010-04-26 23:01:27 . 2010-04-26 23:01:27 -------- d--h--w- C:\Arquivos de programas\CanonBJ

2010-04-25 22:11:47 . 2008-04-14 12:00:00 62576 ----a-w- C:\WINDOWS\system32\perfc016.dat

2010-04-25 22:11:47 . 2008-04-14 12:00:00 416394 ----a-w- C:\WINDOWS\system32\perfh016.dat

2010-04-23 00:18:50 . 2010-04-23 00:18:47 203776 ----a-w- C:\WINDOWS\fnid1659.dll

2010-04-22 02:07:00 . 2010-04-22 01:41:19 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Borland Shared

2010-04-20 01:05:49 . 2010-04-20 01:05:49 -------- d-----w- C:\Arquivos de programas\Microsoft.NET

2010-04-14 16:47:23 . 2010-02-21 21:27:25 38848 ----a-w- C:\WINDOWS\system32\avastSS.scr

2010-03-10 06:16:48 . 2008-04-14 12:00:00 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 20:59:42 2815192]

"SunJavaUpdateSched"="C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 14:43:18 248040]

"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 04:41:00 8523776]

"TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-02-21 21:31:59 180269]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 12:00:00 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399003}"= "C:\Arquivos de programas\GbPlugin\gbiehcef.dll" [2010-04-23 18:27:34 315432]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2010-04-23 18:27:34 315432 ----a-w- C:\Arquivos de programas\GbPlugin\gbiehcef.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk]

path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Inicialização rápida do HP Image Zone.lnk

backup=C:\WINDOWS\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17:47 952768 ----a-w- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42:51 36272 ----a-w- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-10-23 17:18:46 202024 ----a-w- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 12:00:00 15360 ----a-w- C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-02-23 02:01:44 135664 ----atw- C:\Documents and Settings\Júnior\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2004-05-12 18:18:56 241664 ----a-w- C:\Arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2004-02-12 16:38:56 49152 ----a-w- C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 22:21:12 1695232 ------w- C:\Arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 17:57:24 153136 ----a-w- C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-12-05 04:41:00 8523776 ----a-w- C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-12-05 04:41:00 81920 ----a-w- C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\taskghl.exe]

2010-05-30 15:39:47 1929216 ----a-w- C:\WINDOWS\system32\taskghl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-02-21 21:31:59 180269 ----a-w- C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winmoto.exe]

2010-05-30 15:45:11 2226176 ----a-w- C:\WINDOWS\system32\winmoto.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wintalk.exe]

2010-05-30 15:41:53 1283584 ----a-w- C:\WINDOWS\system32\wintalk.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:\\Arquivos de programas\\Ares\\Ares.exe"=

"C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"C:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [17/5/2010 08:04:00 30504]

R1 aswSP;aswSP;C:\WINDOWS\system32\drivers\aswSP.sys [21/2/2010 18:27:50 164048]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [21/2/2010 18:27:50 19024]

R2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [17/5/2010 08:03:58 53800]

S2 gupdate;Google Update Service (gupdate);C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [8/3/2010 21:44:18 135664]

S2 Scutum50;Scutum50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\Scutum50.sys --> C:\WINDOWS\system32\Drivers\Scutum50.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-06-06 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 00:44:18 . 2010-03-09 00:44:15]

2010-06-06 C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 00:44:18 . 2010-03-09 00:44:15]

2010-06-06 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CA8A03B1-6749-4753-97DF-CB3EF8F089F7}.job

- C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 07:31:54 . 2009-03-08 07:31:54]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} - hxxps://imagem.caixa.gov.br/cab/gbpdist.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

BHO-{1AA9D975-FDB8-4E11-AEC3-D7594FAA9EA3}AEC3-D7594FAA9EA3} - (no file)

MSConfigStartUp-Avast - C:\WINDOWS\help\ohb4776.exe

MSConfigStartUp-Cyberlink - C:\Documents and Settings\All Users\Dados de aplicativos\Cyberlink.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-06 18:42:25

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(512)

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

.

Tempo para conclusão: 2010-06-06 18:47:23

ComboFix-quarantined-files.txt 2010-06-06 21:47:17

Pré-execução: 8 pasta(s) 10.676.338.688 bytes disponíveis

Pós execução: 9 pasta(s) 12.188.827.648 bytes disponíveis

- - End Of File - - E0C8C0E2B5E2B9ED35FE0B8EF3CF96F8

[[Resolvido]PC travando]

OK Renato computador em perfeitas condições de uso!!!

Muito obrigado!

[[Resolvido]PC travando]

O arquivo não está mais na pasta...

Porém o Pc está muito melhor. o problema está resolvido.

Muito obrigado!!

[[Resolvido]PC travando]

Autoscan: completed 16 minutes ago (events: 192687, objects: 188364, time: 02:22:08)

Result: OK (events: 186430)

Result: Detected (events: 29)

7/5/2010 20:57:09 C:\Documents and Settings\All Users\Dados de aplicativos\Cyberlink.exe/XComp

7/5/2010 20:57:37 C:\Documents and Settings\Júnior\winmsng3.exe/PE_Patch.UPX/UPX

7/5/2010 21:01:03 C:\Documents and Settings\Júnior\Dados de aplicativos\Sun\Java\Deployment\cache\6.0\13\7bb744d-10106587/skata.class

7/5/2010 21:37:30 C:\Documents and Settings\All Users\Dados de aplicativos\Cyberlink.exe/XComp

7/5/2010 21:47:55 C:\Qoobox\Quarantine\C\WINDOWS\system32\fisbdn.exe.vir

7/5/2010 21:49:01 C:\Qoobox\Quarantine\C\WINDOWS\system32\gordo.exe.vir/PE_Patch.UPX/UPX

7/5/2010 21:50:00 C:\Qoobox\Quarantine\C\WINDOWS\system32\jurbdn.exe.vir

7/5/2010 21:50:51 C:\Qoobox\Quarantine\C\WINDOWS\system32\olebdn.exe.vir

7/5/2010 21:55:20 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020518.exe/XComp

7/5/2010 21:55:20 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020517.exe/PELock

7/5/2010 21:55:20 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020516.exe/PELock

7/5/2010 21:55:48 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020519.exe/PELock

7/5/2010 21:55:50 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020520.exe/PELock

7/5/2010 21:55:50 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020521.exe/PELock

7/5/2010 21:55:50 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020522.exe

7/5/2010 21:55:51 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020523.exe/PELock

7/5/2010 21:55:51 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020524.exe/PE_Patch.UPX/UPX

7/5/2010 21:55:52 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020525.exe/PE_Patch.UPX/UPX

7/5/2010 21:55:53 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020526.exe/PE_Patch.UPX/UPX

7/5/2010 21:55:53 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020527.exe/PE_Patch.UPX/UPX

7/5/2010 21:55:53 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020528.exe/PE_Patch.UPX/UPX

7/5/2010 21:55:54 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP62\A0020529.exe/PE_Patch.UPX/UPX

