Dropped.Generic.Banker.Delf.BD814EBE_1313f8b478

by malwarelabrobot on July 25th, 2016 in Malware Descriptions.

HEUR:Trojan.Win32.Generic (Kaspersky), Dropped:Generic.Banker.Delf.BD814EBE (B) (Emsisoft), Dropped:Generic.Banker.Delf.BD814EBE (AdAware), Trojan-Banker.Win32.Brasil.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, Bancos.YR, BankerGeneric.YR (Lavasoft MAS)
Behaviour: Banker, Trojan, VirTool

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 1313f8b4786c0b431115807a98eabca8
SHA1: 07c7374bddc10841aaaaa5d8cb07dc3687086426
SHA256: fa6b963a8e20419a5866c83368684d52d1730d176926317289456f4942566604
SSDeep: 49152:e4cBZZ2u17W12pXfpgOa9jaKfDyue9EvdhV9AqagxQa:LcBaq7WOvpgOyjfdeMF95agr
Size: 2408960 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2008-04-13 21:32:45
Analyzed on: WindowsXP SP3 32-bit

Summary:

Banker. Steals data relating to online banking systems, e-payment systems and credit card systems.

Payload

No specific payload has been found.

Process activity

The Dropped creates the following process(es):

%original file name%.exe:376

The Dropped injects its code into the following process(es):

Promtx.exe:1404
promt.exe:484
Promtrx.exe:1480

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:376 makes changes in the file system.
The Dropped creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\promt.exe (143353 bytes)

The process Promtx.exe:1404 makes changes in the file system.
The Dropped creates and/or writes to the following file(s):

%WinDir%\kilinhx.txt (46 bytes)
%System%\Promtx.exe (4185 bytes)

The process promt.exe:484 makes changes in the file system.
The Dropped creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\ssleay32.dll (155 bytes)
%System%\Promt.exe (67082 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\libeay32.dll (3761 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\Promtx.exe (3726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\Promtrx.exe (3920 bytes)

The process Promtrx.exe:1480 makes changes in the file system.
The Dropped creates and/or writes to the following file(s):

%System%\drivers\AX470CF3.sys (37 bytes)
%System%\Zclear.exe (5873 bytes)
%System%\REBOOT.DC (2 bytes)

The Dropped deletes the following file(s):

%System%\drivers\AX470CF3.sys (0 bytes)

Registry activity

The process %original file name%.exe:376 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4D 53 AC B5 49 97 46 07 DA FF 5C 11 5B B5 03 67"

To automatically run itself each time Windows is booted, the Dropped adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"

The process Promtx.exe:1404 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B3 AB 31 E5 B7 DC B1 F9 25 7C 2B 93 2D BA 34 01"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP]
"Promtx.exe" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\Promtx.exe:*:Enabled:Microsoft Windows Update Platform"

To automatically run itself each time Windows is booted, the Dropped adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Promtx" = "c:\windows\system32\Promtx.exe"

The process promt.exe:484 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8C FC 65 51 08 48 4E C3 E9 DD 6B E1 E2 EB AE 7A"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"EnableLUA" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"EnableBalloonTips" = "0"

Adds a rule to the firewall Windows which allows any network activity:

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP]
"promt.exe" = "C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\promt.exe:*:Enabled:Microsoft Windows Update Platform"

To automatically run itself each time Windows is booted, the Dropped adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Promt" = "C:\windows\system32\Promt.exe"

The process Promtrx.exe:1480 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A2 87 E8 F7 49 48 C2 53 BA E6 97 D1 06 6A C1 11"

[HKLM\System\CurrentControlSet\Services\AX470CF3]
"Group" = "GbPlugin Group"
"ErrorControl" = "0"

"Type" = "1"

To automatically run itself each time Windows is booted, the Dropped adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zclear" = "C:\windows\system32\Zclear.exe"

The following driver will be automatically launched by the OS Loader:

[HKLM\System\CurrentControlSet\Services\AX470CF3]
"Start" = "0"

Dropped PE files

MD5	File path
1c58e362411c813b61e6ad4267442df6	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\Promtrx.exe
f1a5b2ac8fb9825b1deda9a0ddbb93e1	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\Promtx.exe
22406724020c56b6e811183d1adcf814	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\libeay32.dll
d6ea498abbedb8109aa7a12231c80d22	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\promt.exe
98b60bad042406d0fee9d794943aa402	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\IXP000.TMP\ssleay32.dll
d6ea498abbedb8109aa7a12231c80d22	c:\WINDOWS\system32\Promt.exe
f1a5b2ac8fb9825b1deda9a0ddbb93e1	c:\WINDOWS\system32\Promtx.exe
1c58e362411c813b61e6ad4267442df6	c:\WINDOWS\system32\Zclear.exe
6b97bd031c6ad91fac8eddee6e12f396	c:\WINDOWS\system32\drivers\AX470CF3.sys

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Microsoft Corporation
Product Name: HD Player
Product Version: 6.00.2900.5512
Legal Copyright: (c) Microsoft Corporation. Todos os direitos reservados.
Legal Trademarks:
Original Filename: WEXTRACT.EXE
Internal Name: Wextract
File Version: 6.00.2900.5512 (xpsp.080413-2105)
File Description: Auto-extrator de arquivo de gabinete Win32
Comments:
Language: English (United States)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	39368	39424	4.5602	2de9bfc784c63236572bd70efc20545d
.data	45056	7140	1024	2.94449	99858e86526942a66950c7139f78a725
.rsrc	53248	2367488	2367488	5.54088	aacc4d07971ccfbf51252d6694daff0c

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

No activity has been detected.

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

Web Traffic was not found.

The Dropped connects to the servers at the folowing location(s):

%original file name%.exe_376:

.text

`.data

.rsrc

ADVAPI32.dll

KERNEL32.dll

NTDLL.DLL

GDI32.dll

USER32.dll

COMCTL32.dll

VERSION.dll

advapi32.dll

advpack.dll

wininit.ini

Software\Microsoft\Windows\CurrentVersion\App Paths

setupapi.dll

setupx.dll

IXPd.TMP

TMP4351$.TMP

FINISHMSG

USRQCMD

ADMQCMD

msdownld.tmp

wextract.pdb

PSSSSSSh

RegCloseKey

RegOpenKeyExA

RegCreateKeyExA

RegQueryInfoKeyA

GetWindowsDirectoryA

ExitWindowsEx

MsgWaitForMultipleObjects

rundll32.exe %s,InstallHinfSection %s 128 %s

SHELL32.DLL

Software\Microsoft\Windows\CurrentVersion\RunOnce

PendingFileRenameOperations

System\CurrentControlSet\Control\Session Manager\FileRenameOperations

wextract_cleanup%d

%s /D:%s

rundll32.exe %sadvpack.dll,DelNodeRunDLL32 "%s"

Command.com /c %s

C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\

33333330

33333333

promt.exe

p{%SVm)nUx

Z]kB`.uO

K-;.JT

9m%CY

.Ov\d

%fj !

i~%UO

1.kDml

0DJV%U

~%uF,qF

nPCSSh

.geFX

z1.xu

q%uM,[

K.BcH5

_.Isr

l)J%f

q%So5C

.tDZ=T

x-rt}

<:<<<><@

2t2TeXe\e`e`f

!)ÙE

G.TbV

s.vL8

.gA.C

l=,.zI

(O.cBn2

*.*0)2V

;.TgL

.Syw(

`ƒS

&6q9.BE

Z.fS[

Ik%/$%s\

rOð

fTPT<r

zD.YU

B.lp_

.YW8O

%U:f~SC

vR.Rz}

y- %c

.sjm`}

.yK\W

=.hW#7h

.Phy?I

:.bBi%`

.sqF-

.rY,]0

^EX.gk2

f%u 0g

FE%SS

%8S:^Y

2E.GCm

.zw]p

x.Le~

k/.sd

%FP[bU

.GCgtF{

,N-c}

(P .JID

N %fU

.Xo<(F\

7-nVW}-

mmT,.Jd

1%Xup5

po%sa

UDpb

kPr%x

7W.Ax

!g%c{G

CMdN

A-.fb

.Kt9C

4(.tZ

VX.hxJ

`m>~.tv

6-evg}O

: `%U

.hz 9=

r.Sa*'

L*%S8

9z.SnY

(ò-

C×61

WW$.nu

X.WbgFr}

.OUJV:

.eaw<

OD'%f

@%swhV

;.cH(X

K`.RO

[_Uk.Kc

,R-\.PD<

P.kr%T>

-|j%b.IW

x.Uog

o.dHD

#.Gic

%F$][

}?

ÆcF

.Q.bt;

%%XLzS

eûS

.qG|z

ZWbókh

=x2.Or

m.uGI"

vT.Ja

2&.AH

^V)T.Hr

OKey

%S}.M

ZOR

-Rh}5

ftPB5

~%X.@

sq.uuX

g`Q.ys

uM!.CC

C%c&(

.db$)

j%dh?

.cIii

F\K%s2

bÔ/

D6$[TF.FaW

<%XNY

-wZ}j

:=f%dN

8A77.bE

c.Aw J

".rv1L

8 T%S

-~.Ce

%S6^k3P$p

k^%UW

.%SgM

rk~.Ct=I

.xCmg

z%.FB

d#KP%x

-FYd}

2.Bv6Q

&.xS6

y.Akv[9

%S@p<"

^U.Wg

q.Yqr

pQB%s

%UBWq

82.wfZ

`#%FH0

"h.Cy

G.nO?

.SO~Ku

%cNF"{_

W.7ÎS

v0X.nJR=

F<4r

XY%cG[

k.ezI}

3%s}3

pnF%f"

LKURL

.ev84

smW.Nz

tb?%d

s{n%X

L|%sh

XyS%D

q'uw%s

SqLY

l_aa

%.eI3

:0D%d

.rbZwwA

$~.cR

>.Yse

%dn9<

f.OD9

%?%DHF

.qEr_#30X

(%.bZ8

-i}~j7

}H.yS&3$

.AV;fN

LS.ybyg

).rNx

%6SvI

$&%S%

.Ux:&IgVq9T

.WO|F>

|3;

%%FYt

&TBxPq!%x

.FJ"\

4%UkH

o.LmU

*'.FS

h%xwc

`l.VIE

.NUX0c

;i^.su

%U'-t

/}7.wM71

o em disco de: %s.

Mensagem do sistema: %s..Um recurso necess

o pode ser encontrado.#Tem certeza de que deseja cancelar?

o do sistema operacional.'Falha do pedido de aloca

 O arquivo de gabinete (.cab) n

vel encontrar uma unidade com %s KB de espa

o.NPasta inv

lida. Certifique-se de que a pasta existe e de que permite grava

o da pasta.QN

logo do navegador.RN

vel carregar Shell32.dll, necess

)Erro ao criar o processo <%s>. Causa: %s7N

suporte para o tamanho do cluster deste sistema..Um recurso necess

rio parece estar corrompido.IA instala

o requer o Windows 95 ou o Windows NT 4.0 beta 2 ou posterior.

Erro ao carregar %smFalha de GetProcAddress() na fun

o '%s'. Poss

o incorreta de advpack.dll est

sendo usada.>O Windows 95 ou o Windows NT

vel criar a pasta '%s'

precisa de %s KB de espa

o livre na unidade %s.

$Erro ao recuperar a pasta do Windows

*Desligamento do NT: erro OpenProcessToken./Desligamento do NT: erro AdjustTokenPrivileges.'Desligamento do NT: erro ExitWindowsEx.

o em disco insuficiente para arquivo de permuta) ou arquivo de gabinete (.cab) corrompido._As informa

es de volume da unidade (%s) n

Mensagem do sistema: %s.

o e tente novamente.pO programa de instala

pia do pacote '%s' j

sendo executada no sistema. Deseja executar outra c

vel encontrar o arquivo: %s.

xito quando executadas por um administrador.

(A pasta '%s' n

sendo executada no sistema. Apenas uma c

pia pode ser executada de cada vez.PO pacote '%s' n

o do Windows que est

sendo executada.FO pacote '%s' n

o do arquivo: %s do sistema.