7/5/2010 21:56:09 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP64\A0026717.exe

7/5/2010 21:56:09 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP64\A0026719.exe

7/5/2010 21:56:09 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP64\A0026718.exe/PE_Patch.UPX/UPX

7/5/2010 21:56:11 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP64\A0026720.exe

7/5/2010 21:56:31 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP65\A0026961.exe/PE_Patch.UPX/UPX

7/5/2010 21:56:38 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP65\A0026960.exe/XComp

7/5/2010 22:02:23 C:\System Volume Information\_restore{41AABC92-DCA5-4409-AB86-3976EA578A40}\RP65\A0026960.exe/XComp

Result: Archive (events: 5135)

Result: Packed (events: 1026)

Result: Corrupted (events: 9)

Result: Deleted (events: 27)

Result: Backed up (events: 27)

Result: Not processed (events: 1)

Result: Processing error (events: 1)

Result: Task started (events: 1)

Result: Task completed (events: 1)

[[Resolvido]PC travando]

Boa noite Renato, segue abaixo o log do Combofix:

ComboFix 10-05-03.03 - Júnior 03/05/2010 21:10:21.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.267 [GMT -3:00]

Executando de: c:\documents and settings\Júnior\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\arquivos de programas\WindowsUpdate

c:\documents and settings\All Users\Dados de aplicativos\dkwork.ini

c:\documents and settings\All Users\Dados de aplicativos\UpApp32.dll

C:\JUNIOR.txt

c:\windows\system32\fisbdn.exe

c:\windows\system32\gordo.exe

c:\windows\system32\jurbdn.exe

c:\windows\system32\olebdn.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-04-04 to 2010-05-04 ))))))))))))))))))))))))))))

.

2010-04-26 23:05 . 2010-05-01 01:20 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\CanonIJPLM

2010-04-26 23:03 . 2008-04-15 05:20 410112 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\CanonBJ\IJPrinter\CNMWINDOWS\Canon iP1900 series\LanguageModules406\CNMur9M.dll

2010-04-26 23:02 . 2010-04-26 23:02 -------- d--h--w- c:\documents and settings\All Users\Dados de aplicativos\CanonBJ

2010-04-26 23:02 . 2008-03-11 05:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9M.DLL

2010-04-26 23:02 . 2008-03-11 05:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9M.DLL

2010-04-26 23:02 . 2008-03-11 05:00 230912 ----a-w- c:\windows\system32\CNMLM9M.DLL

2010-04-26 23:01 . 2010-04-26 23:01 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information

2010-04-26 23:01 . 2010-04-26 23:01 -------- d--h--w- c:\arquivos de programas\CanonBJ

2010-04-26 23:00 . 2010-04-26 23:05 -------- d-----w- c:\arquivos de programas\Canon

2010-04-26 11:18 . 2010-04-26 11:18 -------- d--h--w- c:\windows\PIF

2010-04-24 02:24 . 2010-04-24 02:36 -------- dc----w- c:\windows\system32\DRVSTORE

2010-04-23 00:18 . 2010-04-23 00:18 203776 ----a-w- c:\windows\fnid1659.dll

2010-04-23 00:18 . 2010-04-23 00:18 963374 --sh--w- c:\documents and settings\All Users\Dados de aplicativos\Cyberlink.exe

2010-04-22 01:49 . 2001-11-28 23:50 177152 ------w- c:\windows\system32\ibinstall.dll

2010-04-22 01:41 . 2010-04-22 02:07 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Borland Shared

2010-04-20 01:07 . 2007-04-09 16:23 28552 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll

2010-04-20 01:07 . 2007-04-09 16:23 28040 ----a-w- c:\windows\system32\mdimon.dll

2010-04-20 01:05 . 2010-04-20 01:05 -------- d-----w- c:\arquivos de programas\Microsoft.NET

2010-04-04 01:23 . 2010-04-04 01:23 -------- d-----w- c:\windows\Sun

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-28 00:17 . 2010-03-10 00:29 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-04-25 22:11 . 2008-04-14 12:00 62576 ----a-w- c:\windows\system32\perfc016.dat

2010-04-25 22:11 . 2008-04-14 12:00 416394 ----a-w- c:\windows\system32\perfh016.dat

2010-04-15 01:45 . 2010-02-21 22:07 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Microsoft Help

2010-04-14 16:47 . 2010-02-21 21:27 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-04-14 16:47 . 2010-02-21 21:27 153184 ----a-w- c:\windows\system32\aswBoot.exe

2010-04-14 16:35 . 2010-02-21 21:27 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-04-14 16:35 . 2010-02-21 21:27 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-04-14 16:31 . 2010-02-21 21:27 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-04-14 16:31 . 2010-02-21 21:27 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-04-14 16:31 . 2010-02-21 21:27 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-04-14 16:31 . 2010-02-21 21:27 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-04-14 16:30 . 2010-02-21 21:27 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-04-02 14:24 . 2010-03-09 00:42 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-04-02 14:24 . 2010-04-02 14:24 -------- d-----w- c:\arquivos de programas\Java

2010-03-30 12:06 . 2010-03-30 12:06 -------- d-----w- c:\arquivos de programas\Disc2Phone

2010-03-30 12:05 . 2010-03-30 12:05 -------- d-----w- c:\arquivos de programas\Arquivos comuns\InstallShield

2010-03-25 21:43 . 2010-03-25 21:23 -------- d-----w- c:\arquivos de programas\Tony Hawk's Underground 2

2010-03-12 02:06 . 2010-03-12 02:06 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Messenger Plus!

2010-03-12 02:06 . 2010-03-10 02:00 -------- d-----w- c:\arquivos de programas\Messenger Plus! Live

2010-03-10 06:16 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-09 21:18 . 2010-03-04 01:20 -------- d-----w- c:\arquivos de programas\Google

2010-03-09 00:44 . 2010-03-09 00:44 -------- d-----w- c:\arquivos de programas\Arquivos comuns\Java

2010-03-09 00:39 . 2010-03-09 00:39 -------- d-----w- c:\arquivos de programas\Programas RFB

2010-02-25 06:17 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-21 23:20 . 2010-02-21 23:01 104300 ----a-w- c:\windows\hpoins04.dat

2010-02-21 23:20 . 2010-02-21 21:03 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-21 21:00 . 2010-02-21 21:00 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2010-02-17 17:07 . 2008-04-14 12:00 2194176 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:07 . 2008-04-13 19:00 2071040 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2010-04-14 2790472]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]

"SunJavaUpdateSched"="c:\arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe" [2010-02-18 248040]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^Inicialização rápida do HP Image Zone.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\Inicialização rápida do HP Image Zone.lnk

backup=c:\windows\pss\Inicialização rápida do HP Image Zone.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-03-24 18:17 952768 ----a-w- c:\arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-04-04 05:42 36272 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-10-23 17:18 202024 ----a-w- c:\arquivos de programas\Arquivos comuns\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-14 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cyberlink.exe]