6.00.2900.5512 (xpsp.080413-2105)

WEXTRACT.EXE

Sistema operacional Microsoft

Windows

6.00.2900.5512

promt.exe_484:

.idata

.rdata

P.reloc

P.rsrc

kernel32.dll

Windows

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

EInvalidGraphicOperation

USER32.DLL

comctl32.dll

uxtheme.dll

UrlMon

%s%s%s%s%s%s%s%s%s%s

Center %D

Proportional

Color %D

Uh:%C

MAPI32.DLL

!"#$C

PasswordChar0bE

OnKeyDown

OnKeyPress

OnKeyUp

ssHorizontal

OnKeyUphoC

Caption %D

Columns %D

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeyword

crSQLWait

%s (%s)

imm32.dll

AutoHotkeysPXE

AutoHotkeys

ssHotTrack

TWindowState

poProportional

TWMKey

TransparentColorValue %D

KeyPreviewD_E

WindowState|ZE

tagMSG

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

OnExecuteMacro

Service %s

Topic %s

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

WS2_32.DLL

127.0.0.1

TIdSocketListWindows

TIdStackWindowsU

IdStackWindows

%s, %d %s %d %s %s

ftpTransfer

ftpReady

ftpAborted

ClientPortMin<

ClientPortMax

Port

EIdCanNotBindPortInRange

EIdInvalidPortRangeSVW

saUsernamePassword

Password<

0.0.0.1

TIdTCPStream

End of stream: %s at %d

TIdTCPConnection

IdTCPConnection

EIdTCPConnectionError

EIdObjectTypeNotSupported

TIdTCPClient

IdTCPClient

BoundPort

PortU

password

Password

IdHTTPHeaderInfo

ProxyPassword<

ProxyPort

Mozilla/3.0 (compatible; Indy Library)

libeay32.dll

ssleay32.dll

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_certificate_file

SSL_get_peer_certificate

SSL_CTX_set_default_passwd_cb

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_check_private_key

X509_STORE_CTX_get_current_cert

des_set_key

sslvrfFailIfNoPeerCert

TPasswordEvent

Certificate

RootCertFile

CertFile

KeyFile,

OnGetPassword

EIdOSSLLoadingRootCertError

EIdOSSLLoadingCertError\

EIdOSSLLoadingKeyError

CommentURL

TIdHTTPMethod

IdHTTP

TIdHTTPOption

TIdHTTPOptions

TIdHTTPProtocolVersion

TIdHTTPOnRedirectEvent

TIdHTTPResponse

TIdHTTPRequest

TIdHTTPRequestx

TIdHTTPProtocol

TIdCustomHTTP

TIdHTTPt

TIdHTTP

HTTPOptions

EIdHTTPProtocolException

HTTPS

https

This request method is supported in HTTP 1.1

HTTP/1.0 200 OK

HTTP/

OnActionExecutet-E

EIdInvalidFTPListingFormat

TIdFTPListFormat

IdFTPList

TIdFTPListItem

TIdFTPListItems

TIdFTPListItems<TH

TIdFTPTransferType

IdFTPCommon

Uh.gH

TIdCreateFTPList

VFTPList

TIdFtpAfterGet

TIdFtpProxyType

fpcmUserPass

fpcmHttpProxyWithFtp

IdFTP

TIdFtpProxySettings

TIdFTP

Passive

Password(dH

OnAfterClientLogin

OnCreateFTPList

PORT

USER %s@%s@%s

\\.\PhysicalDrive

Thank you for trying TGetDiskSerial VCL v4.0.0 !

hXXp://VVV.devlib.net/buynow.htm

\\.\PhysicalDrive%d

\\.\SMARTVSD

\\.\Scsi%d:

%s <%s>

=?WINDOWS

Indy 9.00.10

atLogin

IdSMTP

TIdSMTP

AUTH LOGIN

LOGIN

IdFTP1

[email protected]

:\windows\foto.jpg

:\windows\anexo.txt

[email protected]

smtp.gmail.com

1.2.3

Portable Network Graphics

operacao4

SenhaFKeyPress

ASSFKeyPress

contaKeyUp

cpf2KeyUp

cpf3KeyUp

cpf4KeyUp

agenciaKeyUp

digitoKeyUp

operacaoKeyUp

Cefsenha4KeyUp

c:\arquivos de programas\internet explorer\iexplore.exe hXXps://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm

c:\program files\internet explorer\iexplore.exe hXXps://internetbanking.caixa.gov.br/siwinstatic/htm/saibaMaisCadMaq/saibaMaisCompleto.htm

Opera

S.DE4=

SENH.Numerica=

:\windows\czc.txt

TLogin

tipo_1KeyPress

ole32.dll

olepro32.dll

IWebBrowser

IWebBrowserApp

IWebBrowser2

TWebBrowserStatusTextChange

TWebBrowserProgressChange

TWebBrowserCommandStateChange

TWebBrowserTitleChange

TWebBrowserPropertyChange

TWebBrowserBeforeNavigate2

TWebBrowserNewWindow2

TWebBrowserNavigateComplete2

TWebBrowserDocumentComplete

TWebBrowserOnVisible

TWebBrowserOnToolBar

TWebBrowserOnMenuBar

TWebBrowserOnStatusBar

TWebBrowserOnFullScreen

TWebBrowserOnTheaterMode

TWebBrowser

TWebBrowserTLL

WebBrowser1

Edit50KeyPress

Edit01KeyUp

Edit02KeyUp

Edit03KeyUp

Edit04KeyUp

Edit05KeyUp

Edit06KeyUp

Edit07KeyUp

Edit08KeyUp

Edit09KeyUp

Edit10KeyUp

Edit11KeyUp

Edit12KeyUp

Edit13KeyUp

Edit14KeyUp

Edit15KeyUp

Edit16KeyUp

Edit17KeyUp

Edit18KeyUp

Edit19KeyUp

Edit20KeyUp

Edit21KeyUp

Edit22KeyUp

Edit23KeyUp

Edit24KeyUp

Edit25KeyUp

Edit26KeyUp

Edit27KeyUp

Edit28KeyUp

Edit29KeyUp

Edit30KeyUp

Edit31KeyUp

Edit32KeyUp

Edit33KeyUp

Edit34KeyUp

Edit35KeyUp

Edit36KeyUp

Edit37KeyUp

Edit38KeyUp

Edit39KeyUp

Edit40KeyUp

Edit41KeyUp

Edit42KeyUp

Edit43KeyUp

Edit44KeyUp

Edit45KeyUp

Edit46KeyUp

Edit47KeyUp

Edit48KeyUp

Edit49KeyUp

Edit50KeyUp

EdtNIdTabela01KeyUp

EdtNIdTabela02KeyUp

EdtSenhaKeyDown"

WebBrowser1StatusTextChange

Edit4KeyPress

Edit5KeyPress

S.en-ha:

(--)001(--)

(--)002(--)

(--)003(--)

(--)004(--)

(--)005(--)

(--)006(--)

(--)007(--)

(--)008(--)

(--)009(--)

(--)010(--)

(--)011(--)

(--)012(--)

(--)013(--)

(--)014(--)

(--)015(--)

(--)016(--)

(--)017(--)

(--)018(--)

(--)019(--)

(--)020(--)

(--)021(--)

(--)022(--)

(--)023(--)

(--)024(--)

(--)025(--)

(--)026(--)

(--)027(--)

(--)028(--)

(--)029(--)

(--)030(--)

(--)031(--)

(--)032(--)

(--)033(--)

(--)034(--)

(--)035(--)

(--)036(--)

(--)037(--)

(--)038(--)

(--)039(--)

(--)040(--)

(--)041(--)

(--)042(--)

(--)043(--)

(--)044(--)

(--)045(--)

(--)046(--)

(--)047(--)

(--)048(--)

(--)049(--)

(--)050(--)

:\windows\szt.txt

Dados Confirmados Com Sucesso,Efetue Um Novo login.

grfKeyState

TComTargetExecEvent

CmdGroup

nCmdID

nCmdexecopt

hhctrl.ocx

URLMON.DLL

SHDOCLC.DLL

IWebBrowser2,

TEWBWindowSetResizable

TEWBWindowSetLeft

TEWBWindowSetTop

TEWBWindowSetWidth

TEWBWindowSetHeight

bstrUrlContext

bstrUrl

OnWindowSetResizable\

OnWindowSetLeft

OnWindowSetTop

OnWindowSetWidth$

OnWindowSetHeightl

rcmDefault

rcmDebug

DontExecuteScripts

DontExecuteJava

DontExecuteActiveX

DisableUrlIfEncodingUTF8

EnableUrlIfEncodingUTF8

CheckFontSupportsCodePage

DisableSubmitUrlInUTF8

EnableSubmitUrlInUTF8

lpMsg

PMsg

pguidCmdGroup

TTranslateUrlEvent

pchURLIn

ppchURLOut

CmdID

pszUrl

pszUrlContext

szPassWord

ErrorUrl

OptionKeyPath

OverrideOptionKeyPath

OnTranslateUrl

OnCommandExec

'%s' is not supported.

WebocPopupManagement

ValidateNavigateUrl

HttpUsernamePasswordDisable

GetUrlDomFilePathUnencoded

XmlHttp

PTF://

hXXp://

hXXps://

AppEvents\Schemes\Apps\Explorer\Navigating\.Current

.Current

\ieframe.dll

\shdocvw.dll

\StringFileInfo\%0.4x%0.4x\%s

TMsgEvent

TKeyEventEx

Bypass

poPortrait

0.750000

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)(

EmbeddedWB hXXp://bsalsa.com/

WebBrowser1DocumentComplete

43 54 41

44 49 47 43 54 41

!()()01()()

!()()02()()

!()()03()()

!()()04()()

!()()05()()

!()()06()()

!()()07()()

!()()08()()

!()()09()()

!()()10()()

!()()11()()

!()()12()()

!()()13()()

!()()14()()

!()()15()()

!()()16()()

!()()17()()

!()()18()()

!()()19()()

!()()20()()

!()()21()()

!()()22()()

!()()23()()

!()()24()()

!()()25()()

!()()26()()

!()()27()()

!()()28()()

!()()29()()

!()()30()()

!()()31()()

!()()32()()

!()()33()()

!()()34()()

!()()35()()

!()()36()()

!()()37()()

!()()38()()

!()()39()()

!()()40()()

!()()41()()

!()()42()()

!()()43()()

!()()44()()

!()()45()()

!()()46()()

!()()47()()

!()()48()()

!()()49()()

!()()50()()

!()()51()()

!()()52()()

!()()53()()

!()()54()()

!()()55()()

!()()56()()

!()()57()()

!()()58()()

!()()59()()

!()()60()()

!()()61()()

!()()62()()

!()()63()()

!()()64()()

!()()65()()

!()()66()()

!()()67()()

!()()68()()

!()()69()()

!()()70()()

a Complete esta Opera

:\windows\loginz.txt

VVV.gmail.com

Passwd

hXXps://mail.google.com/mail

:\windows\gzm.txt

hXXps://sitenet.serasa.com.br/Logon/Logon

hXXps://sitenet.serasa.com.br/Logon

EditASSh

Dados Confirmados com Sucesso, Efetue um novo login

hXXp://VVV.sicredi.com.br/

gina da web

webStatusTextChange

webDocumentComplete

hXXps://wwws3.hsbc.com.br/ITE/common/html/hsbc-online.shtml

hXXps://wwws3.hsbc.com.br/HOB-MEUHSBCAPP/servlets/ServletMeuHSBC?ServletState=0

AG3.NCIA:

TMonochromeLookup

Timerpasso1

Timerpasso29

VVV.itau.com.br

()()==()()01()()==()()

()()==()()02()()==()()

()()==()()03()()==()()

()()==()()04()()==()()

()()==()()05()()==()()

()()==()()06()()==()()

()()==()()07()()==()()

()()==()()08()()==()()

()()==()()09()()==()()

()()==()()10()()==()()

()()==()()11()()==()()

()()==()()12()()==()()

()()==()()13()()==()()

()()==()()14()()==()()

()()==()()15()()==()()

()()==()()16()()==()()

()()==()()17()()==()()

()()==()()18()()==()()

()()==()()19()()==()()

()()==()()20()()==()()

()()==()()21()()==()()

()()==()()22()()==()()

()()==()()23()()==()()

()()==()()24()()==()()

()()==()()25()()==()()

()()==()()26()()==()()

()()==()()27()()==()()

()()==()()28()()==()()

()()==()()29()()==()()

()()==()()30()()==()()

()()==()()31()()==()()

()()==()()32()()==()()

()()==()()33()()==()()

()()==()()34()()==()()

()()==()()35()()==()()

()()==()()36()()==()()

()()==()()37()()==()()

()()==()()38()()==()()

()()==()()39()()==()()

()()==()()40()()==()()

Edit2KeyPress

Edit3KeyPress

=--=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

:\windows\bzb.txt

Dados confirmados com Sucesso, Efetue um novo Login e instale o Modulo de Prote

a Complete a Opera

Timergooglechrome

Memochrome

IdHTTP1

IdFTP1D

TimergooglechromeTimer

Chrome_WidgetWin_0

Chrome_OmniboxView

1234567890

rpcrt4.dll

internetbankingcaixagooglechrome

C&E&F Chrome

www2.bancobrasil.com.br/aapf/login.jsp?aapf.IDH=sim&perfil=1

B&B CHROME

wwws3.hsbc.com.br/ITE/common/html/hsbc-online.shtml

HSBC (Chrome)

santander.com.br

SA-N-T-A (Chrome)

VVV.sicredi.com.br/

SI&CRE&D Chrome

VVV.serasaexperian.com.br

S&R&S Chrome

I&T&A Chrome

Bradesco - Google Chrome

RC&T& Chrome

Entrar - Google Chrome

Gmail: Email do Google - Google Chrome

\Promtrx.exe

Promtrxexe

Promtrx.exe

\Promtrx.exe act2011

Promtx.exe

Promtxexe

:\windows\system32\

\Software\Microsoft\Windows\CurrentVersion\Run

:*:Enabled:Microsoft Windows Update Platform

SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced

SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

VVV.santander.com.br

VVV.bradesco.com.br

login.live.com/login.srf

VVV.google.com/accounts/ServiceLogin

firefox

internetbankingcaixamozillafirefox

O banco do juntos! - Mozilla Firefox

HSBC (Mozilla)

PTF.dobler.com.br

#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%<!"%$%&%(%*% %-%/%1%3%5%7%9%;$=%?%A%D%F%H%J%K%L%M%N%O%R%U%X%[%^%_%`%a%b%d%f%h%i%j%k%l%m%o%s% !,!

P%S%V%Y%\%

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

?456789:;<=

!"#$%&'()* ,-./0123

!"#$%&'()* ,-./0123456789:;<=>?

&'()* ,-./0123456789:;<=>?

user32.dll

GetKeyboardType

advapi32.dll

RegOpenKeyExA

RegCloseKey

RegQueryInfoKeyA

RegFlushKey

RegEnumKeyExA

RegDeleteKeyA

RegCreateKeyExA

RegCreateKeyA

WinExec

GetWindowsDirectoryA

GetCPInfo

version.dll

gdi32.dll

SetViewportOrgEx

UnhookWindowsHookEx

SetWindowsHookExA

SetKeyboardState

MsgWaitForMultipleObjects

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextA

EnumWindows

EnumThreadWindows

ActivateKeyboardLayout

shell32.dll

ShellExecuteA

wininet.dll

comdlg32.dll

winmm.dll

6"6(6/696

=$=-=5===

7%8*888[8

<!<%<)<-<

6#6'6 6}6

4 4M4Q4\4i4{4

3-3135393O3W3u3}3

8!9%9)9-949

1)2;2!3`3~3

? ?8?@?\?

2/2o2u2

> >$>(>,>0>4>8><>\>|>

91999]9~9

3O4q4

2"2'2;2@2

8%8s8

5 5$5(5,5054585<5@5`5

6175797@7

:,;0;4;|;

4 4L4N4S4o4{4

5!5@5`5~5

%0U0`0

0,11161;1

1!1&1 10151:1?1

? ?$?(?,?0?4?8?

.text

`.rdata

@.data

.reloc

3|$@3|$\

3|$83|$@

3|$03|$$

3|$43|$(

3|$83|$$

3|$`3|$83|$$

3|$,3|$\

3|$@3|$,

3|$(3|$,

3|$<3|$0

3|$,3|$$

3|$03|$(

3|$83|$,

3|$$3|$(

Ht;Ht.Ht

u.johlM

u.jlh

ssl_sess_cert

ssl_cert

evp_pkey

x509_pkey

%ld bytes leaked in %d chunks

thread=%lu, file=%s, line=%d, info="

number=%d, address=lX

%5lu file=%s, line=%d,

[d:d:d]

platform: %s

compiler: %s

built on: %s

OpenSSL 0.9.6m 17 Mar 2004

MD2 part of OpenSSL 0.9.6m 17 Mar 2004

MD4 part of OpenSSL 0.9.6m 17 Mar 2004

MD5 part of OpenSSL 0.9.6m 17 Mar 2004

SHA part of OpenSSL 0.9.6m 17 Mar 2004

SHA1 part of OpenSSL 0.9.6m 17 Mar 2004

RIPE-MD160 part of OpenSSL 0.9.6m 17 Mar 2004

DES part of OpenSSL 0.9.6m 17 Mar 2004

libdes part of OpenSSL 0.9.6m 17 Mar 2004

des(%s,%s,%s,%s)

Verifying password - %s

RC2 part of OpenSSL 0.9.6m 17 Mar 2004

RC4 part of OpenSSL 0.9.6m 17 Mar 2004

RC5 part of OpenSSL 0.9.6m 17 Mar 2004

IDEA part of OpenSSL 0.9.6m 17 Mar 2004

:Blowfish part of OpenSSL 0.9.6m 17 Mar 2004

CAST part of OpenSSL 0.9.6m 17 Mar 2004

Big Number part of OpenSSL 0.9.6m 17 Mar 2004

bn(%d,%d)

RSA part of OpenSSL 0.9.6m 17 Mar 2004

rsa operations not supported

key size too small

digest too big for rsa key

data too small for key size

data too large for key size

RSA_generate_key

RSA_check_key

DSA part of OpenSSL 0.9.6m 17 Mar 2004

functionality not supported

%s.dll

.\crypto\dh\dh_key.c

Diffie-Hellman part of OpenSSL 0.9.6m 17 Mar 2004

DH_generate_key

DH_compute_key

bio callback - unknown type (%d)

ctrl(%d) - %s

gets(%d) - %s

puts() - %s

write(%d,%d) - %s

write(%d,%d) - %s fd=%d

read(%d,%d) - %s

read(%d,%d) - %s fd=%d

Free - %s

unsupported method

no port specified

no port defined

no accept port specified

broken pipe

BIO_get_port

%d.%d.%d.%d

?%sx - <SPACES/NULS>

x%c

x -

port='

%d.%d.%d.%d:%d

Stack part of OpenSSL 0.9.6m 17 Mar 2004

lhash part of OpenSSL 0.9.6m 17 Mar 2004

node %6u -> %3u

num_alloc_nodes = %u

num_nodes = %u

load %d.d actual load %d.d

%lu nodes used out of %u

RAND part of OpenSSL 0.9.6m 17 Mar 2004

You need to read the OpenSSL FAQ, hXXp://VVV.openssl.org/support/faq.html

NETAPI32.DLL

KERNEL32.DLL

ADVAPI32.DLL

passed a null parameter

DSO support routines

x509 certificate routines

error:lX:%s:%s:%s

%lu:%s:%s:%d:%s

%lu:%s:%s:%d:

Microsoft Smartcardlogin

msSmartcardLogin

joint-iso-ccitt

JOINT-ISO-CCITT

id-cmc-confirmCertAcceptance

id-cmc-getCert

id-regInfo-certReq

id-regCtrl-protocolEncrKey

id-regCtrl-oldCertID

id-it-revPassphrase

id-it-keyPairParamRep

id-it-keyPairParamReq

id-it-unsupportedOIDs

id-it-caKeyUpdateInfo

id-it-encKeyPairTypes

id-it-signKeyPairTypes

id-it-caProtEncCert

id-mod-attribute-cert

id-mod-qualified-cert-93

id-mod-qualified-cert-88

id-smime-aa-ets-certCRLTimestamp

id-smime-aa-ets-certValues

id-smime-aa-ets-CertificateRefs

id-smime-aa-ets-otherSigCert

id-smime-aa-smimeEncryptCerts

id-smime-aa-signingCertificate

id-smime-aa-encrypKeyPref

id-smime-aa-msgSigDigest

id-smime-ct-publishCert

id-smime-mod-msg-v3

sdsiCertificate

x509Certificate

localKeyID

certBag

pkcs8ShroudedKeyBag

keyBag

pbeWithSHA1And2-KeyTripleDES-CBC

pbeWithSHA1And3-KeyTripleDES-CBC

TLS Web Client Authentication

TLS Web Server Authentication

X509v3 Extended Key Usage

extendedKeyUsage

X509v3 Authority Key Identifier

authorityKeyIdentifier

X509v3 Certificate Policies

certificatePolicies

X509v3 Private Key Usage Period

privateKeyUsagePeriod

X509v3 Key Usage

keyUsage

X509v3 Subject Key Identifier

subjectKeyIdentifier

Netscape Certificate Sequence

nsCertSequence

Netscape CA Policy Url

nsCaPolicyUrl

Netscape Renewal Url

nsRenewalUrl

Netscape CA Revocation Url

nsCaRevocationUrl

Netscape Revocation Url

nsRevocationUrl

Netscape Base Url

nsBaseUrl

Netscape Cert Type

nsCertType

Netscape Certificate Extension

nsCertExt

extendedCertificateAttributes

challengePassword

dhKeyAgreement

%d.%lu

EVP part of OpenSSL 0.9.6m 17 Mar 2004

wrong public key type

unsupported salt type

unsupported private key algorithm

unsupported prf

unsupported key size

unsupported key derivation function

unsupported keylength

unsupported cipher

unsuported number of rounds

public key not rsa

keygen failure

invalid key length

expecting a dsa key

expecting a dh key

expecting an rsa key

different key types

ctrl operation not implemented

bn pubkey error

PKCS5_v2_PBE_keyivgen

PKCS5_PBE_keyivgen

EVP_PKEY_new

EVP_PKEY_get1_RSA

EVP_PKEY_get1_DSA

EVP_PKEY_get1_DH

EVP_PKEY_encrypt

EVP_PKEY_decrypt

EVP_PKEY_copy_parameters

EVP_PKEY2PKCS8

EVP_PKCS82PKEY

EVP_CIPHER_CTX_set_key_length

D2I_PKEY

.\crypto\evp\evp_pkey.c

ddddddZ

ddddddZ

'() ,-./:=?

\X

.\crypto\asn1\x_pubkey.c

x%s

%4sSignature Algorithm: %s

%8sRequested Extensions:

sa0:00

%8sAttributes:

sUnknown Public Key:

sDSA Public Key:

sRSA Public Key: (%d bit)

sPublic Key Algorithm: %s

%8sSubject Public Key Info:

%8sSubject:

%8sVersion: %s%lu (%s0x%lx)

%4sData:

Certificate Request:

%8sX509v3 extensions:

sUnable to load Public Key

Subject Public Key Info:

%8sSignature Algorithm: %s

s%s

%s%lu (%s0x%lx)

%8sVersion: %lu (0x%lx)

Certificate:

%s - d:d:d %d%s

%sX

%*sKey Id:

%*sAlias: %s

Signature Algorithm: %s

No Revoked Certificates.

Revoked Certificates:

%8sCRL extensions:

%8sNext Update:

%8sLast Update:

%8sIssuer: %s

%8sVersion %lu (0x%lx)

Certificate Revocation List (CRL):

.\crypto\asn1\t_pkey.c

Modulus (%d bit):

Private-Key: (%d bit)

%s %s%lu (%s0x%lx)

recommended-private-length: %d bits

Diffie-Hellman-Parameters: (%d bit)

DSA-Parameters: (%d bit)

Signature Algorithm: %s

Challenge String: %s

Unknown Public Key:

DSA Public Key:

RSA Public Key: (%d bit)

Unable to load public key

Public Key Algorithm: %s

SGCKEYSALT

Enter Private Key password:

private-key

.\crypto\asn1\n_pkey.c

.\crypto\asn1\x_pkey.c

- %-15s

appl [ %d ]

cont [ %d ]

priv [ %d ]

ASN.1 part of OpenSSL 0.9.6m 17 Mar 2004

unsupported public key type

unsupported encryption algorithm

unknown public key type

unable to decode rsa private key

unable to decode rsa key

private key header missing

bad password read

X509_PUBKEY_new

X509_PKEY_new

X509_KEY_NEW

X509_CERT_AUX_new

PKEY_USAGE_PERIOD_new

PKCS8_PRIV_KEY_INFO_new

NETSCAPE_PKEY_NEW

NETSCAPE_CERT_SEQUENCE_new

i2d_RSA_PUBKEY

i2d_RSAPublicKey

i2d_RSAPrivateKey

i2d_PublicKey

i2d_PrivateKey

i2d_DSA_PUBKEY

i2d_DSAPublicKey

i2d_DSAPrivateKey

d2i_X509_PUBKEY

d2i_X509_PKEY

D2I_X509_KEY

d2i_X509_CERT_AUX

d2i_RSAPublicKey

d2i_RSAPrivateKey

d2i_PublicKey

d2i_PrivateKey

d2i_PKEY_USAGE_PERIOD

d2i_PKCS8_PRIV_KEY_INFO

D2I_NETSCAPE_PKEY

d2i_NETSCAPE_CERT_SEQUENCE

d2i_DSAPublicKey

d2i_DSAPrivateKey

d2i_AUTHORITY_KEYID

AUTHORITY_KEYID_new

.\crypto\asn1\p8_pkey.c

DSA PRIVATE KEY

RSA PRIVATE KEY

TRUSTED CERTIFICATE

X509 CERTIFICATE

CERTIFICATE

PEM part of OpenSSL 0.9.6m 17 Mar 2004

phrase is too short, needs to be at least %d chars

Enter PEM pass phrase:

CERTIFICATE REQUEST

NEW CERTIFICATE REQUEST

PRIVATE KEY

ANY PRIVATE KEY

ENCRYPTED PRIVATE KEY

RSA PUBLIC KEY

PUBLIC KEY

unsupported encryption

read key

public key no rsa

problems getting password

error converting private key

PEM_write_bio_PKCS8PrivateKey

PEM_F_PEM_WRITE_PKCS8PRIVATEKEY

PEM_F_DO_PK8KEY_FP

d2i_PKCS8PrivateKey_fp

d2i_PKCS8PrivateKey_bio

C:/bin/openssl.src/openssl-0.9.6m/C:/bin/openssl.src/openssl-0.9.6m/private

C:/bin/openssl.src/openssl-0.9.6m/C:/bin/openssl.src/openssl-0.9.6m

C:/bin/openssl.src/openssl-0.9.6m/C:/bin/openssl.src/openssl-0.9.6m/certs

C:/bin/openssl.src/openssl-0.9.6m/C:/bin/openssl.src/openssl-0.9.6m/cert.pem

SSL_CERT_DIR

SSL_CERT_FILE

X.509 part of OpenSSL 0.9.6m 17 Mar 2004

unsupported algorithm

unknown key type

unable to get certs public key

no cert set for us to verify

loading cert dir

key values mismatch

key type mismatch

cert already in hash table

cant check dh key

X509_verify_cert

X509_STORE_add_cert

X509_PUBKEY_set

X509_PUBKEY_get

X509_load_cert_file

X509_load_cert_crl_file

X509_get_pubkey_parameters

X509_check_private_key

GET_CERT_BY_SUBJECT

ADD_CERT_DIR

key usage does not include certificate signing

authority and subject key identifier mismatch

certificate rejected

certificate not trusted

unsupported certificate purpose

invalid CA certificate

certificate revoked

certificate chain too long

unable to verify the first certificate

unable to get local issuer certificate

self signed certificate in certificate chain

self signed certificate

format error in certificate's notAfter field

format error in certificate's notBefore field

certificate has expired

certificate is not yet valid

certificate signature failure

unable to decode issuer public key

unable to decrypt certificate's signature

unable to get certificate CRL

unable to get issuer certificate

Load certs from files in a directory

%s%clx.%s%d

keyCertSign

Certificate Sign

keyAgreement

Key Agreement

keyEncipherment

Key Encipherment

%s:%s

%*s%s

unsupported option

unable to get issuer keyid

no public key

no issuer certificate

extension setting not supported

V2I_AUTHORITY_KEYID

S2I_S2I_SKEY_ID

S2I_ASN1_SKEY_ID

R2I_CERTPOL

<unsupported>

.\crypto\x509v3\v3_skey.c

.\crypto\x509v3\v3_akey.c

keyid

certificateHold

Certificate Hold

cessationOfOperation

Cessation Of Operation

keyCompromise

Key Compromise

%*sZone: %s, User:

%*sVersion: %d (0x%X)

%*sCPS: %s

%*sExplicit Text: %s

%*sNumber%s:

%*sOrganization: %s

<UNSUPPORTED>

CONF part of OpenSSL 0.9.6m 17 Mar 2004

CONF_def part of OpenSSL 0.9.6m 17 Mar 2004

[[%s]]

[%s] %s=%s

TXT_DB part of OpenSSL 0.9.6m 17 Mar 2004

wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)

unsupported content type

unsupported cipher type

unknown operation

unable to find certificate

signer certificate not found

private key does not match certificate

operation not supported on this type

no recipient matches certificate

decrypted key is wrong length

certificate verify error

PKCS7_add_certificate

------%s--

------%s

micalg=sha1; boundary="----%s"