2010-04-23 00:18 963374 --sh--w- c:\documents and settings\All Users\Dados de aplicativos\Cyberlink.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2010-02-23 02:01 135664 ----atw- c:\documents and settings\Júnior\Configurações locais\Dados de aplicativos\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]

2004-05-12 18:18 241664 ----a-w- c:\arquivos de programas\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2004-02-12 16:38 49152 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 22:21 1695232 ------w- c:\arquivos de programas\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 17:57 153136 ----a-w- c:\arquivos de programas\Arquivos comuns\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]

2007-12-05 04:41 8523776 ----a-w- c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]

2007-12-05 04:41 81920 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2010-02-21 21:31 180269 ----a-w- c:\arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Ares\\Ares.exe"=

"c:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Arquivos de programas\\Java\\jre6\\bin\\javaw.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [21/2/2010 18:27 162768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [21/2/2010 18:27 19024]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [8/3/2010 21:44 135664]

S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\Drivers\Scutum50.sys --> c:\windows\system32\Drivers\Scutum50.sys [?]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-05-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 00:44]

2010-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-03-09 00:44]

2010-05-03 c:\windows\Tasks\User_Feed_Synchronization-{CA8A03B1-6749-4753-97DF-CB3EF8F089F7}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 07:31]

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

.

- - - - ORFÃOS REMOVIDOS - - - -

BHO-{8CBE7C48-A58A-4F8A-9109-FDA362200A67}9109-FDA362200A67} - (no file)

MSConfigStartUp-Avast - c:\windows\help\lqy6091.exe

MSConfigStartUp-fisbdn - c:\windows\system32\fisbdn.exe

MSConfigStartUp-jurbdn - c:\windows\System32\jurbdn.exe

MSConfigStartUp-nwiz - nwiz.exe

MSConfigStartUp-olebdn - c:\windows\System32\olebdn.exe

MSConfigStartUp-utilitários - c:\documents and settings\All Users\Dados de aplicativos\utilitários.exe

AddRemove-IRPF2010 - Declaração de Ajuste Anual e Final de Espólio - c:\arquiv~2\IRPF2010\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-03 21:16

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|ÿÿÿÿÀ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

Tempo para conclusão: 2010-05-03 21:18:58

ComboFix-quarantined-files.txt 2010-05-04 00:18

Pré-execução: 5 pasta(s) 33.740.587.008 bytes disponíveis

Pós execução: 8 pasta(s) 34.582.548.480 bytes disponíveis

WindowsXP-KB310994-SP2-Pro-BootDisk-PTG.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 3A817509883763EB1D1EAA0091232CA7

Aguardando uma resposta!

[[Resolvido]PC travando]

Renato não sei se seria realmente essa a resposta esperada, porém estou colocando o que acho q seria o resultado:

MD5: f352a6afc3bdec38c7c124684af8efdf

First received: 2010.04.26 08:53:24 UTC

Data 2010.04.28 19:42:14 UTC [>4D]

Resultados 23/40

Permalink: analisis/d2dc27acb42c378f55c558fbaf5b2a1933a6e931d8fde1c260bc3bbafe68a08d-1272483734

Quando cliquei neste link entrei numa página mais específica, vi até que esse arquivo é um trojan.

Se necessário me fale que poosto essa página...

Obrigado, aguardo próximas instruções!

[[Resolvido]PC travando]

Aê pessoal na resposta anterior esqueci de desabilitar o Avast, segue abaixo o post correto:

DDS (Ver_10-03-17.01) - NTFSx86

Run by J£nior at 10:25:44,16 on qui 29/04/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.224 [GMT -3:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Arquivos de programas\Canon\IJPLM\IJPLMSVC.EXE

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Júnior\Meus documentos\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: {8CBE7C48-A58A-4F8A-9109-FDA362200A67}9109-FDA362200A67} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [avast5] c:\arquiv~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-21 162768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-21 19024]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-2-21 40384]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-2-21 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-2-21 40384]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-3-8 135664]

S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\scutum50.sys --> c:\windows\system32\drivers\Scutum50.sys [?]

=============== Created Last 30 ================

2010-04-26 23:05:58 0 d-----w- c:\docume~1\alluse~1\dadosd~1\CanonIJPLM

2010-04-26 23:02:04 230912 ----a-w- c:\windows\system32\CNMLM9M.DLL

2010-04-26 23:00:28 0 d-----w- c:\arquivos de programas\Canon

2010-04-26 11:18:01 0 d--h--w- c:\windows\PIF

2010-04-23 00:18:47 213504 ----a-w- c:\windows\system32\gordo.exe

2010-04-23 00:18:47 203776 ----a-w- c:\windows\fnid1659.dll

2010-04-23 00:18:46 963374 --sh--w- c:\docume~1\alluse~1\dadosd~1\Cyberlink.exe

2010-04-23 00:18:46 45056 ----a-w- c:\windows\system32\olebdn.exe

2010-04-23 00:18:45 36864 ----a-w- c:\windows\system32\jurbdn.exe

2010-04-23 00:18:39 57856 ----a-w- c:\documents and settings\júnior\winmsng3.exe

2010-04-23 00:18:38 118784 ----a-w- c:\windows\system32\fisbdn.exe

2010-04-22 23:22:48 3303 ----a-w- c:\windows\system32\wbem\Outlook_01cae272b8759746.mof

2010-04-22 02:07:56 0 d-----w- c:\windows\system32\appmgmt

2010-04-22 01:54:11 0 d-----w- c:\documents and settings\júnior\.borland

2010-04-22 01:49:00 177152 ------w- c:\windows\system32\ibinstall.dll

2010-04-22 01:41:19 0 d-----w- c:\arquivos de programas\arquivos comuns\Borland Shared

2010-04-20 01:07:22 421 ----a-w- c:\windows\ODBC.INI

2010-04-20 01:07:18 28040 ----a-w- c:\windows\system32\mdimon.dll

2010-04-15 01:44:43 197 ----a-w- c:\windows\system32\MRT.INI

2010-04-05 00:51:04 0 d-----w- c:\docume~1\jnior~1\dadosd~1\Thinstall

2010-04-04 01:24:06 20480 ----a-w- c:\documents and settings\júnior\count.exe

2010-04-04 01:24:04 269 ----a-w- c:\docume~1\alluse~1\dadosd~1\UpApp32.dll

2010-04-02 14:25:03 73728 ----a-w- c:\windows\system32\javacpl.cpl

==================== Find3M ====================

2010-04-28 01:10:41 3670016 ---há-w- c:\documents and settings\júnior\NTUSER.DAT

2010-04-25 22:11:47 62576 ----a-w- c:\windows\system32\perfc016.dat

2010-04-25 22:11:47 416394 ----a-w- c:\windows\system32\perfh016.dat

2010-04-02 14:24:48 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-10 06:16:48 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:17:52 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-21 23:20:38 104300 ----a-w- c:\windows\hpoins04.dat

2010-02-21 21:00:17 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2010-02-17 17:07:18 2194176 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:07:16 2071040 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34:55 100864 ----a-w- c:\windows\system32\6to4svc.dll

============= FINISH: 10:26:05,89 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 21/2/2010 18:07:13

System Uptime: 29/4/2010 10:22:52 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S800D-X

Processor: Intel® Pentium® 4 CPU 2.40GHz | PGA 478 | 2400/133mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 52 GiB total, 12,498 GiB free.