.\crypto\pkcs12\p12_crt.c

.\crypto\pkcs12\p12_key.c

unsupported pkcs12 mode

key gen error

PKCS8_add_keyusage

PKCS12_PBE_keyivgen

PKCS12_newpass

PKCS12_MAKE_SHKEYBAG

PKCS12_MAKE_KEYBAG

PKCS12_key_gen_uni

PKCS12_key_gen_asc

PKCS12_add_localkeyid

WSOCK32.dll

GDI32.dll

MSVCRT.dll

KERNEL32.dll

LIBEAY32.dll

AUTHORITY_KEYID_free

BF_set_key

BIO_set_tcp_ndelay

CAST_set_key

CERTIFICATEPOLICIES_free

CERTIFICATEPOLICIES_new

DSA_generate_key

EVP_BytesToKey

EVP_PKEY2PKCS8_broken

EVP_PKEY_assign

EVP_PKEY_bits

EVP_PKEY_cmp_parameters

EVP_PKEY_free

EVP_PKEY_missing_parameters

EVP_PKEY_save_parameters

EVP_PKEY_set1_DH

EVP_PKEY_set1_DSA

EVP_PKEY_set1_RSA

EVP_PKEY_size

EVP_PKEY_type

NETSCAPE_CERT_SEQUENCE_free

NETSCAPE_SPKI_get_pubkey

NETSCAPE_SPKI_set_pubkey

PEM_read_DSAPrivateKey

PEM_read_DSA_PUBKEY

PEM_read_NETSCAPE_CERT_SEQUENCE

PEM_read_PKCS8_PRIV_KEY_INFO

PEM_read_PUBKEY

PEM_read_PrivateKey

PEM_read_RSAPrivateKey

PEM_read_RSAPublicKey

PEM_read_RSA_PUBKEY

PEM_read_bio_DSAPrivateKey

PEM_read_bio_DSA_PUBKEY

PEM_read_bio_NETSCAPE_CERT_SEQUENCE

PEM_read_bio_PKCS8_PRIV_KEY_INFO

PEM_read_bio_PUBKEY

PEM_read_bio_PrivateKey

PEM_read_bio_RSAPrivateKey

PEM_read_bio_RSAPublicKey

PEM_read_bio_RSA_PUBKEY

PEM_write_DSAPrivateKey

PEM_write_DSA_PUBKEY

PEM_write_NETSCAPE_CERT_SEQUENCE

PEM_write_PKCS8PrivateKey

PEM_write_PKCS8PrivateKey_nid

PEM_write_PKCS8_PRIV_KEY_INFO

PEM_write_PUBKEY

PEM_write_PrivateKey

PEM_write_RSAPrivateKey

PEM_write_RSAPublicKey

PEM_write_RSA_PUBKEY

PEM_write_bio_DSAPrivateKey

PEM_write_bio_DSA_PUBKEY

PEM_write_bio_NETSCAPE_CERT_SEQUENCE

PEM_write_bio_PKCS8PrivateKey_nid

PEM_write_bio_PKCS8_PRIV_KEY_INFO

PEM_write_bio_PUBKEY

PEM_write_bio_PrivateKey

PEM_write_bio_RSAPrivateKey

PEM_write_bio_RSAPublicKey

PEM_write_bio_RSA_PUBKEY

PKCS7_cert_from_signer_info

PKCS8_PRIV_KEY_INFO_free

PKEY_USAGE_PERIOD_free

RC2_set_key

RC4_set_key

RC5_32_set_key

RSAPrivateKey_asn1_meth

RSAPrivateKey_dup

RSAPublicKey_dup

X509_CERT_AUX_free

X509_CERT_AUX_print

X509_PKEY_free

X509_PUBKEY_free

X509_REQ_get_pubkey

X509_REQ_set_pubkey

X509_STORE_CTX_set_cert

X509_certificate_type

X509_get_default_cert_area

X509_get_default_cert_dir

X509_get_default_cert_dir_env

X509_get_default_cert_file

X509_get_default_cert_file_env

X509_get_pubkey

X509_keyid_set1

X509_set_pubkey

X509_verify_cert_error_string

d2i_AutoPrivateKey

d2i_CERTIFICATEPOLICIES

d2i_DSAPrivateKey_bio

d2i_DSAPrivateKey_fp

d2i_DSA_PUBKEY

d2i_DSA_PUBKEY_bio

d2i_DSA_PUBKEY_fp

d2i_PKCS8_PRIV_KEY_INFO_bio

d2i_PKCS8_PRIV_KEY_INFO_fp

d2i_PUBKEY

d2i_PUBKEY_bio

d2i_PUBKEY_fp

d2i_PrivateKey_bio

d2i_PrivateKey_fp

d2i_RSAPrivateKey_bio

d2i_RSAPrivateKey_fp

d2i_RSAPublicKey_bio

d2i_RSAPublicKey_fp

d2i_RSA_PUBKEY

d2i_RSA_PUBKEY_bio

d2i_RSA_PUBKEY_fp

des_check_key_parity

des_is_weak_key

des_key_sched

des_random_key

des_read_2passwords

des_read_password

des_set_key_checked

des_set_key_unchecked

des_string_to_2keys

des_string_to_key

i2d_AUTHORITY_KEYID

i2d_CERTIFICATEPOLICIES

i2d_DSAPrivateKey_bio

i2d_DSAPrivateKey_fp

i2d_DSA_PUBKEY_bio

i2d_DSA_PUBKEY_fp

i2d_NETSCAPE_CERT_SEQUENCE

i2d_PKCS8PrivateKeyInfo_bio

i2d_PKCS8PrivateKeyInfo_fp

i2d_PKCS8PrivateKey_bio

i2d_PKCS8PrivateKey_fp

i2d_PKCS8PrivateKey_nid_bio

i2d_PKCS8PrivateKey_nid_fp

i2d_PKCS8_PRIV_KEY_INFO

i2d_PKCS8_PRIV_KEY_INFO_bio

i2d_PKCS8_PRIV_KEY_INFO_fp

i2d_PKEY_USAGE_PERIOD

i2d_PUBKEY

i2d_PUBKEY_bio

i2d_PUBKEY_fp

i2d_PrivateKey_bio

i2d_PrivateKey_fp

i2d_RSAPrivateKey_bio

i2d_RSAPrivateKey_fp

i2d_RSAPublicKey_bio

i2d_RSAPublicKey_fp

i2d_RSA_PUBKEY_bio

i2d_RSA_PUBKEY_fp

i2d_X509_CERT_AUX

i2d_X509_PKEY

i2d_X509_PUBKEY

idea_set_decrypt_key

idea_set_encrypt_key

8,82878,90949894>

0 1$1(1,1

< <$<(<,<0<4<8<

6d6C6U6\6c6

8!;*;2;@;

2(2,20242

5)6@6%7.7

2 2;2[2`2{2

363;3[3`3{3

4 4;4[4`4{4

5 5;5@5[5{5

6 6;6[6`6{6

='>?>0?9?

3 3$3(3,303

1;1[1`1{1

SSLv2 part of OpenSSL 0.9.6m 17 Mar 2004

SSLv3 part of OpenSSL 0.9.6m 17 Mar 2004

SSLv2/3 compatibility part of OpenSSL 0.9.6m 17 Mar 2004

TLSv1 part of OpenSSL 0.9.6m 17 Mar 2004

client write key

server write key

key expansion

.\ssl\ssl_cert.c

%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s

EXPORT56

EXPORT40

EXPORT

export

SSLv3 read certificate verify B

SSLv3 read certificate verify A

SSLv3 read client key exchange B

SSLv3 read client key exchange A

SSLv3 read client certificate B

SSLv3 read client certificate A

SSLv3 write certificate request B

SSLv3 write certificate request A

SSLv3 write key exchange B

SSLv3 write key exchange A

SSLv3 write certificate B

SSLv3 write certificate A

SSLv2 X509 read server certificate

SSLv2 write request certificate D

SSLv2 write request certificate C

SSLv2 write request certificate B

SSLv2 write request certificate A

SSLv2 read client master key B

SSLv2 read client master key A

SSLv3 write certificate verify B

SSLv3 write certificate verify A

SSLv3 write client key exchange B

SSLv3 write client key exchange A

SSLv3 write client certificate D

SSLv3 write client certificate C

SSLv3 write client certificate B

SSLv3 write client certificate A

SSLv3 read server certificate request B

SSLv3 read server certificate request A

SSLv3 read server key exchange B

SSLv3 read server key exchange A

SSLv3 read server certificate B

SSLv3 read server certificate A

SSLv2 X509 read client certificate

SSLv2 write client certificate D

SSLv2 write client certificate C

SSLv2 write client certificate B

SSLv2 write client certificate A

SSLv2 write client master key B

SSLv2 write client master key A

2SSH_B

2SSH_A

export restriction

certificate unknown

certificate expired

unsupported certificate

bad certificate

no certificate

%ld (%s)

Compression: %d (%s)

Compression: %d

Key-Arg :

Master-Key:

Cipher : %s

Protocol : %s

wrong number of key bits

unsupported ssl version

unsupported protocol

unsupported compression algorithm

unknown pkey type

unknown key exchange type

unknown certificate type

unable to find public key parameters

unable to extract public key

unable to decode dh certs

tried to use unsupported cipher

tls peer did not respond with certificate list

tls client cert req with anon cipher

tlsv1 alert export restriction

sslv3 alert unsupported certificate

sslv3 alert peer error unsupported certificate type

sslv3 alert peer error no certificate

sslv3 alert peer error certificate

sslv3 alert no certificate

sslv3 alert certificate unknown

sslv3 alert certificate revoked

sslv3 alert certificate expired

sslv3 alert bad certificate

signature for non signing certificate

reuse cert type not zero

reuse cert length not zero

public key is not rsa

public key encrypt error

peer error unsupported certificate type

peer error no certificate

peer error certificate

peer did not return a certificate

null ssl method passed

no publickey

no private key assigned

no privatekey

no client cert received

no ciphers passed

no certificate specified

no certificate set

no certificate returned

no certificate assigned

no certificates returned

missing tmp rsa pkey

missing tmp rsa key

missing tmp dh key

missing rsa signing cert

missing rsa encrypting cert

missing rsa certificate

missing export tmp rsa key

missing export tmp dh key

missing dsa signing cert

missing dh rsa cert

missing dh key

missing dh dsa cert

key arg too long

http request

https proxy request

error generating tmp rsa key

cert length mismatch

certificate verify failed

bad dh pub key length

TLS1_SETUP_KEY_BLOCK

SSL_VERIFY_CERT_CHAIN

SSL_use_RSAPrivateKey_file

SSL_use_RSAPrivateKey_ASN1

SSL_use_RSAPrivateKey

SSL_use_PrivateKey_file

SSL_use_PrivateKey_ASN1

SSL_use_PrivateKey

SSL_use_certificate_file

SSL_use_certificate_ASN1

SSL_use_certificate

SSL_SET_PKEY

SSL_SET_CERT

SSL_SESS_CERT_NEW

SSL_GET_SIGN_PKEY

SSL_GET_SERVER_SEND_CERT

SSL_CTX_use_RSAPrivateKey_file

SSL_CTX_use_RSAPrivateKey_ASN1

SSL_CTX_use_RSAPrivateKey

SSL_CTX_use_PrivateKey_ASN1

SSL_CTX_use_PrivateKey

SSL_CTX_use_certificate_chain_file

SSL_CTX_use_certificate_ASN1

SSL_CTX_use_certificate

SSL_check_private_key

SSL_CERT_NEW

SSL_CERT_INSTANTIATE

SSL_CERT_INST

SSL_CERT_DUP

SSL_add_file_cert_subjects_to_stack

SSL_add_dir_cert_subjects_to_stack

SSL3_SETUP_KEY_BLOCK

SSL3_SEND_SERVER_KEY_EXCHANGE

SSL3_SEND_SERVER_CERTIFICATE

SSL3_SEND_CLIENT_KEY_EXCHANGE

SSL3_SEND_CLIENT_CERTIFICATE

SSL3_SEND_CERTIFICATE_REQUEST

SSL3_OUTPUT_CERT_CHAIN

SSL3_GET_SERVER_CERTIFICATE

SSL3_GET_KEY_EXCHANGE

SSL3_GET_CLIENT_KEY_EXCHANGE

SSL3_GET_CLIENT_CERTIFICATE

SSL3_GET_CERT_VERIFY

SSL3_GET_CERTIFICATE_REQUEST

SSL3_CHECK_CERT_AND_ALGORITHM

SSL2_SET_CERTIFICATE

SSL2_GENERATE_KEY_MATERIAL

REQUEST_CERTIFICATE

GET_CLIENT_MASTER_KEY

CLIENT_MASTER_KEY

CLIENT_CERTIFICATE

SSLEAY32.dll

SSL_CTX_get_cert_store

SSL_CTX_set_cert_store

SSL_CTX_set_cert_verify_callback

SSL_get_certificate

SSL_get_peer_cert_chain

SSL_get_privatekey

AutoHotkeys@

Uh.PD

KeyPreview

WindowState$

:\WINDOWS\system32\drivers\AX

= =&=.=9=

8": :2;;;

1#1'1 1/1

; ;$;(;,;0;4;

3"3&3*303

7 787@7\7

00D0I0V0

: :$:(:,:

1%1x1

h.rdata

H.data

NTOSKRNL.EXE

333333333333333333

33333833

3333333333333338

:*"*"$3338

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

KWindows

0IdHTTPHeaderInfo

 IdTCPServer

IdTCPStream

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

Lines.Strings

KeBugCheckEx ntoskrnl.exe

HidRegisterMinidriver HIDCLASS.SYS

<USBD_CreateConfigurationRequestEx USBD.SYS

0 4 0 9 0 4

<assemblyIdentity version="1.0.0.0"