D: is FIXED (NTFS) - 24 GiB total, 18,88 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP33: 15/3/2010 14:13:33 - Ponto de verificação do sistema

RP34: 18/3/2010 12:30:39 - Ponto de verificação do sistema

RP35: 21/3/2010 13:41:03 - Ponto de verificação do sistema

RP36: 23/3/2010 14:48:38 - Ponto de verificação do sistema

RP37: 25/3/2010 14:17:42 - Ponto de verificação do sistema

RP38: 26/3/2010 18:09:10 - Ponto de verificação do sistema

RP39: 29/3/2010 18:09:41 - Ponto de verificação do sistema

RP40: 30/3/2010 09:06:10 - Instalado Disc2Phone

RP41: 30/3/2010 22:59:55 - Software Distribution Service 3.0

RP42: 2/4/2010 11:23:56 - Removed Java 6 Update 18

RP43: 2/4/2010 11:24:39 - Installed Java 6 Update 19

RP44: 4/4/2010 17:17:44 - Ponto de verificação do sistema

RP45: 5/4/2010 22:45:32 - Ponto de verificação do sistema

RP46: 7/4/2010 21:07:59 - Ponto de verificação do sistema

RP47: 9/4/2010 11:00:29 - Ponto de verificação do sistema

RP48: 10/4/2010 12:11:54 - Ponto de verificação do sistema

RP49: 11/4/2010 14:21:01 - Ponto de verificação do sistema

RP50: 12/4/2010 19:23:48 - Ponto de verificação do sistema

RP51: 14/4/2010 10:58:04 - Software Distribution Service 3.0

RP52: 14/4/2010 22:40:22 - Software Distribution Service 3.0

RP53: 16/4/2010 09:00:03 - Ponto de verificação do sistema

RP54: 17/4/2010 09:56:54 - Ponto de verificação do sistema

RP55: 18/4/2010 20:06:08 - Ponto de verificação do sistema

RP56: 19/4/2010 22:05:39 - Instalado Microsoft Office Professional Edição 2003

RP57: 21/4/2010 09:52:38 - Software Distribution Service 3.0

RP58: 21/4/2010 22:41:12 - Installed Borland Delphi 7

RP59: 21/4/2010 23:03:41 - Removed Borland Delphi 7

RP60: 22/4/2010 08:42:53 - Software Distribution Service 3.0

RP61: 23/4/2010 23:24:39 - Installed Ralink Wireless LAN

RP62: 23/4/2010 23:36:02 - Removed Ralink Wireless LAN

RP63: 27/4/2010 19:16:51 - Ponto de verificação do sistema

==== Installed Programs ======================

2600

2600_Help

2600Trb

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2 - Português

AiO_Scan

AiOSoftware

Ares 2.1.4

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB968816)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB976325)

Atualização de Segurança para Windows Internet Explorer 8 (KB978207)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB969947)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB970430)

Atualização de Segurança para Windows XP (KB971468)

Atualização de Segurança para Windows XP (KB971486)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB971961)

Atualização de Segurança para Windows XP (KB972270)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB973904)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974318)

Atualização de Segurança para Windows XP (KB974392)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização de Segurança para Windows XP (KB975560)

Atualização de Segurança para Windows XP (KB975561)

Atualização de Segurança para Windows XP (KB975713)

Atualização de Segurança para Windows XP (KB977165)

Atualização de Segurança para Windows XP (KB977816)

Atualização de Segurança para Windows XP (KB977914)

Atualização de Segurança para Windows XP (KB978037)

Atualização de Segurança para Windows XP (KB978251)

Atualização de Segurança para Windows XP (KB978262)

Atualização de Segurança para Windows XP (KB978338)

Atualização de Segurança para Windows XP (KB978601)

Atualização de Segurança para Windows XP (KB978706)

Atualização de Segurança para Windows XP (KB979309)

Atualização de Segurança para Windows XP (KB979683)

Atualização de Segurança para Windows XP (KB980232)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows Internet Explorer 8 (KB978506)

Atualização para Windows Internet Explorer 8 (KB980182)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955759)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB971737)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

Atualização para Windows XP (KB978207)

avast! Free Antivirus

BufferChm

Canon iP1900 series Printer Driver

Copy

CreativeProjects

CreativeProjectsTemplates

CueTour

Destinations

Director

Disc2Phone

DocProc

DocumentViewer

Fax

Ferramenta de Carregamento do Windows Live

Google Chrome

Google Earth Pro

Google Update Helper

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB976098-v2)

Hotfix para Windows XP (KB979306)

HP Diagnostic Assistant

HP Image Zone 4.2

HP PSC & OfficeJet 4.2

HP Software Update

HPSystemDiagnostics

Inkjet Printer/Scanner Extended Survey Program

InstantShare

IRPF2010 - Declaração de Ajuste Anual e Final de Espólio

Java Auto Updater

Java 6 Update 19

K-Lite Mega Codec Pack 5.6.1

Messenger Plus! Live

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Professional Edição 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft XML Parser

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 8

neroxml

Overland

PDFCreator

PhotoGallery

PrintScreen

ProductContext

QFolder

QuickProjects

RadioSure

Readme

RealPlayer

Receitanet Java 2010.02

Scan

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB978380)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB978382)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB980470)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Segoe UI

SkinsHP1

TrayApp

Unload

Update for 2007 Microsoft Office System (KB967642)

Update for 2007 Microsoft Office System (KB981715)

Update for Microsoft Office InfoPath 2007 (KB976416)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Outlook 2007 Junk Email Filter (kb981433)

VCRedistSetup

VDownloader 1.12

WebFldrs XP

WebReg

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

==== End Of File ===========================

Continuo aguardando uma resposta...

[[Resolvido]PC travando]

Ok, segue abaixo os Logs:

DDS (Ver_10-03-17.01) - NTFSx86

Run by J£nior at 8:18:42,01 on seg 26/04/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.511.203 [GMT -3:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Documents and Settings\Júnior\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Júnior\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Júnior\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Júnior\Meus documentos\Downloads\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: {8CBE7C48-A58A-4F8A-9109-FDA362200A67}9109-FDA362200A67} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [avast5] c:\arquiv~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\arquivos comuns\java\java update\jusched.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\arquivos de programas\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-21 162768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-21 19024]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-2-21 40384]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-2-21 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-2-21 40384]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2010-3-8 135664]

S2 Scutum50;Scutum50 NDIS Protocol Driver;c:\windows\system32\drivers\scutum50.sys --> c:\windows\system32\drivers\Scutum50.sys [?]

=============== Created Last 30 ================

2010-04-26 11:18:01 0 d--h--w- c:\windows\PIF

2010-04-23 00:18:47 213504 ----a-w- c:\windows\system32\gordo.exe

2010-04-23 00:18:47 203776 ----a-w- c:\windows\fnid1659.dll

2010-04-23 00:18:46 963374 --sh--w- c:\docume~1\alluse~1\dadosd~1\Cyberlink.exe

2010-04-23 00:18:46 45056 ----a-w- c:\windows\system32\olebdn.exe

2010-04-23 00:18:45 36864 ----a-w- c:\windows\system32\jurbdn.exe

2010-04-23 00:18:39 57856 ----a-w- c:\documents and settings\júnior\winmsng3.exe

2010-04-23 00:18:38 118784 ----a-w- c:\windows\system32\fisbdn.exe

2010-04-22 23:22:48 3303 ----a-w- c:\windows\system32\wbem\Outlook_01cae272b8759746.mof

2010-04-22 02:07:56 0 d-----w- c:\windows\system32\appmgmt

2010-04-22 01:54:11 0 d-----w- c:\documents and settings\júnior\.borland

2010-04-22 01:49:00 177152 ------w- c:\windows\system32\ibinstall.dll

2010-04-22 01:41:19 0 d-----w- c:\arquivos de programas\arquivos comuns\Borland Shared

2010-04-20 01:07:22 421 ----a-w- c:\windows\ODBC.INI

2010-04-20 01:07:18 28040 ----a-w- c:\windows\system32\mdimon.dll

2010-04-15 01:44:43 197 ----a-w- c:\windows\system32\MRT.INI

2010-04-05 00:51:04 0 d-----w- c:\docume~1\jnior~1\dadosd~1\Thinstall

2010-04-04 01:24:06 20480 ----a-w- c:\documents and settings\júnior\count.exe

2010-04-04 01:24:04 269 ----a-w- c:\docume~1\alluse~1\dadosd~1\UpApp32.dll

2010-04-02 14:25:03 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-03-30 12:09:20 5840 ----a-r- c:\windows\system32\drivers\w200whnt.sys

2010-03-30 12:09:19 61504 ----a-r- c:\windows\system32\drivers\w200bus.sys

2010-03-30 12:09:19 5840 ----a-r- c:\windows\system32\drivers\w200wh.sys

2010-03-30 12:06:13 0 d-----w- c:\arquivos de programas\Disc2Phone

2010-03-30 12:05:50 0 d-----w- c:\arquivos de programas\arquivos comuns\InstallShield

==================== Find3M ====================

2010-04-25 22:11:47 62576 ----a-w- c:\windows\system32\perfc016.dat

2010-04-25 22:11:47 416394 ----a-w- c:\windows\system32\perfh016.dat

2010-04-25 21:50:32 3670016 ---há-w- c:\documents and settings\júnior\NTUSER.DAT

2010-04-02 14:24:48 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-10 06:16:48 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-02-25 06:17:52 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-21 23:20:38 104300 ----a-w- c:\windows\hpoins04.dat

2010-02-21 21:00:17 21844 ----a-w- c:\windows\system32\emptyregdb.dat

2010-02-17 17:07:18 2194176 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:07:16 2071040 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:34:55 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-01-28 12:05:08 69632 ----a-w- c:\windows\system32\MSJCE.dll

============= FINISH: 8:19:09,81 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 21/2/2010 18:07:13

System Uptime: 26/4/2010 08:15:25 (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | P4S800D-X

Processor: Intel® Pentium® 4 CPU 2.40GHz | PGA 478 | 2400/133mhz

==== Disk Partitions =========================

A: is Removable

C: is FIXED (NTFS) - 52 GiB total, 12,224 GiB free.

D: is FIXED (NTFS) - 24 GiB total, 18,88 GiB free.

E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP23: 3/3/2010 12:54:47 - Ponto de verificação do sistema

RP24: 3/3/2010 22:20:32 - Instalado Google Earth Pro.

RP25: 5/3/2010 12:48:35 - Ponto de verificação do sistema

RP26: 7/3/2010 15:41:15 - Ponto de verificação do sistema

RP27: 8/3/2010 18:44:19 - Ponto de verificação do sistema

RP28: 8/3/2010 21:41:48 - Installed Java 6 Update 18

RP29: 8/3/2010 21:42:33 - Installed Java Runtime Environment

RP30: 9/3/2010 15:36:32 - Software Distribution Service 3.0

RP31: 10/3/2010 15:44:35 - Ponto de verificação do sistema

RP32: 11/3/2010 16:48:43 - Ponto de verificação do sistema

RP33: 15/3/2010 14:13:33 - Ponto de verificação do sistema

RP34: 18/3/2010 12:30:39 - Ponto de verificação do sistema

RP35: 21/3/2010 13:41:03 - Ponto de verificação do sistema

RP36: 23/3/2010 14:48:38 - Ponto de verificação do sistema

RP37: 25/3/2010 14:17:42 - Ponto de verificação do sistema

RP38: 26/3/2010 18:09:10 - Ponto de verificação do sistema

RP39: 29/3/2010 18:09:41 - Ponto de verificação do sistema

RP40: 30/3/2010 09:06:10 - Instalado Disc2Phone

RP41: 30/3/2010 22:59:55 - Software Distribution Service 3.0

RP42: 2/4/2010 11:23:56 - Removed Java 6 Update 18

RP43: 2/4/2010 11:24:39 - Installed Java 6 Update 19

RP44: 4/4/2010 17:17:44 - Ponto de verificação do sistema

RP45: 5/4/2010 22:45:32 - Ponto de verificação do sistema

RP46: 7/4/2010 21:07:59 - Ponto de verificação do sistema

RP47: 9/4/2010 11:00:29 - Ponto de verificação do sistema

RP48: 10/4/2010 12:11:54 - Ponto de verificação do sistema

RP49: 11/4/2010 14:21:01 - Ponto de verificação do sistema

RP50: 12/4/2010 19:23:48 - Ponto de verificação do sistema

RP51: 14/4/2010 10:58:04 - Software Distribution Service 3.0

RP52: 14/4/2010 22:40:22 - Software Distribution Service 3.0

RP53: 16/4/2010 09:00:03 - Ponto de verificação do sistema

RP54: 17/4/2010 09:56:54 - Ponto de verificação do sistema

RP55: 18/4/2010 20:06:08 - Ponto de verificação do sistema

RP56: 19/4/2010 22:05:39 - Instalado Microsoft Office Professional Edição 2003

RP57: 21/4/2010 09:52:38 - Software Distribution Service 3.0

RP58: 21/4/2010 22:41:12 - Installed Borland Delphi 7

RP59: 21/4/2010 23:03:41 - Removed Borland Delphi 7

RP60: 22/4/2010 08:42:53 - Software Distribution Service 3.0

RP61: 23/4/2010 23:24:39 - Installed Ralink Wireless LAN

RP62: 23/4/2010 23:36:02 - Removed Ralink Wireless LAN

==== Installed Programs ======================

2600

2600_Help

2600Trb

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 9.3.2 - Português

AiO_Scan

AiOSoftware

Ares 2.1.4

Arquivo do WinRAR

Assistente de Conexão do Windows Live

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB968816)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB976325)