<requestedExecutionLevel

Uh.hA

PasswordChar$-D

OnKeyPressD

OnKeyUph

TMenuItemt%D

AutoHotkeysD#D

KeyPreview8*D

OldCreateOrderp%D

WindowStatep%D

KeyFile

EIdOSSLLoadingCertErrorHcF

TIdHTTPRequestd

TIdHTTPProtocolx

TIdCustomHTTPx

TIdHTTP`

application/x-www-form-urlencoded

TIdFTPListItemx

TIdFTP\

Port<

OnCreateFTPList

IdFTP1

(Windows 95)

(Windows 98)

(Windows Me)

(Windows NT 3.51)

(Windows NT 4.0)

(Windows 2000)

(Windows XP)

c:\windows\system32\Promtx.exe

:\windows\kilinhx.txt

Promt.exe

c:\windows\system32\Promt.exe

C:\Arquivos de programas\GbPlugin\gbieh.dll

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

C:\Arquivos de programas\GbPlugin\gbiehabn.dll

C:\Arquivos de programas\Scpad

C:\Arquivos de programas\Avira

C:\Arquivos de programas\Alwil Software

C:\Arquivos de programas\Avast Software

C:\Arquivos de programas\AVG

C:\Arquivos de programas\GbPlugin\gbiehuni.dll

C:\Arquivos de programas (86)\GbPlugin\gbieh.dll

C:\Arquivos de programas (86)\GbPlugin\gbiehcef.dll

C:\Arquivos de programas (86)\GbPlugin\gbiehabn.dll

C:\Arquivos de programas (86)\Scpad

C:\Arquivos de programas (86)\Avira

C:\Arquivos de programas (86)\Alwil Software

C:\Arquivos de programas (86)\Avast Software

C:\Arquivos de programas (86)\AVG

C:\Arquivos de programas (86)\GbPlugin\gbiehuni.dll

%Program Files% (86)\GbPlugin\gbieh.dll

%Program Files% (86)\GbPlugin\gbiehcef.dll

%Program Files% (86)\Scpad

%Program Files% (86)\Avira

%Program Files% (86)\Alwil Software

%Program Files% (86)\Avast Software

%Program Files% (86)\AVG

%Program Files% (86)\GbPlugin\gbiehuni.dll

%Program Files%\GbPlugin\gbieh.dll

%Program Files%\GbPlugin\gbiehcef.dll

%Program Files%\GbPlugin\gbiehabn.dll

%Program Files%\Scpad

%Program Files%\Avira

%Program Files%\Alwil Software

%Program Files%\Avast Software

%Program Files%\AVG

%Program Files%\GbPlugin\gbiehuni.dll

%WinDir%\Downloaded Program Files\uni.gpc

hXXp://blogsurfistinha.com.br/act/leo.php

WindowsLive:name=*

ExitWindowsEx

>%?*?8?[?

7,7!8>899

0 11U1s1z1

8 8$8(8,8084888

1,2]6

45r5

;";1;;;@;\;

1%2u2

5]5v5

0 0,000>0`0

WIdFTP

HorzScrollBar.Position

ProxyParams.BasicAuthentication

ProxyParams.ProxyPort

Request.ContentLength

Request.ContentRangeEnd

Request.ContentRangeStart

Request.ContentType

Request.Accept

Request.BasicAuthentication

Request.UserAgent

&Mozilla/3.0 (compatible; Indy Library)

ProxySettings.ProxyType

ProxySettings.Port

#IdSMTP

WindowState

PrintOptions.Header

PrintOptions.HTMLHeader.Strings

PrintOptions.Footer

PrintOptions.Orientation

Picture.Data

F%S0-"

].WAA

bu%SX

PasswordChar

\[[\[[\[[

\[[\[[\[[\[[\[[

\[[\[[\[[\[[\[[\[[\[[

\[[\[[\[[\[[\[[\[[

\[[\[[\[[\[[

\[[\[[\[[\[[\[[\[[\[[\[[

|{{|{{|{{|{{|{{|{{

|{{|{{|{{|{{

|{{|{{|{{|{{|{{|{{|{{|{{|{{|{{|{{|{{

$##$##|{{

$##$##$##

$##$##$##$##$##$##$##$##

$##$##$##$##

$##$##$##|{{

$##|{{|{{$##

|{{$##$##

|{{|{{|{{|{{|{{|{{|{{

|{{$##$##|{{

$##$##|{{|{{

|{{|{{|{{

|{{$##$##$##

$##|{{$##|{{

|{{$##|{{$##

l.Xu j

SSLOptions.Method

SSLOptions.Mode

SSLOptions.VerifyMode

SSLOptions.VerifyDepth

URL)))))))))))))))))))

W10.%0u

CO.NN7U[9

x!.vH6

dlØ

[email protected]

/.QA#

Ol%x|du

%uuuk

F%U U

^%S TU6

uuu0E%C

.bOH^e

(7),01444

'9=82<.342

/)%/)#,,

2-%;85???>?@<=<9863.)%

{{|{{{|||

,* -( 1&

.) ** *'

/*"6)!/(!'* %*

1)#2(!.&

- ",)!/("1'"/'

,) .) -(

/* /(!($

.) /*!.) -(

/*!/*!.) -(

.* .( )$

/*!/*!/) .(

.) .) .) .) /(

/*!2( -(

0*!3(!.* 2 ".'

1*!0) /(

0) 1*!(!

0) 0) 0) 1*!,%

,* 1."1 #3(!.* 2 "-&

2 "3,#3,#1*!/(

1*!1*!1*!1*!1*!1*!0) 1*!,%

3)"0,"1*!/(

0) 1*!1*!.'

4)"/ !1*!1*!1*!1*!3,#1*!)"

2 "2 "/(

0) 0) 1*!1*!-&

1*!1*!/(

0) 1*!3,#/(

1)$2)"2 !2 "2 "2 "2 "1*!*#

1*!3,#0) /(

0) 1*!.'

1*!1*!0) 1*!0) /(

,& 2' 1) /(

0) 2 "2 "2 ".'

0) 0) /(

2 "1*!2 "1*!2 "2 "1*!0) )"

0) 0) .'

1*!0) 0) 0) 2 ".'

1*!2 "2 "3,#0) 1*!3,#2 "0) )"

2 "0) 0) /(

1*!2 "0) 0) 0) 0) 0) 1*!-&

0) 1*!1*!1*!2 "2 "3,#2 "0) *#

0) 0) 1*!0) /(

0) 1*!1*!/(

2,"3 !)!

1*!3,#2 "1*!1*!1*!1*!1*!-&

0) 0) 0) .'

1*!0*!1*!4,#2)!1) ,%

2,#3,!(!

1*!2 "2 "2 "2 "2 "2 "2 ".'

0) 1*!0) 0) 0) 0) 0) 0) /(

0 "/,"1 "5 "4(!2( -&

2,#/,"1 "5 "4(!2( -&

2,#2  .'  '"0' 0) -&

3,#2 "3,#2 "0) 1*!1*!/(

0) 1*!0) 0) 0) 0) 0) 0) -&

5)"4*".(

2,#4-#3,%0,'4,$2 "/(

3,#2 "3,#3,#4-$4-$5.%1*!*#

0) 1*!0) 0) 3,#3,#2 #2 #.'

4( 4*".(

2.$4.#2,%1 &4,$3,#/(

3,#2 "3,#3,#3,#3,#4-$1*!)"

1*!2 !1*!0* 2 "2 !2 "2 ".'

3)!4 #.(

0)#5*%2-%6/&3,#-&

2 "3,#4-$3,#/(

1  2,!/)

6 &1,%4-$4-$5.%3,#4-$3,# $

1*!3,#1*!3,#6/&4-$5.%5.%1*!,%

2,!3-"1  2,!2,!2,!3-"4.#,&

6 '3.'4-$4-$5.%2 "4-$4-$ $

3,#5.%2 "3,#3,#3,#3,#3,#0) *#

4.#3-"2,!4.#4.#1  3-"2,!,&

5*&1 $1*!2 "4-$4-$4-$4-$.'

1*!3,#1*!2 "3,#4-$5.%4-$1*! $

2,!1  1  2,!3-"4.#4.#2,!.(

0) 5.%4-$5.%4-$2 "4-$4-$0) *#

0) 4-$3,#3,#3,#3,#5-$70'4-$.(

1  4.#3-"3-"3-"3-!3-!4.#1  -&

2 "6/&4-$5.%6/&4-$4-$4-$2 "*#

,* 6/&3.$1."5-"9.";.#;0%8/$/(

1,!3.#2.#1,!2."2.#1,!2.#.*

2 "5.%6/&4-$5.%5.%4-$4-$3,# $

4.%6-#5.#4.#3.#5/$3.#30%.*

1-"2.#2.#/  0,!1-#2-$1."-*

1 "2 !*$

2 "6/&6/&5.%4-$2 "2 "2 "1 "-* )$

.,"0.$2,"7.%6,#3-"3-"3-"0*

1-"1,#0, 0-

5.%6/&6/&6/&6/&6/&6/&6/&.) %#

5 #4-$5,$3-$4-$60``%3-",&

2.#1,#1-!1.

6/&70'70'70'5.%5.%5.%6.%0)

4 $:-(9,'5-'3-&5/$5/$50%2,! %

3,"5/%5.$5.&2*&-( ,*

7( 1(!2*#1/#2.$8.#7.#0)#2($2  /

1  61%5/#6/&1-'10"7- "

5.$0.'9-$:/!5.'7-)41"41#2  ,&

3-"93(61&<1&<.!4'

82' 1)01'81!80 40".1"20$1   %

1  4.#3.#8-$/

10 3/$3,'6/(3-"/)

1*!3 #-%

0 ":0)62(70'70'81(70'70'6/&/(

* $7.';.(90'60``q&71&/)

1 #;2*83)92)81(81(5.%5/%6/&.'

1(&71(03 43#82(82'60q&71&/)

1 "62(:3'93'60%:3)60q&60%/)

8 $4/ 31$52$70&:4)71&82'5/$1  .(

71&93'82'60` 41

@/ =-#3$

71&82'71&71&71&60`$82'4-#.'

60“(60“(93(61!53!:0&5.&&

71&71&71&82'71&82&71”(60%-&

5/$<6 :4)93(:4)=/'6/(4/(< $

82'82'82'82'82'82'82&82'5.$.'

3-"70*31 53'8'

2,!2,!1  0*

1  62&42 83'("

2,"75(:3-@3*

01$6.&:(

7/%2,!.(

:4)5/$/)

96*5.#.(

1  1  /)

4/Ù2?;1@:/@:/?9.?9.>8-<6,4.#.)

65%:3)93(93(:4):4)2,!0)

;6&93(:4)<6 <6 :4)1  .(

@6':4);5*:4);5*93(2,!0*

4.#:5*;5*;5*:4)93(92(93*:4(71$1

2,!:4);5*;5*;5*:4);4*;5 =8,93&1

1'!6-#<3)>6,=4*=4*=4*<4);5*<6)72#2-

>, :0ƒ 81)4(

3* 3* 3* 3* 1(

1  1  1  /)

8/.;10<3-?4 ?3-=2393197 95&4*!3'"3,!1*

.( 3*!4-

7)!6* 4)

=8';6(>91

3* 3* 3* 2)

3-"4.#4.#3-"60%C=2C=2C=2A;0@:/@:/?:/@:/94)1,!2-"2-!2-"2-"4.#4.#4.#4.#;5*?9.>8-?9.@:/?9.?9.?9.>8-71&3-!/*

6<<<>>.\,

EdtSenhaKeyDown

{%C"A

Items.Strings

wriJE<%XPj

y.effR

n%x=t

_%CyE

Font.Pitch

*.*RUQ

2'.ZOV

%*,&,.JPR9?A8=?GJL

0.rMr

Timerpasso2

DialogBoxes.NewCaption

s.Neb

fO`d%SnW

cVK]4L!3%U$

qU.re

-St%s2

2%DyBb

1_mL%fut

.At8L/#

IK*f%X

m.APPPv.$KM

J(

f%cO<

DisableErrors.EnableDDE

DisableErrors.fpExceptions

$DisableErrors.ScriptErrorsSuppressed

VertScrollBar.Smooth

VertScrollBar.Tracking

[H%UOz

3'%%5 %f

E<Q.mD

3'%%5$%f

K.iii

j.LXm

-%fNJJj@J

WO%fNJJj@J

#%fNJJj@J

'%fNJJJJjp

3'%%%X5

'%fNJJJJjpj

'%fNJJJJjpjL

%fNJJj@J

r9P%X

%X%ke<

.xR__

/2.UVb

t*2%D

.Ex-I

Adobe Photoshop CS2 Windows

2007:05:05 00:37:29

urlTEXT

MsgeTEXT

hXXp://ns.adobe.com/xap/1.0/

<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="3.1.1-111">

<rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">

xmlns:xapMM="hXXp://ns.adobe.com/xap/1.0/mm/"

xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#">

xmlns:xap="hXXp://ns.adobe.com/xap/1.0/">

<xap:CreatorTool>Adobe Photoshop CS2 Windows</xap:CreatorTool>

xmlns:dc="hXXp://purl.org/dc/elements/1.1/">

xmlns:photoshop="hXXp://ns.adobe.com/photoshop/1.0/">

xmlns:tiff="hXXp://ns.adobe.com/tiff/1.0/">

xmlns:exif="hXXp://ns.adobe.com/exif/1.0/">

IEC hXXp://VVV.iec.ch

.IEC 61966-2.1 Default RGB colour space - sRGB

CRT curv

2007:05:05 00:36:38

`fs.fKM

Z.BF%%

\c}T.hm

dC.gm

%|.nw^

f@f$%XJG

-sLZ}j#

Y.Ue-

W4I%D

S].Mf

jeW.iOR

7w.Ch

operacao

HorzScrollBar.Smooth

HorzScrollBar.Tracking

U%cyM

]%c*s

hXXps://VVV.santandernet.com.br/IBPF/LoginEscolhaUsuarios.asp#

errorUrl

hXXps://wwwss.bradesco.com.br/scripts/ib2k1.dll/LOGIN

VVV.hotmail.com

PROMTRXEXE

PROMTXEXE

()* ,|-./

\??\C:\Arquivos de programas\Scpad\sshib.dll

\??\C:\Arquivos de programas\Scpad\scpVista.exe

\??\C:\Arquivos de programas\Scpad\scpIBCfg.bin

\??\c:\Arquivos de programas\Avira\AntiVir Desktop\avscan.exe

\??\C:\Arquivos de programas\Avira\AntiVir Desktop\update.exe

\??\C:\Arquivos de programas\AVAST Software\Avast5\AvastSvc.exe

\??\C:\Arquivos de programas\AVAST Software\Avast\VisthUpd.exe

\??\C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe

\??\C:\Arquivos de programas\AVAST Software\Avast\aswUpdSv.exe

\??\C:\Arquivos de programas\Avira\AntiVir Desktop\update.dll

\??\C:\Arquivos de programas\Scpad\scpLIB.dll

\??\C:\Arquivos de programas\GbPlugin\gbieh.gmd

\??\%WinDir%\Downloaded Program Files\GbPluginUni.cab

\??\%WinDir%\Downloaded Program Files\gbiehuni.dll

\??\C:\Arquivos de programas\GbPlugin\gbpluginuni.inf

\??\C:\safassafytuytutyutyutyuytuasfaserdassdfsa\4das.df6as.656f.cd

\??\C:\Arquivos de programas\GbPlugin\gbpsv.exe

\??\C:\Arquivos de programas\GbPlugin\bb.gpc

\??\%WinDir%\Downloaded Program Files\CONFLICT.1\gbiehAbn.dll

\??\C:\Arquivos de programas\GbPlugin\gbpdist.dll

\??\C:\Arquivos de programas\AVAST Software\\Avast\ashUpd.exe

\??\C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

\??\C:\Arquivos de programas\AVG\AVG10\avgpp.dll

\??\C:\Arquivos de programas\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