Atualização de Segurança para Windows Internet Explorer 8 (KB978207)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB969947)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB970430)

Atualização de Segurança para Windows XP (KB971468)

Atualização de Segurança para Windows XP (KB971486)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB971961)

Atualização de Segurança para Windows XP (KB972270)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB973904)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974318)

Atualização de Segurança para Windows XP (KB974392)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização de Segurança para Windows XP (KB975560)

Atualização de Segurança para Windows XP (KB975561)

Atualização de Segurança para Windows XP (KB975713)

Atualização de Segurança para Windows XP (KB977165)

Atualização de Segurança para Windows XP (KB977816)

Atualização de Segurança para Windows XP (KB977914)

Atualização de Segurança para Windows XP (KB978037)

Atualização de Segurança para Windows XP (KB978251)

Atualização de Segurança para Windows XP (KB978262)

Atualização de Segurança para Windows XP (KB978338)

Atualização de Segurança para Windows XP (KB978601)

Atualização de Segurança para Windows XP (KB978706)

Atualização de Segurança para Windows XP (KB979309)

Atualização de Segurança para Windows XP (KB979683)

Atualização de Segurança para Windows XP (KB980232)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows Internet Explorer 8 (KB978506)

Atualização para Windows Internet Explorer 8 (KB980182)

Atualização para Windows XP (KB898461)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955759)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB971737)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

Atualização para Windows XP (KB978207)

avast! Free Antivirus

BufferChm

Copy

CreativeProjects

CreativeProjectsTemplates

CueTour

Destinations

Director

Disc2Phone

DocProc

DocumentViewer

Fax

Ferramenta de Carregamento do Windows Live

Google Chrome

Google Earth Pro

Google Update Helper

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB976098-v2)

Hotfix para Windows XP (KB979306)

HP Diagnostic Assistant

HP Image Zone 4.2

HP PSC & OfficeJet 4.2

HP Software Update

HPSystemDiagnostics

InstantShare

IRPF2010 - Declaração de Ajuste Anual e Final de Espólio

Java Auto Updater

Java 6 Update 19

K-Lite Mega Codec Pack 5.6.1

Messenger Plus! Live

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (Portuguese (Brazil)) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (Portuguese (Brazil)) 2007

Microsoft Office Groove MUI (Portuguese (Brazil)) 2007

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007

Microsoft Office Professional Edição 2003

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Portuguese (Brazil)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (Portuguese (Brazil)) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007

Microsoft Office Shared MUI (Portuguese (Brazil)) 2007

Microsoft Office Word MUI (Portuguese (Brazil)) 2007

Microsoft Software Update for Web Folders (Portuguese (Brazil)) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft XML Parser

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 8

neroxml

Overland

PDFCreator

PhotoGallery

PrintScreen

ProductContext

QFolder

QuickProjects

RadioSure

Readme

RealPlayer

Receitanet Java 2010.02

Scan

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB978380)

Security Update for CAPICOM (KB931906)

Security Update for Microsoft Office Excel 2007 (KB978382)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB980470)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Segoe UI

SkinsHP1

TrayApp

Unload

Update for 2007 Microsoft Office System (KB967642)

Update for 2007 Microsoft Office System (KB981715)

Update for Microsoft Office InfoPath 2007 (KB976416)

Update for Microsoft Office OneNote 2007 (KB980729)

Update for Outlook 2007 Junk Email Filter (kb981433)

VCRedistSetup

VDownloader 1.12

WebFldrs XP

WebReg

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

==== End Of File ===========================

Aguardando mais instruções...

[[Resolvido]PC travando]

Olá pessoal do Script Brasil, gostaria que vocês analisassem meu log.

O PC está travando direto, principalmente o IE...

Deve ter algum problema com o IE, sempre que o abro ficam rodando 2 processos.

Segue abaixo meu log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 14:14:09, on 24/4/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Documents and Settings\Júnior\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Júnior\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Júnior\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Júnior\Configurações locais\Dados de aplicativos\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Júnior\Meus documentos\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {8CBE7C48-A58A-4F8A-9109-FDA362200A67}9109-FDA362200A67} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--

End of file - 5877 bytes

Aguardo resposta de vocês...

[[Resolvido]Analisem meu log por favor!]

OK, tudo pronto, Combofix desinstalado, JavaRa executado e os procedimentos do CCleaner também executados...

[[Resolvido]Analisem meu log por favor!]

Caro Killer, eu não sei o motivo, mas o comando de remover o combofix não está fazendo o que deveria.

Quando executo o comando combofix /u ele simplesmente executa o combofix fazendo uma varredura no sistema.

Por isso ainda não baixei o Javara, aguardo uma instrução de como proceder...

[[Resolvido]Analisem meu log por favor!]

http://www.virustotal.com/pt/analisis/1fe2...b24b-1261342838

[[Resolvido]Analisem meu log por favor!]

[[Resolvido]Analisem meu log por favor!]