\??\C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe

\??\C:\Arquivos de programas\Alwil Software\Avast5\aswUpdSv.exe

\??\C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

\??\C:\Arquivos de programas\Alwil Software\Avast5\ashUpd.exe

\??\C:\Arquivos de programas\GbPlugin\gbiehcef.dll

\??\%System%\drivers\gbpkm.sys

\??\C:\Arquivos de programas\GbPlugin\gbieh.dll

\??\C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

\??\C:\Arquivos de programas\GbPlugin\cef.gpc

\??\C:\Arquivos de programas\AVG\AVG8\avgscanx.exe

\??\C:\Arquivos de programas\AVG\AVG8\avgupd.exe

\??\C:\Arquivos de programas\Alwil Software\Avast5\VisthUpd.exe

\??\C:\safasfewtewtwetwet.coewtwetwem

\??\C:\Arquivos de programas\gbplugin\gbiehAbn.dll

\??\C:\Arquivos de programas\gbplugin\Abn.gpc

\??\%WinDir%\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

\??\%WinDir%\Downloaded Program Files\uni.gpc

\??\C:\Arquivos de programas\GbPlugin\uni.gpc

\??\C:\Arquivos de programas\GbPlugin\gbiehuni.dll

\??\C:\Arquivos de programas\gbplugin\gbpkm.sys

\??\C:\Arquivos de programas\Scpad\scpsssh2.dll

\??\C:\Arquivos de programas\AVAST Software\Avast5\ashUpd.exe

\??\C:\Arquivos de programas\AVAST Software\Avast5\VisthUpd.exe

\??\%WinDir%\Downloaded Program Files\gbpluginuni.inf

\??\C:\safasfafpordd5464yuytutyutyuytf5as45sf4a4af465a\sdsdsd.com

\??\C:\Arquivos de programas\Scpad\scpMIB.dll

\??\C:\Arquivos de programas\AVG\AVG10\avgtray.exe

\??\C:\Arquivos de programas\AVAST Software\Avast5\AvastUI.exe

\??\C:\Arquivos de programas\AVAST Software\Avast5\aswUpdSv.exe

\??\%Program Files% (x86)\Scpad\sshib.dll

\??\%Program Files% (x86)\Scpad\scpVista.exe

\??\%Program Files% (x86)\Scpad\scpIBCfg.bin

\??\c:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

\??\%Program Files% (x86)\Avira\AntiVir Desktop\update.exe

\??\%Program Files% (x86)\AVAST Software\Avast5\AvastSvc.exe

\??\%Program Files% (x86)\AVAST Software\Avast\VisthUpd.exe

\??\%Program Files% (x86)\AVAST Software\Avast\AvastUI.exe

\??\%Program Files% (x86)\AVAST Software\Avast\aswUpdSv.exe

\??\%Program Files% (x86)\Avira\AntiVir Desktop\update.dll

\??\%Program Files% (x86)\Scpad\scpLIB.dll

\??\%Program Files% (x86)\GbPlugin\gbieh.gmd

\??\%Program Files% (x86)\GbPlugin\gbpluginuni.inf

\??\%Program Files% (x86)\GbPlugin\gbpsv.exe

\??\%Program Files% (x86)\GbPlugin\bb.gpc

\??\%Program Files% (x86)\GbPlugin\gbpdist.dll

\??\%Program Files% (x86)\AVAST Software\\Avast\ashUpd.exe

\??\%Program Files% (x86)\AVAST Software\Avast\AvastSvc.exe

\??\%Program Files% (x86)\AVG\AVG10\avgpp.dll

\??\%Program Files% (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

\??\%Program Files% (x86)\Alwil Software\Avast5\AvastUI.exe

\??\%Program Files% (x86)\Alwil Software\Avast5\aswUpdSv.exe

\??\%Program Files% (x86)\Alwil Software\Avast5\AvastSvc.exe

\??\%Program Files% (x86)\Alwil Software\Avast5\ashUpd.exe

\??\%Program Files% (x86)\GbPlugin\gbiehcef.dll

\??\%Program Files% (x86)\GbPlugin\gbieh.dll

\??\%Program Files% (x86)\AVG\AVG10\avgwdsvc.exe

\??\%Program Files% (x86)\GbPlugin\cef.gpc

\??\%Program Files% (x86)\AVG\AVG8\avgscanx.exe

\??\%Program Files% (x86)\AVG\AVG8\avgupd.exe

\??\%Program Files% (x86)\Alwil Software\Avast5\VisthUpd.exe

\??\%Program Files% (x86)\gbplugin\gbiehAbn.dll

\??\%Program Files% (x86)\gbplugin\Abn.gpc

\??\%Program Files% (x86)\GbPlugin\uni.gpc

\??\%Program Files% (x86)\GbPlugin\gbiehuni.dll

\??\%Program Files% (x86)\gbplugin\gbpkm.sys

\??\%Program Files% (x86)\Scpad\scpsssh2.dll

\??\%Program Files% (x86)\AVAST Software\Avast5\ashUpd.exe

\??\%Program Files% (x86)\AVAST Software\Avast5\VisthUpd.exe

\??\%Program Files% (x86)\Scpad\scpMIB.dll

\??\%Program Files% (x86)\AVG\AVG10\avgtray.exe

\??\%Program Files% (x86)\AVAST Software\Avast5\AvastUI.exe

\??\%Program Files% (x86)\AVAST Software\Avast5\aswUpdSv.exe

\??\%Program Files%\Scpad\sshib.dll

\??\%Program Files%\Scpad\scpVista.exe

\??\%Program Files%\Scpad\scpIBCfg.bin

\??\c:\Program Files\Avira\AntiVir Desktop\avscan.exe

\??\%Program Files%\Avira\AntiVir Desktop\update.exe

\??\%Program Files%\AVAST Software\Avast5\AvastSvc.exe

\??\%Program Files%\AVAST Software\Avast\VisthUpd.exe

\??\%Program Files%\AVAST Software\Avast\AvastUI.exe

\??\%Program Files%\AVAST Software\Avast\aswUpdSv.exe

\??\%Program Files%\Avira\AntiVir Desktop\update.dll

\??\%Program Files%\Scpad\scpLIB.dll

\??\%Program Files%\GbPlugin\gbieh.gmd

\??\%Program Files%\GbPlugin\gbpluginuni.inf

\??\%Program Files%\GbPlugin\gbpsv.exe

\??\%Program Files%\GbPlugin\bb.gpc

\??\%Program Files%\GbPlugin\gbpdist.dll

\??\%Program Files%\Alwil Software\Avast5\AvastUI.exe

\??\%Program Files%\Alwil Software\Avast5\aswUpdSv.exe

\??\%Program Files%\Alwil Software\Avast5\AvastSvc.exe

\??\%Program Files%\Alwil Software\Avast5\ashUpd.exe

\??\%Program Files%\GbPlugin\gbiehcef.dll

\??\%Program Files%\GbPlugin\gbieh.dll

\??\%Program Files%\AVG\AVG10\avgwdsvc.exe

\??\%Program Files%\GbPlugin\cef.gpc

\??\%Program Files%\AVG\AVG8\avgscanx.exe

\??\%Program Files%\AVG\AVG8\avgupd.exe

\??\%Program Files%\Alwil Software\Avast5\VisthUpd.exe

\??\%Program Files%\gbplugin\gbiehAbn.dll

\??\%Program Files%\gbplugin\Abn.gpc

\??\%Program Files%\GbPlugin\uni.gpc

\??\%Program Files%\GbPlugin\gbiehuni.dll

\??\%Program Files%\gbplugin\gbpkm.sys

\??\%Program Files%\Scpad\scpsssh2.dll

\??\%Program Files%\AVAST Software\Avast5\ashUpd.exe

\??\%Program Files%\AVAST Software\Avast5\VisthUpd.exe

\??\%Program Files%\Scpad\scpMIB.dll

\??\%Program Files%\AVG\AVG10\avgtray.exe

\??\%Program Files%\AVAST Software\Avast5\AvastUI.exe

\??\%Program Files%\AVAST Software\Avast5\aswUpdSv.exe

\??\C:\Arquivos de Programas (x86)\Scpad\sshib.dll

\??\C:\Arquivos de Programas (x86)\Scpad\scpVista.exe

\??\C:\Arquivos de Programas (x86)\Scpad\scpIBCfg.bin

\??\c:\Arquivos de Programas (x86)\Avira\AntiVir Desktop\avscan.exe

\??\C:\Arquivos de Programas (x86)\Avira\AntiVir Desktop\update.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast5\AvastSvc.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast\VisthUpd.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastUI.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast\aswUpdSv.exe

\??\C:\Arquivos de Programas (x86)\Avira\AntiVir Desktop\update.dll

\??\C:\Arquivos de Programas (x86)\Scpad\scpLIB.dll

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbieh.gmd

\??\%WinDir%\Downloaded Arquivos de Programas (x86)\GbPluginUni.cab

\??\%WinDir%\Downloaded Arquivos de Programas (x86)\gbiehuni.dll

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbpluginuni.inf

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbpsv.exe

\??\C:\Arquivos de Programas (x86)\GbPlugin\bb.gpc

\??\%WinDir%\Downloaded Arquivos de Programas (x86)\CONFLICT.1\gbiehAbn.dll

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbpdist.dll

\??\C:\Arquivos de Programas (x86) (x86)\AVAST Software\\Avast\ashUpd.exe

\??\C:\Arquivos de Programas (x86) (x86)\AVAST Software\Avast\AvastSvc.exe

\??\C:\Arquivos de Programas (x86) (x86)\AVG\AVG10\avgpp.dll

\??\C:\Arquivos de Programas (x86) (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

\??\C:\Arquivos de Programas (x86)\Alwil Software\Avast5\AvastUI.exe

\??\C:\Arquivos de Programas (x86)\Alwil Software\Avast5\aswUpdSv.exe

\??\C:\Arquivos de Programas (x86)\Alwil Software\Avast5\AvastSvc.exe

\??\C:\Arquivos de Programas (x86)\Alwil Software\Avast5\ashUpd.exe

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbiehcef.dll

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbieh.dll

\??\C:\Arquivos de Programas (x86)\AVG\AVG10\avgwdsvc.exe

\??\C:\Arquivos de Programas (x86)\GbPlugin\cef.gpc

\??\C:\Arquivos de Programas (x86)\AVG\AVG8\avgscanx.exe

\??\C:\Arquivos de Programas (x86)\AVG\AVG8\avgupd.exe

\??\C:\Arquivos de Programas (x86)\Alwil Software\Avast5\VisthUpd.exe

\??\C:\Arquivos de Programas (x86)\gbplugin\gbiehAbn.dll

\??\C:\Arquivos de Programas (x86)\gbplugin\Abn.gpc

\??\%WinDir%\Downloaded Arquivos de Programas (x86)\CONFLICT.1\gbiehuni.dll

\??\%WinDir%\Downloaded Arquivos de Programas (x86)\uni.gpc

\??\C:\Arquivos de Programas (x86)\GbPlugin\uni.gpc

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbiehuni.dll

\??\C:\Arquivos de Programas (x86)\gbplugin\gbpkm.sys

\??\C:\Arquivos de Programas (x86)\Scpad\scpsssh2.dll

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast5\ashUpd.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast5\VisthUpd.exe

\??\%WinDir%\Downloaded Arquivos de Programas (x86)\gbpluginuni.inf

\??\C:\Arquivos de Programas (x86)\Scpad\scpMIB.dll

\??\C:\Arquivos de Programas (x86)\AVG\AVG10\avgtray.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast5\AvastUI.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast5\aswUpdSv.exe

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

%sDThis authentication method is already registered with class name %s.

%s is not a valid service.

Socket Error # %d

Operation would block.

Operation now in progress.

Operation already in progress.

Socket operation on non-socket.

No help keyword specified.

Set Size Exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Connecting to %s.

/Menu '%s' is already being used by another form

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Alt  Clipboard does not support Icons

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Failed to set data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Unsupported clipboard format

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot open file "%s". %s

Invalid stream format$''%s'' is not a valid component name

Invalid property value List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Ancestor for '%s' not found

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

Invalid variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

External exception %x

Interface not supported

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

!'%s' is not a valid integer value

I/O error %d

Integer overflow Invalid floating point operation

3.0.0.0

1.0.0.0

Could not load root certificate.