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2009-12-27 18:46:43

Windows 6.0.6002 Service Pack 2

Running: gmer.exe; Driver: C:\Users\JNIOR~1\AppData\Local\Temp\ufryipod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8DE08340, 0x3FA057, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\services.exe[736] kernel32.dll!FreeLibrary 75E63DB4 5 Bytes JMP 1007AC50 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Windows\system32\services.exe[736] kernel32.dll!FreeLibraryAndExitThread 75E64642 5 Bytes JMP 1007AAF0 C:\Program Files\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!CreateWindowExW 76EF1305 5 Bytes JMP 6F53D684 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!DialogBoxParamW 76F110B0 5 Bytes JMP 6F46541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!DialogBoxIndirectParamW 76F12EF5 5 Bytes JMP 6F6343FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!DialogBoxParamA 76F28152 5 Bytes JMP 6F63439C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!DialogBoxIndirectParamA 76F2847D 5 Bytes JMP 6F634462 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!MessageBoxIndirectA 76F3D4D9 5 Bytes JMP 6F634331 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!MessageBoxIndirectW 76F3D5D3 5 Bytes JMP 6F6342C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!MessageBoxExA 76F3D639 5 Bytes JMP 6F634264 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5040] USER32.dll!MessageBoxExW 76F3D65D 5 Bytes JMP 6F634202 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!CreateDialogParamW 76EE72A2 5 Bytes JMP 6F53DA10 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!GetAsyncKeyState 76EE863C 5 Bytes JMP 6F4590DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!SetWindowsHookExW 76EE87AD 5 Bytes JMP 6F5397FD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!CallNextHookEx 76EE8E3B 5 Bytes JMP 6F52CE81 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!UnhookWindowsHookEx 76EE98DB 5 Bytes JMP 6F4A4620 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!EnableWindow 76EECD8B 5 Bytes JMP 6F53D89D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!CreateWindowExW 76EF1305 5 Bytes JMP 6F53D684 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!GetKeyState 76EF8CB1 5 Bytes JMP 6F53CE4B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!IsDialogMessageW 76F00745 5 Bytes JMP 6F46592F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!CreateDialogParamA 76F017AA 5 Bytes JMP 6F635084 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!IsDialogMessage 76F01847 5 Bytes JMP 6F634920 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!CreateDialogIndirectParamA 76F026F1 5 Bytes JMP 6F6350BB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!CreateDialogIndirectParamW 76F09A62 5 Bytes JMP 6F6350F2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!SetKeyboardState 76F10987 5 Bytes JMP 6F634C8F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!DialogBoxParamW 76F110B0 5 Bytes JMP 6F46541D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!DialogBoxIndirectParamW 76F12EF5 5 Bytes JMP 6F6343FF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!SendInput 76F12F75 5 Bytes JMP 6F63584B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!EndDialog 76F1326E 5 Bytes JMP 6F467DD6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!SetCursorPos 76F26FB2 5 Bytes JMP 6F63589F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!DialogBoxParamA 76F28152 5 Bytes JMP 6F63439C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!DialogBoxIndirectParamA 76F2847D 5 Bytes JMP 6F634462 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!MessageBoxIndirectA 76F3D4D9 5 Bytes JMP 6F634331 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!MessageBoxIndirectW 76F3D5D3 5 Bytes JMP 6F6342C6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!MessageBoxExA 76F3D639 5 Bytes JMP 6F634264 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!MessageBoxExW 76F3D65D 5 Bytes JMP 6F634202 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] USER32.dll!keybd_event 76F3D972 5 Bytes JMP 6F635BCF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] SHELL32.dll!SHRestricted + D95 760D8988 4 Bytes [4D, 30, 89, 70]

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] SHELL32.dll!SHRestricted + D9D 760D8990 8 Bytes [57, 2F, 89, 70, 9C, 5B, 88, ...]

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] ole32.dll!OleLoadFromStream 77581E12 5 Bytes JMP 6F634780 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[5204] ole32.dll!CoCreateInstance 775B9EA6 5 Bytes JMP 6F53D6E0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [70881AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7088007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [7087E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [70880994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [7087EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7087A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [70881D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [70883ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [70882999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [70883035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7087FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [7087E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [7087DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7087FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [7087D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [7088FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [7089051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [7088EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [7088F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [7088EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [7088E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [7088ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7088007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7087FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [7087E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7087FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [7087E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [70881AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [7087EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [70883ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [70882CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [70882926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [70883035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [70882999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [7087BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [7088173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [7087BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [70880F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [708814E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [7087ED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [7087BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [70881D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [7087C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [7088103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [7087EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [70880994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [70881614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [70880921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [7087FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7087A073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7087A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [7087E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [7087E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [7087FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7087FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [70880C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [7087DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [7087D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [7087D361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [7087EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7088007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [7087C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [7087E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [70883035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [70882999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [70881AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [7087BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [7087BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [7087E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [70882CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [70882926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [70883ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [708823A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [7087BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7087FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!WinHelpW] [7087FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [uSER32.dll!WinHelpA] [7087F973] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [7088ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [7088E43D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [7088EDE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [7088F9B7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [7088E9C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [7088E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [7088EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [7089020D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [7088F4DB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [7088EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [7088FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [7088F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [7089051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [7088FF19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [70890085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [70890395] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [7088FDAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [7088F677] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [7087CFA8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [70882999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [70880C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [7087D22A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [7087D9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [7087DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [7087EB68] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [70881D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [7087E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [7087CAA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7088007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7087A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [70880994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [70883035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [70883ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [7087C709] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [7087BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [70881AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [7087CD20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [7087D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [70881614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [7088103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [7087EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [7087C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [7087BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [708809B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [7087C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7087FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [7087E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [7087C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7087FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [7087C5D8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!LoadImageW] [7087F0D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!WinHelpW] [7087FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!PrivateExtractIconsW] [7087F5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathCreateFromUrlW] [708865DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!AssocQueryStringByKeyW] [7088620B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHCreateStreamOnFileW] [70887595] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!AssocQueryKeyW] [708860AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!AssocQueryStringW] [7088615B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHDeleteKeyA] [708875E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathCombineW] [70886533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHOpenRegStream2W] [7088799A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsDirectoryW] [7088684F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsURLW] [70886E45] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsRootA] [70886AFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsRootW] [70886B47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathStripToRootW] [70887281] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathFindOnPathW] [70886716] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathStripPathW] [708871ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathRemoveArgsW] [70887021] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegGetBoolUSValueW] [70887FBE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathSkipRootW] [70887159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsDirectoryEmptyW] [708868E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsSystemFolderW] [70886BE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsDirectoryA] [70886803] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathRelativePathToW] [70886F81] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathBuildRootA] [708863A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegGetPathW] [708880BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegSetPathW] [70888513] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegGetUSValueW] [70888176] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHQueryValueExW] [70887BA4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHRegGetValueW] [70888235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsNetworkPathW] [7088697F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsUNCServerShareW] [70886DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsUNCServerW] [70886D15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathUnExpandEnvStringsW] [7088731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathMakeSystemFolderW] [70886EDD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsUNCW] [70886C7D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathIsRelativeW] [70886AAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHGetValueW] [708878EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathBuildRootW] [708863F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHDeleteValueW] [708876D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHSetValueW] [70888732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHEnumKeyExW] [7088777E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHEnumValueW] [70887831] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!PathFileExistsW] [7088667B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [sHLWAPI.dll!SHDeleteKeyW] [70887636] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [7087BB38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [70883ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [70883035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7088007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [70881AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7087A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [7087EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [7087C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [7087C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [7087E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7087FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [7087BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7087FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHRegGetValueW] [70888235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHRegGetValueA] [708881D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!PathUnExpandEnvStringsA] [708872CD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHDeleteKeyA] [708875E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHDeleteValueW] [708876D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!PathCreateFromUrlW] [708865DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHGetValueA] [7088788F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHSetValueA] [708886D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHGetValueW] [708878EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!SHSetValueW] [70888732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\WININET.dll [sHLWAPI.dll!PathCombineW] [70886533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\ws2_32.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

IAT C:\Program Files\Internet Explorer\iexplore.exe[5204] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [708782F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dinâmico/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

[[Resolvido]Analisem meu log por favor!]