Could not load certificate.#Could not load key, check password.

SSL status: "%s"

Command not supported.

Address type not supported.$Error accepting connection with SSL.

Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.

Starting FTP transfer

Invalid Port Range (%d - %d)

Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Chunk StartedDThis authentication method is already registered with class name %s.

Unknown FTP listing format

Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.

File "%s" not found1Only one TIdAntiFreeze can exist per application.

No data to read.$Can not bind in port range (%d - %d)

Unable to insert a line Clipboard does not support Icons

Text exceeds memo capacity/Menu '%s' is already being used by another form

Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count"Unable to find a Table of Contents

No help found for %s

Thread creation error: %s

Thread Error: %s (%d)

Invalid floating point operation

!'%s' is not a valid integer value!'%s' is not a valid date and time

Unsupported PixelFormat

Invalid stream operation

Invalid extension introducerúiled to allocate memory for GIF DIB

Invalid Image trailerAInternal error: Extension Instance does not match Extension Label,Unsupported Application Extension block size

Unknown GIF block type'Object type not supported for operation

.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

OLE control activation failed*Could not obtain OLE control window handle%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s

Unsupported GIF version

Description: BThe "Portable Network Graphics" image contains an invalid palette.

The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.

This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.

There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.4The new size provided for image resizing is invalid.

JPEG error #%d

JPEG Image FilejThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.

Error creating SSL context. Could not load root certificate.

Object type not supported.

@ Outside address*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

File "%s" not found

Invalid clipboard format Clipboard does not support Icons

Invalid input value7Invalid input value. Use escape key to abandon changes

Cannot drag a form"An error returned from DDE ($0%x)/DDE Error - conversation not established ($0%x)0Error occurred when DDE ran out of memory ($0%x)"Unable to connect DDE conversation

Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic

Invalid data type for '%s' List capacity out of bounds (%d)

Failed to create key %s

Failed to get data for '%s'

Operation aborted(Exception %s in module %s at %p.

!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time

1.0.4.4

Promtx.exe_1404:

.idata

.rdata

P.reloc

P.rsrc

kernel32.dll

Windows

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

u%CNu

%s[%d]

Uh.hA

%s_%d

EInvalidGraphicOperation

USER32.DLL

comctl32.dll

uxtheme.dll

MAPI32.DLL

PasswordChar$-D

OnKeyDown

OnKeyPressD

OnKeyUph

ssHorizontal

OnKeyUp

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeyword

crSQLWait

%s (%s)

imm32.dll

TMenuItemt%D

AutoHotkeysD#D

AutoHotkeys

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview8*D

OldCreateOrderp%D

WindowStatep%D

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

WS2_32.DLL

127.0.0.1

TIdSocketListWindows

TIdStackWindowsU

IdStackWindows

%s, %d %s %d %s %s

ftpTransfer

ftpReady

ftpAborted

ClientPortMin<

ClientPortMax

Port

EIdCanNotBindPortInRange

EIdInvalidPortRangeSVW

saUsernamePassword

Password<

0.0.0.1

TIdTCPConnection

IdTCPConnection

EIdTCPConnectionError

TIdTCPClient

IdTCPClient

BoundPort

PortU

password

Password

IdHTTPHeaderInfo

ProxyPassword<

ProxyPort

Mozilla/3.0 (compatible; Indy Library)

libeay32.dll

ssleay32.dll

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_certificate_file

SSL_get_peer_certificate

SSL_CTX_set_default_passwd_cb

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_check_private_key

X509_STORE_CTX_get_current_cert

des_set_key

sslvrfFailIfNoPeerCert

TPasswordEvent

Certificate

RootCertFile

CertFile

KeyFile

OnGetPassword

EIdOSSLLoadingRootCertError

EIdOSSLLoadingCertErrorHcF

EIdOSSLLoadingKeyError

CommentURL

TIdHTTPMethod

IdHTTP

TIdHTTPOption

TIdHTTPOptions

TIdHTTPProtocolVersion

TIdHTTPOnRedirectEvent

TIdHTTPResponse

TIdHTTPRequest

TIdHTTPRequestd

TIdHTTPProtocolx

TIdCustomHTTP

TIdCustomHTTPx

TIdHTTP`

TIdHTTP

HTTPOptions

EIdHTTPProtocolException

application/x-www-form-urlencoded

HTTPS

https

This request method is supported in HTTP 1.1

HTTP/1.0 200 OK

HTTP/

EIdInvalidFTPListingFormat

TIdFTPListFormat

IdFTPList

TIdFTPListItem

TIdFTPListItemx

TIdFTPListItems

TIdFTPTransferType

IdFTPCommon

TIdCreateFTPList

VFTPList

TIdFtpAfterGet

TIdFtpProxyType

fpcmUserPass

fpcmHttpProxyWithFtp

IdFTP

TIdFtpProxySettings

TIdFTP

TIdFTP\

Passive

Port<

OnAfterClientLogin

OnCreateFTPList

PORT

USER %s@%s@%s

IdHTTP1

IdFTP1

(Windows 95)

(Windows 98)

(Windows Me)

(Windows NT 3.51)

(Windows NT 4.0)

(Windows 2000)

(Windows XP)

1234567890

:*:Enabled:Microsoft Windows Update Platform

c:\windows\system32\Promtx.exe

\Software\Microsoft\Windows\CurrentVersion\Run

:\windows\kilinhx.txt

Promt.exe

c:\windows\system32\Promt.exe

C:\Arquivos de programas\GbPlugin\gbieh.dll

C:\Arquivos de programas\GbPlugin\gbiehcef.dll

C:\Arquivos de programas\GbPlugin\gbiehabn.dll

C:\Arquivos de programas\Scpad

C:\Arquivos de programas\Avira

C:\Arquivos de programas\Alwil Software

C:\Arquivos de programas\Avast Software

C:\Arquivos de programas\AVG

C:\Arquivos de programas\GbPlugin\gbiehuni.dll

C:\Arquivos de programas (86)\GbPlugin\gbieh.dll

C:\Arquivos de programas (86)\GbPlugin\gbiehcef.dll

C:\Arquivos de programas (86)\GbPlugin\gbiehabn.dll

C:\Arquivos de programas (86)\Scpad

C:\Arquivos de programas (86)\Avira

C:\Arquivos de programas (86)\Alwil Software

C:\Arquivos de programas (86)\Avast Software

C:\Arquivos de programas (86)\AVG

C:\Arquivos de programas (86)\GbPlugin\gbiehuni.dll

%Program Files% (86)\GbPlugin\gbieh.dll

%Program Files% (86)\GbPlugin\gbiehcef.dll

%Program Files% (86)\Scpad

%Program Files% (86)\Avira

%Program Files% (86)\Alwil Software

%Program Files% (86)\Avast Software

%Program Files% (86)\AVG

%Program Files% (86)\GbPlugin\gbiehuni.dll

%Program Files%\GbPlugin\gbieh.dll

%Program Files%\GbPlugin\gbiehcef.dll

%Program Files%\GbPlugin\gbiehabn.dll

%Program Files%\Scpad

%Program Files%\Avira

%Program Files%\Alwil Software

%Program Files%\Avast Software

%Program Files%\AVG

%Program Files%\GbPlugin\gbiehuni.dll

%WinDir%\Downloaded Program Files\uni.gpc

hXXp://blogsurfistinha.com.br/act/leo.php

WindowsLive:name=*

:\windows\loginz.txt

PTF.dobler.com.br

?456789:;<=

!"#$%&'()* ,-./0123

user32.dll

GetKeyboardType

advapi32.dll

RegOpenKeyExA

RegCloseKey

RegFlushKey

RegCreateKeyExA

RegCreateKeyA

WinExec

GetWindowsDirectoryA

GetCPInfo

version.dll

gdi32.dll

SetViewportOrgEx

UnhookWindowsHookEx

SetWindowsHookExA

MsgWaitForMultipleObjects

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextA

ExitWindowsEx

EnumWindows

EnumThreadWindows

ActivateKeyboardLayout

>%?*?8?[?

7,7!8>899

0 11U1s1z1

8 8$8(8,8084888

1,2]6

45r5

;";1;;;@;\;

1%2u2

5]5v5

0 0,000>0`0

333333333333333333

33333833

3333333333333338

:*"*"$3338

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

WIdFTP

KWindows

IdTCPStream

0IdHTTPHeaderInfo

 IdTCPServer

UrlMon

HorzScrollBar.Position

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

Lines.Strings

ProxyParams.BasicAuthentication

ProxyParams.ProxyPort

Request.ContentLength

Request.ContentRangeEnd

Request.ContentRangeStart

Request.ContentType

Request.Accept

Request.BasicAuthentication

Request.UserAgent

&Mozilla/3.0 (compatible; Indy Library)

ProxySettings.ProxyType

ProxySettings.Port

<assemblyIdentity version="1.0.0.0"

<requestedExecutionLevel

Could not load root certificate.

Could not load certificate.#Could not load key, check password.

SSL status: "%s"

Command not supported.

Address type not supported.$Error accepting connection with SSL.

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

Starting FTP transfer

%s is not a valid service.

Socket Error # %d

Operation would block.

Operation now in progress.

Operation already in progress.

Socket operation on non-socket.

Invalid Port Range (%d - %d)

Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Connecting to %s.

Chunk StartedDThis authentication method is already registered with class name %s.

Unknown FTP listing format

No help keyword specified.

Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.

File "%s" not found1Only one TIdAntiFreeze can exist per application.

No data to read.$Can not bind in port range (%d - %d)

Unable to insert a line Clipboard does not support Icons

Text exceeds memo capacity/Menu '%s' is already being used by another form

Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count"Unable to find a Table of Contents

No help found for %s

Unsupported clipboard format

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Failed to set data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Thread creation error: %s

Thread Error: %s (%d)

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot open file "%s". %s

Invalid stream format$''%s'' is not a valid component name

Invalid property value List capacity out of bounds (%d)

Ancestor for '%s' not found

Cannot assign a %s to a %s

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

Invalid variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

External exception %x

Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

!'%s' is not a valid integer value!'%s' is not a valid date and time

I/O error %d

1.0.0.0

Promtrx.exe_1480:

.idata

.rdata

P.reloc

P.rsrc

kernel32.dll

Windows

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

u%CNu

%s_%d

EInvalidGraphicOperation

USER32.DLL

comctl32.dll

uxtheme.dll

MAPI32.DLL

ssHorizontal

OnKeyDown

OnKeyPress

OnKeyUp

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

TKeyEvent

TKeyPressEvent

HelpKeyword

crSQLWait

%s (%s)

imm32.dll

AutoHotkeys

AutoHotkeys@

Uh.PD

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview

WindowState$

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

WS2_32.DLL

TIdSocketListWindows

TIdStackWindowsU

IdStackWindows

password

Password

1234567890

:\WINDOWS\system32\drivers\AX

:\windows\system32\

\Software\Microsoft\Windows\CurrentVersion\Run

?456789:;<=

!"#$%&'()* ,-./0123

user32.dll

GetKeyboardType

advapi32.dll

RegOpenKeyExA

RegCloseKey

RegFlushKey

RegCreateKeyExA

GetWindowsDirectoryA

GetCPInfo

version.dll

gdi32.dll

SetViewportOrgEx

UnhookWindowsHookEx

SetWindowsHookExA

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextA

EnumWindows

EnumThreadWindows

ActivateKeyboardLayout

comdlg32.dll

= =&=.=9=

8": :2;;;

1#1'1 1/1

; ;$;(;,;0;4;

3"3&3*303

7 787@7\7

00D0I0V0

: :$:(:,:

1%1x1

.text

h.rdata

H.data

.reloc

NTOSKRNL.EXE

333333333333333333

33333833

3333333333333338

:*"*"$3338

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

IdHTTP

KWindows

0IdHTTPHeaderInfo

 IdTCPServer

IdTCPConnection

IdTCPStream

IdTCPClient

UrlMon

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

Lines.Strings

KeBugCheckEx ntoskrnl.exe

HidRegisterMinidriver HIDCLASS.SYS

<USBD_CreateConfigurationRequestEx USBD.SYS

0 4 0 9 0 4

<assemblyIdentity version="1.0.0.0"

<requestedExecutionLevel

\??\C:\Arquivos de programas\Scpad\sshib.dll

\??\C:\Arquivos de programas\Scpad\scpVista.exe

\??\C:\Arquivos de programas\Scpad\scpIBCfg.bin

\??\c:\Arquivos de programas\Avira\AntiVir Desktop\avscan.exe

\??\C:\Arquivos de programas\Avira\AntiVir Desktop\update.exe

\??\C:\Arquivos de programas\AVAST Software\Avast5\AvastSvc.exe

\??\C:\Arquivos de programas\AVAST Software\Avast\VisthUpd.exe

\??\C:\Arquivos de programas\AVAST Software\Avast\AvastUI.exe

\??\C:\Arquivos de programas\AVAST Software\Avast\aswUpdSv.exe

\??\C:\Arquivos de programas\Avira\AntiVir Desktop\update.dll

\??\C:\Arquivos de programas\Scpad\scpLIB.dll

\??\C:\Arquivos de programas\GbPlugin\gbieh.gmd

\??\%WinDir%\Downloaded Program Files\GbPluginUni.cab

\??\%WinDir%\Downloaded Program Files\gbiehuni.dll

\??\C:\Arquivos de programas\GbPlugin\gbpluginuni.inf

\??\C:\safassafytuytutyutyutyuytuasfaserdassdfsa\4das.df6as.656f.cd

\??\C:\Arquivos de programas\GbPlugin\gbpsv.exe

\??\C:\Arquivos de programas\GbPlugin\bb.gpc

\??\%WinDir%\Downloaded Program Files\CONFLICT.1\gbiehAbn.dll

\??\C:\Arquivos de programas\GbPlugin\gbpdist.dll

\??\C:\Arquivos de programas\AVAST Software\\Avast\ashUpd.exe

\??\C:\Arquivos de programas\AVAST Software\Avast\AvastSvc.exe

\??\C:\Arquivos de programas\AVG\AVG10\avgpp.dll

\??\C:\Arquivos de programas\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