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 12/26/2009 at 09:20 PM

Application Version : 4.32.1000

Core Rules Database Version : 4411

Trace Rules Database Version: 2243

Scan type : Complete Scan

Total Scan Time : 01:08:06

Memory items scanned : 559

Memory threats detected : 0

Registry items scanned : 8092

Registry threats detected : 0

File items scanned : 94026

File threats detected : 10

Adware.Tracking Cookie

C:\Users\Júnior\AppData\Roaming\Microsoft\Windows\Cookies\júnior@bs.serving-sys[1].txt

C:\Users\Júnior\AppData\Roaming\Microsoft\Windows\Cookies\júnior@ad.adnetwork.com[1].txt

C:\Users\Júnior\AppData\Roaming\Microsoft\Windows\Cookies\júnior@sexuploader[1].txt

C:\Users\Júnior\AppData\Roaming\Microsoft\Windows\Cookies\júnior@serving-sys[2].txt

C:\Users\Júnior\AppData\Roaming\Microsoft\Windows\Cookies\júnior@questionmarket[2].txt

C:\Users\Júnior\AppData\Roaming\Microsoft\Windows\Cookies\júnior@doubleclick[2].txt

C:\Users\Júnior\AppData\Roaming\Microsoft\Windows\Cookies\júnior@atdmt[1].txt

C:\Users\Júnior\AppData\Roaming\Microsoft\Windows\Cookies\júnior@ads.ad4game[1].txt

C:\Users\Júnior\AppData\Roaming\Microsoft\Windows\Cookies\júnior@megaporn[2].txt

C:\Users\Júnior\AppData\Roaming\Microsoft\Windows\Cookies\júnior@msnportal.112.2o7[1].txt

[[Resolvido]Analisem meu log por favor!]

Olá boa tarde, segui o procedimento acima, mas não foi encontrado nada, result vazio.

[[Resolvido]Analisem meu log por favor!]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:26:36, on 20/12/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\IELowutil.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Júnior\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas.dll,NvTaskbarInit

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--

End of file - 5603 bytes

[[Resolvido]Analisem meu log por favor!]

Olá, o arquivo sshnas.dll foi removido, o avast me inofrmou sobre vírus e eu sem perceber que era um arquivo .dll pedi para apagá-lo.

Será que tem alguma maneira de fazê-lo voltar??? Ou ele não é tão essencial para o Windows??

Aguardo resposta!

[[Resolvido]Analisem meu log por favor!]

Como solicitado acima, seguem os dois logs:

Malwarebytes' Anti-Malware 1.42

Versão do banco de dados: 3386

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18865

18/12/2009 17:40:17

mbam-log-2009-12-18 (17-40-17).txt

Tipo de Verificação: Completa (C:\|D:\|)

Objetos verificados: 242572

Tempo decorrido: 50 minute(s), 36 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 1

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 6

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\Program Files\NFSU 2\Keys\rld-nu2k.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

C:\Users\Júnior\AppData\Local\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Júnior\AppData\Local\Temp\b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Júnior\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Júnior\AppData\Local\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

C:\Users\Júnior\AppData\Local\Temp\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

--------------------------

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 17:41:31, on 18/12/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Users\Júnior\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas.dll,NvTaskbarInit

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--

End of file - 5796 bytes

[[Resolvido]Analisem meu log por favor!]

PC com sinais de vírus, gostaria que analisassem meu log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:13:56, on 18/12/2009

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18865)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Júnior\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas.dll,NvTaskbarInit

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {DB6BF2CD-4F59-4F1C-AA9C-D08C0B61A931} (GbpDistObj Class) - https://www14.bancobrasil.com.br/plugin/GbpDist.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--

End of file - 5640 bytes

[Avast acusando vírus]

Boa noite, fiz o recomendado, executei o Dr. Web, foram encontrados mais de 800 arquivos infectados por vírus Virut, porém não localizei as funcionalidades do programa Dr. Web de "Mover incuráveis", porém o programa dizia que os arquivos foram desinfectados.

Segue abaixo o novo log do HiJackThis, mas tive que abrí-lo no Word porque o bloca de notas não conseguiu abrí-lo, aliás alguns programas não executam a exemplo do Internet Explorer.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:45:36, on 11/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [30181] C:\WINDOWS\system32\F.tmp.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FreshDownload - {9FBDD21E-EC9D-49F2-83F2-53627F586C05} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.MSN.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.MSN.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Serviço de indexação (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe

O23 - Service: Aplicativo de sistema COM+ (COMSysApp) - Unknown owner - C:\WINDOWS\system32\dllhost.exe

O23 - Service: Serviço administrativo do gerenciador de disco lógico (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Unknown owner - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: Gerenciador de sessão de ajuda de área de trabalho remota (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe

O23 - Service: Alocador Remote Procedure Call (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe

O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe

O23 - Service: Cartão inteligente (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: MS Software Shadow Copy Provider (SwPrv) - Unknown owner - C:\WINDOWS\system32\dllhost.exe

O23 - Service: Logs e alertas de desempenho (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe

O23 - Service: Sistema de alimentação ininterrupta (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe

O23 - Service: Cópia de volume em memória (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe

--

End of file - 8921 bytes

Aguardo uma resposta.

[Avast acusando vírus]

Boa tarde o Pc não está executando o combofix:

Ele começa a execução, como se estivesse carregando, mas logo aparece uma mensagem dizendo que o computador deve está infectado com vírus do tipo Virut.

Como devo proceder para a execução do combofix?

Aguardo uma resposta.

[Avast acusando vírus]

Ok fiz o que foi pedido, o Malwarebyte's encontrou 6 arquivos infectados, mas durante a verificação o avast não parava de exibir arquivos onfectados, tive que pausá-lo para que o malwarebytes continuasse a verificação.

Mesmo assim segue os logs solicitados:

Malwarebytes' Anti-Malware 1.38

Versão do banco de dados: 2399

Windows 5.1.2600 Service Pack 3

9/7/2009 14:32:21

mbam-log-2009-07-09 (14-32-21).txt

Tipo de Verificação: Rápida

Objetos verificados: 96043

Tempo decorrido: 18 minute(s), 44 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 5

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 1

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

HKEY_CURRENT_USER\SOFTWARE\advantage (Adware.Vomba) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.norton2009reset (Trojan.Hacktool) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\.norton2009reset (Trojan.Hacktool) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\.norton2009reset (Trojan.Hacktool) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.norton2009reset (Trojan.Hacktool) -> Quarantined and deleted successfully.

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

C:\Arquivos de programas\Norton2009Reset.exe (Trojan.Hacktool) -> Quarantined and deleted successfully.

________________________________________

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:34:43, on 9/7/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Arquivos de programas\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Arquivos de programas\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avast!] C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Arquivos de programas\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Translate with &Babylon - res://C:\Arquivos de programas\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FreshDownload - {9FBDD21E-EC9D-49F2-83F2-53627F586C05} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.MSN.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.MSN.com/binary/ZIntro.cab56649.cab

O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.MSN.com/binary/Bankshot.cab57213.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.MSN.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Arquivos de programas\Ares\chatServer.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Arquivos de programas\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LiveUpdate - Unknown owner - C:\ARQUIV~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Arquivos de programas\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--

End of file - 8223 bytes

Aguardo resposta...