\??\C:\Arquivos de programas\Alwil Software\Avast5\AvastUI.exe

\??\C:\Arquivos de programas\Alwil Software\Avast5\aswUpdSv.exe

\??\C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

\??\C:\Arquivos de programas\Alwil Software\Avast5\ashUpd.exe

\??\C:\Arquivos de programas\GbPlugin\gbiehcef.dll

\??\%System%\drivers\gbpkm.sys

\??\C:\Arquivos de programas\GbPlugin\gbieh.dll

\??\C:\Arquivos de programas\AVG\AVG10\avgwdsvc.exe

\??\C:\Arquivos de programas\GbPlugin\cef.gpc

\??\C:\Arquivos de programas\AVG\AVG8\avgscanx.exe

\??\C:\Arquivos de programas\AVG\AVG8\avgupd.exe

\??\C:\Arquivos de programas\Alwil Software\Avast5\VisthUpd.exe

\??\C:\safasfewtewtwetwet.coewtwetwem

\??\C:\Arquivos de programas\gbplugin\gbiehAbn.dll

\??\C:\Arquivos de programas\gbplugin\Abn.gpc

\??\%WinDir%\Downloaded Program Files\CONFLICT.1\gbiehuni.dll

\??\%WinDir%\Downloaded Program Files\uni.gpc

\??\C:\Arquivos de programas\GbPlugin\uni.gpc

\??\C:\Arquivos de programas\GbPlugin\gbiehuni.dll

\??\C:\Arquivos de programas\gbplugin\gbpkm.sys

\??\C:\Arquivos de programas\Scpad\scpsssh2.dll

\??\C:\Arquivos de programas\AVAST Software\Avast5\ashUpd.exe

\??\C:\Arquivos de programas\AVAST Software\Avast5\VisthUpd.exe

\??\%WinDir%\Downloaded Program Files\gbpluginuni.inf

\??\C:\safasfafpordd5464yuytutyutyuytf5as45sf4a4af465a\sdsdsd.com

\??\C:\Arquivos de programas\Scpad\scpMIB.dll

\??\C:\Arquivos de programas\AVG\AVG10\avgtray.exe

\??\C:\Arquivos de programas\AVAST Software\Avast5\AvastUI.exe

\??\C:\Arquivos de programas\AVAST Software\Avast5\aswUpdSv.exe

\??\%Program Files% (x86)\Scpad\sshib.dll

\??\%Program Files% (x86)\Scpad\scpVista.exe

\??\%Program Files% (x86)\Scpad\scpIBCfg.bin

\??\c:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe

\??\%Program Files% (x86)\Avira\AntiVir Desktop\update.exe

\??\%Program Files% (x86)\AVAST Software\Avast5\AvastSvc.exe

\??\%Program Files% (x86)\AVAST Software\Avast\VisthUpd.exe

\??\%Program Files% (x86)\AVAST Software\Avast\AvastUI.exe

\??\%Program Files% (x86)\AVAST Software\Avast\aswUpdSv.exe

\??\%Program Files% (x86)\Avira\AntiVir Desktop\update.dll

\??\%Program Files% (x86)\Scpad\scpLIB.dll

\??\%Program Files% (x86)\GbPlugin\gbieh.gmd

\??\%Program Files% (x86)\GbPlugin\gbpluginuni.inf

\??\%Program Files% (x86)\GbPlugin\gbpsv.exe

\??\%Program Files% (x86)\GbPlugin\bb.gpc

\??\%Program Files% (x86)\GbPlugin\gbpdist.dll

\??\%Program Files% (x86)\AVAST Software\\Avast\ashUpd.exe

\??\%Program Files% (x86)\AVAST Software\Avast\AvastSvc.exe

\??\%Program Files% (x86)\AVG\AVG10\avgpp.dll

\??\%Program Files% (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

\??\%Program Files% (x86)\Alwil Software\Avast5\AvastUI.exe

\??\%Program Files% (x86)\Alwil Software\Avast5\aswUpdSv.exe

\??\%Program Files% (x86)\Alwil Software\Avast5\AvastSvc.exe

\??\%Program Files% (x86)\Alwil Software\Avast5\ashUpd.exe

\??\%Program Files% (x86)\GbPlugin\gbiehcef.dll

\??\%Program Files% (x86)\GbPlugin\gbieh.dll

\??\%Program Files% (x86)\AVG\AVG10\avgwdsvc.exe

\??\%Program Files% (x86)\GbPlugin\cef.gpc

\??\%Program Files% (x86)\AVG\AVG8\avgscanx.exe

\??\%Program Files% (x86)\AVG\AVG8\avgupd.exe

\??\%Program Files% (x86)\Alwil Software\Avast5\VisthUpd.exe

\??\%Program Files% (x86)\gbplugin\gbiehAbn.dll

\??\%Program Files% (x86)\gbplugin\Abn.gpc

\??\%Program Files% (x86)\GbPlugin\uni.gpc

\??\%Program Files% (x86)\GbPlugin\gbiehuni.dll

\??\%Program Files% (x86)\gbplugin\gbpkm.sys

\??\%Program Files% (x86)\Scpad\scpsssh2.dll

\??\%Program Files% (x86)\AVAST Software\Avast5\ashUpd.exe

\??\%Program Files% (x86)\AVAST Software\Avast5\VisthUpd.exe

\??\%Program Files% (x86)\Scpad\scpMIB.dll

\??\%Program Files% (x86)\AVG\AVG10\avgtray.exe

\??\%Program Files% (x86)\AVAST Software\Avast5\AvastUI.exe

\??\%Program Files% (x86)\AVAST Software\Avast5\aswUpdSv.exe

\??\%Program Files%\Scpad\sshib.dll

\??\%Program Files%\Scpad\scpVista.exe

\??\%Program Files%\Scpad\scpIBCfg.bin

\??\c:\Program Files\Avira\AntiVir Desktop\avscan.exe

\??\%Program Files%\Avira\AntiVir Desktop\update.exe

\??\%Program Files%\AVAST Software\Avast5\AvastSvc.exe

\??\%Program Files%\AVAST Software\Avast\VisthUpd.exe

\??\%Program Files%\AVAST Software\Avast\AvastUI.exe

\??\%Program Files%\AVAST Software\Avast\aswUpdSv.exe

\??\%Program Files%\Avira\AntiVir Desktop\update.dll

\??\%Program Files%\Scpad\scpLIB.dll

\??\%Program Files%\GbPlugin\gbieh.gmd

\??\%Program Files%\GbPlugin\gbpluginuni.inf

\??\%Program Files%\GbPlugin\gbpsv.exe

\??\%Program Files%\GbPlugin\bb.gpc

\??\%Program Files%\GbPlugin\gbpdist.dll

\??\%Program Files%\Alwil Software\Avast5\AvastUI.exe

\??\%Program Files%\Alwil Software\Avast5\aswUpdSv.exe

\??\%Program Files%\Alwil Software\Avast5\AvastSvc.exe

\??\%Program Files%\Alwil Software\Avast5\ashUpd.exe

\??\%Program Files%\GbPlugin\gbiehcef.dll

\??\%Program Files%\GbPlugin\gbieh.dll

\??\%Program Files%\AVG\AVG10\avgwdsvc.exe

\??\%Program Files%\GbPlugin\cef.gpc

\??\%Program Files%\AVG\AVG8\avgscanx.exe

\??\%Program Files%\AVG\AVG8\avgupd.exe

\??\%Program Files%\Alwil Software\Avast5\VisthUpd.exe

\??\%Program Files%\gbplugin\gbiehAbn.dll

\??\%Program Files%\gbplugin\Abn.gpc

\??\%Program Files%\GbPlugin\uni.gpc

\??\%Program Files%\GbPlugin\gbiehuni.dll

\??\%Program Files%\gbplugin\gbpkm.sys

\??\%Program Files%\Scpad\scpsssh2.dll

\??\%Program Files%\AVAST Software\Avast5\ashUpd.exe

\??\%Program Files%\AVAST Software\Avast5\VisthUpd.exe

\??\%Program Files%\Scpad\scpMIB.dll

\??\%Program Files%\AVG\AVG10\avgtray.exe

\??\%Program Files%\AVAST Software\Avast5\AvastUI.exe

\??\%Program Files%\AVAST Software\Avast5\aswUpdSv.exe

\??\C:\Arquivos de Programas (x86)\Scpad\sshib.dll

\??\C:\Arquivos de Programas (x86)\Scpad\scpVista.exe

\??\C:\Arquivos de Programas (x86)\Scpad\scpIBCfg.bin

\??\c:\Arquivos de Programas (x86)\Avira\AntiVir Desktop\avscan.exe

\??\C:\Arquivos de Programas (x86)\Avira\AntiVir Desktop\update.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast5\AvastSvc.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast\VisthUpd.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast\AvastUI.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast\aswUpdSv.exe

\??\C:\Arquivos de Programas (x86)\Avira\AntiVir Desktop\update.dll

\??\C:\Arquivos de Programas (x86)\Scpad\scpLIB.dll

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbieh.gmd

\??\%WinDir%\Downloaded Arquivos de Programas (x86)\GbPluginUni.cab

\??\%WinDir%\Downloaded Arquivos de Programas (x86)\gbiehuni.dll

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbpluginuni.inf

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbpsv.exe

\??\C:\Arquivos de Programas (x86)\GbPlugin\bb.gpc

\??\%WinDir%\Downloaded Arquivos de Programas (x86)\CONFLICT.1\gbiehAbn.dll

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbpdist.dll

\??\C:\Arquivos de Programas (x86) (x86)\AVAST Software\\Avast\ashUpd.exe

\??\C:\Arquivos de Programas (x86) (x86)\AVAST Software\Avast\AvastSvc.exe

\??\C:\Arquivos de Programas (x86) (x86)\AVG\AVG10\avgpp.dll

\??\C:\Arquivos de Programas (x86) (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

\??\C:\Arquivos de Programas (x86)\Alwil Software\Avast5\AvastUI.exe

\??\C:\Arquivos de Programas (x86)\Alwil Software\Avast5\aswUpdSv.exe

\??\C:\Arquivos de Programas (x86)\Alwil Software\Avast5\AvastSvc.exe

\??\C:\Arquivos de Programas (x86)\Alwil Software\Avast5\ashUpd.exe

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbiehcef.dll

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbieh.dll

\??\C:\Arquivos de Programas (x86)\AVG\AVG10\avgwdsvc.exe

\??\C:\Arquivos de Programas (x86)\GbPlugin\cef.gpc

\??\C:\Arquivos de Programas (x86)\AVG\AVG8\avgscanx.exe

\??\C:\Arquivos de Programas (x86)\AVG\AVG8\avgupd.exe

\??\C:\Arquivos de Programas (x86)\Alwil Software\Avast5\VisthUpd.exe

\??\C:\Arquivos de Programas (x86)\gbplugin\gbiehAbn.dll

\??\C:\Arquivos de Programas (x86)\gbplugin\Abn.gpc

\??\%WinDir%\Downloaded Arquivos de Programas (x86)\CONFLICT.1\gbiehuni.dll

\??\%WinDir%\Downloaded Arquivos de Programas (x86)\uni.gpc

\??\C:\Arquivos de Programas (x86)\GbPlugin\uni.gpc

\??\C:\Arquivos de Programas (x86)\GbPlugin\gbiehuni.dll

\??\C:\Arquivos de Programas (x86)\gbplugin\gbpkm.sys

\??\C:\Arquivos de Programas (x86)\Scpad\scpsssh2.dll

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast5\ashUpd.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast5\VisthUpd.exe

\??\%WinDir%\Downloaded Arquivos de Programas (x86)\gbpluginuni.inf

\??\C:\Arquivos de Programas (x86)\Scpad\scpMIB.dll

\??\C:\Arquivos de Programas (x86)\AVG\AVG10\avgtray.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast5\AvastUI.exe

\??\C:\Arquivos de Programas (x86)\AVAST Software\Avast5\aswUpdSv.exe

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

%sDThis authentication method is already registered with class name %s.

%s is not a valid service.

Socket Error # %d

Operation would block.

Operation now in progress.

Operation already in progress.

Socket operation on non-socket.

No help keyword specified.

Set Size Exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Connecting to %s.

/Menu '%s' is already being used by another form

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Alt  Clipboard does not support Icons

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window

Failed to set data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Unsupported clipboard format

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates

Cannot create file "%s". %s

Cannot open file "%s". %s

Invalid stream format$''%s'' is not a valid component name

Invalid property value List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Error reading %s%s%s: %s

Ancestor for '%s' not found

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

Invalid variant operation%Invalid variant operation (%s%.8x)

%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

External exception %x

Interface not supported

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Privileged instruction(Exception %s in module %s at %p.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

!'%s' is not a valid integer value

I/O error %d

Integer overflow Invalid floating point operation

3.0.0.0

1.0.0.0

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

%original file name%.exe:376
Delete the original Dropped file.
Delete or disinfect the following files created/modified by the Dropped:

%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\promt.exe (143353 bytes)
%WinDir%\kilinhx.txt (46 bytes)
%System%\Promtx.exe (4185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\ssleay32.dll (155 bytes)
%System%\Promt.exe (67082 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\libeay32.dll (3761 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\Promtx.exe (3726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\IXP000.TMP\Promtrx.exe (3920 bytes)
%System%\drivers\AX470CF3.sys (37 bytes)
%System%\Zclear.exe (5873 bytes)
%System%\REBOOT.DC (2 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0" = "rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\IXP000.TMP\"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Promtx" = "c:\windows\system32\Promtx.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Promt" = "C:\windows\system32\Promt.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zclear" = "C:\windows\system32\Zclear.exe"
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Dropped.Generic.Banker.Delf.BD814EBE_1313f8b478

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Dropped.Generic.Banker.Delf.BD814EBE_1313f8b478

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet