[Resolvido] &nbspLogs

ennay · Maio 10, 2011

conectei um pendrive no meu pc q estava com o virus VEOUQ.EXE q contaminou o meu pen drive q tb estava na maquina, esse virus cria um monte de icone de atalho e oculta todos os arquivos do seu pen. Consegui recuperar meus arquivos e salvar meu pen, o problema é q meu pc ficou com varios problemas depois disso.

1- toda vez q ligo meu pc, ele inicia com a barra de tarefas cinza(W98) e nem adianta ir em propriedades de video só volta quando eu entro em msconfig e ativo o tema q já inicia parado.

2- meu pc ficou iniciando muiiiiiiiiito devagar leva um tempão na tela de boas vindas e ainda aparece uma barrinha branca antes de carregar o xp.

3-o avast fica "gritando"sempre q entro no ie, naum adianta a pagina q eu entre ele sempre acusa o mesmo virus. um tal de bunnylandisney..

4- já escaniei meu pc com:

avast,

combofix,

normam malware cleaner(modo de segurança)

malware bytes,

MWAV

e active scan2.0panda

alguns pegaram algumas coisas mas nenhum resolveu.

5- naum consigo fazer a restauração do sistema.coloco em qualquer data mas quando o pc reinicia ele diz q n foi possivel completar a restauração.

alguem tem ideias????

wings · Maio 10, 2011

Olá ennay

Leia a regra 2 da sala.

ennay · Maio 10, 2011

Olá ennay

Leia a regra 2 da sala.

segue o log do hijack

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:49:30, on 9/5/2011

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\explorer.exe

C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Arquivos de programas\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Arquivos de programas\Google\Google Toolbar\GoogleToolbar_32.dll

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKCU\..\Run: [swg] "C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar para &Bluetooth - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

O8 - Extra context menu item: Google Sidewiki... - res://C:\Arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: Seleção HP Smart - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\1050\Intel 32\IDriverT.exe

--

agora apareceu outro sintoma....aff

quando eu rolo a página ela fica dando umas "travadinhas"...

eu reparei q aparecem dois processos do ie...isso é normal?

wings · Maio 10, 2011

*Baixe o OTS e salve-o no desktop

*Execute-o e selecione a opção:

[x] Scan All Users

*Clique [Quick Scan] e cole o relatório apresentado

Caso o relatório fique demasiadamente grande...

*Acesse este link

*Clique [Enviar arquivo]

*Localize o arquivo OTS.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

ennay · Maio 10, 2011

Ok

http://cjoint.com/?AEkegL5zJnL

wings · Maio 10, 2011

*Selecione e copie o código abaixo:

[unregister Dlls]

[Files/Folders - Created Within 30 Days]

NY -> runouce.exe -> C:\WINDOWS\System32\runouce.exe

NY -> rundll16.exe -> C:\WINDOWS\rundll16.exe

NY -> rundl132.dll -> C:\WINDOWS\rundl132.dll

NY -> logo1_.exe -> C:\WINDOWS\logo1_.exe

NY -> eEmpty.exe -> C:\WINDOWS\System32\eEmpty.exe

[Files - No Company Name]

NY -> Lic.xxx -> C:\WINDOWS\Lic.xxx

[Files/Folders - Created Within 30 Days]

NY -> T.COM -> C:\WINDOWS\System32\T.COM

NY -> R.COM -> C:\WINDOWS\R.COM

[Empty Temp Folders]

[Reboot]

*Execute o OTS

*Clique no espaço abaixo de "Paste Fix Here", e cole o código

*Clique [Run Fix]

*O PC será reiniciado

*Cole o relatório apresentado

ennay · Maio 10, 2011

vixiii rapaz.... q susto !rsrs Meu pc n keria reiniciar d jeito nenhum!!!

Ficou travado no desktop!putz... mas foi, embora esteja lentooooooo

segue aew o log

PS.:obrigada por estar m ajudando ;)

All Processes Killed

[Files/Folders - Created Within 30 Days]

C:\WINDOWS\System32\runouce.exe folder moved successfully.

C:\WINDOWS\rundll16.exe folder moved successfully.

C:\WINDOWS\rundl132.dll folder moved successfully.

C:\WINDOWS\logo1_.exe folder moved successfully.

C:\WINDOWS\System32\eEmpty.exe moved successfully.

[Files - No Company Name]

C:\WINDOWS\Lic.xxx moved successfully.

[Files/Folders - Created Within 30 Days]

C:\WINDOWS\System32\T.COM moved successfully.

C:\WINDOWS\R.COM moved successfully.

[Empty Temp Folders]

User: Administrador

->Temp folder emptied: 140800 bytes

->Temporary Internet Files folder emptied: 13638591 bytes

->Google Chrome cache emptied: 0 bytes

->Flash cache emptied: 1205 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 65871 bytes

->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32835 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2134162 bytes

%systemroot%\System32 .tmp files removed: 351232 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 3955 bytes

RecycleBin emptied: 6544 bytes

Total Files Cleaned = 16,00 mb

< End of fix log >

OTS by OldTimer - Version 3.1.42.0 fix logfile created on 05092011_235409

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF9535.tmp not found!

File\Folder C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF9549.tmp not found!

File\Folder C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF95B8.tmp not found!

File\Folder C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF95CC.tmp not found!

File\Folder C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF961C.tmp not found!

File\Folder C:\Documents and Settings\Administrador\Configurações locais\Temp\~DF9636.tmp not found!

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\Y9FA83D1\20101229_br_shopping_shift_spring_ani15__160x600[1].html moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\Y9FA83D1\adsCAPMNEMM.htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\Y9FA83D1\search[2].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\Y9FA83D1\xmlProxy[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\SDECY19B\01[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\SDECY19B\InboxLight[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\SDECY19B\Messenger[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\SDECY19B\resourcespreload[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\SDECY19B\xd_proxy[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\QT74T3MS\LocalStorage[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\QT74T3MS\xmlProxy[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\7YTNVMAS\01[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\7YTNVMAS\adloader[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\7YTNVMAS\adsCAEN6LUS.htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\7YTNVMAS\like[1].htm moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\7YTNVMAS\page__gopid__1707638[1].txt moved successfully.

C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5\7YTNVMAS\sn102w_snt102_mail_live_com[1].htm moved successfully.

File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

C:\WINDOWS\temp\HPSLPSVC0004.log moved successfully.

Registry entries deleted on Reboot...

wings · Maio 10, 2011

1.

*Execute o OTS

*Clique [CleanUp] > [Yes]

*O PC será reiniciado

2.

*Desinstale Normam Malware Cleaner e MWAV

3.

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Execute-o e aceite o contrato

*Se o Console de Recuperação do Microsoft Windows não estiver instalado, aceite a sua instalação

*Após a instalação do Console, clique [sim] e aguarde a conclusão das etapas

*Não use o mouse nem o teclado durante as etapas, pois implicará na desconfiguração do seu desktop!

*Cole o relatório apresentado

ennay · Maio 10, 2011

segue o log do combo fix

ComboFix 11-05-09.02 - Administrador 10/05/2011 0:25.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.959.654 [GMT -3:00]

Executando de: E:\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

(((((((((((((((( Arquivos/Ficheiros criados de 2011-04-10 to 2011-05-10 ))))))))))))))))))))))))))))

.

2011-05-08 12:58 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\hidserv.dll

2011-05-08 12:58 . 2008-04-13 22:20 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

2011-05-08 12:58 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2011-05-08 12:58 . 2008-04-13 21:58 14720 ----a-w- c:\windows\system32\dllcache\kbdhid.sys

2011-05-08 12:57 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\drivers\mouhid.sys

2011-05-08 12:57 . 2001-09-06 02:20 12288 ----a-w- c:\windows\system32\dllcache\mouhid.sys

2011-05-06 13:35 . 2011-05-10 03:11 -------- d-----w- c:\arquivos de programas\Panda Security

2011-05-06 13:13 . 2011-05-08 13:02 -------- d-----w- C:\UsbFix

2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\Malwarebytes

2011-05-05 16:42 . 2010-12-20 21:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

2011-05-05 16:42 . 2011-05-05 16:42 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2011-05-05 16:42 . 2010-12-20 21:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-05 12:02 . 2011-05-05 12:02 -------- d-----w- c:\documents and settings\Administrador\Dados de aplicativos\FrostWire

2011-05-05 12:02 . 2011-05-05 12:02 -------- d-----w- c:\arquivos de programas\FrostWire

2011-05-05 11:55 . 2011-05-05 16:16 -------- d-sh--w- c:\documents and settings\Administrador\datsystem

2011-05-04 18:59 . 2011-05-06 20:53 -------- d-sh--w- c:\documents and settings\Administrador\Tracing

2011-05-04 18:58 . 2011-05-04 18:58 -------- d-----w- c:\arquivos de programas\Microsoft

2011-05-04 18:58 . 2011-05-04 18:58 -------- d-----w- c:\arquivos de programas\Windows Live SkyDrive

2011-05-04 18:58 . 2011-05-04 18:58 -------- d-----w- c:\arquivos de programas\Windows Live

2011-04-11 16:31 . 2011-04-11 16:31 -------- d-sh--w- c:\documents and settings\Administrador\Bluetooth Software

2011-04-11 16:20 . 2011-04-11 16:20 -------- d-----w- c:\arquivos de programas\Software WIDCOMM

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-09 01:26 . 2011-05-09 01:25 6445602 ----a-w- c:\windows\REGBK00.ZIP

2011-05-08 13:02 . 2011-05-06 19:56 6406042 ----a-w- C:\UsbFix_Upload_Me_ROBERTO.zip

.

------- Sigcheck -------

.

[-] 2007-09-02 17:20 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-25 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\arquiv~1\ALWILS~1\Avast5\avastUI.exe" [2011-01-13 3396624]

"VTTimer"="VTTimer.exe" [2005-03-08 53248]

"VTTrayp"="VTtrayp.exe" [2005-11-01 163840]

"SoundMan"="SOUNDMAN.EXE" [2006-11-17 577536]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_2"="shell32" [X]

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^BTTray.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\BTTray.lnk

backup=c:\windows\pss\BTTray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-10-03 07:08 35696 ----a-w- c:\arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]

2007-05-08 19:24 54840 ----a-w- c:\arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]

2007-08-22 18:31 80896 ----a-w- c:\arquivos de programas\HP\Digital Imaging\bin\HpqSRmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]

2007-07-21 21:39 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2001-07-09 14:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]

2007-07-21 21:40 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]

2007-07-21 21:40 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"RemoteRegistry"=2 (0x2)

"Netlogon"=3 (0x3)

"WZCSVC"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Google\\Google Earth\\client\\googleearth.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\IVT Corporation\\BlueSoleil\\BlueSoleil_.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

.

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/6/2010 15:38 294608]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/6/2010 15:38 17744]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [20/6/2010 15:38 136176]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\arquivos de programas\Google\Update\GoogleUpdate.exe [20/6/2010 15:38 136176]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

HPService REG_MULTI_SZ HPSLPSVC

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc069ff4e7fbf4.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-20 18:38]

.

2011-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\arquivos de programas\Google\Update\GoogleUpdate.exe [2010-06-20 18:38]

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/webhp?sourceid=navclient&hl=pt-BR&ie=UTF-8

uDefault_Search_URL = hxxp://www.google.com

mStart Page = about:blank

mSearch bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~1\Office12\EXCEL.EXE/3000

IE: Enviar para &Bluetooth - c:\arquivos de programas\Software WIDCOMM\Bluetooth\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\arquivos de programas\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-05-10 00:35

Windows 5.1.2600 Service Pack 3 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: WDC_WD800BB-22JHC0 rev.05.01C05 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12

.

device: opened successfully

user: MBR read successfully

error: Read Um dispositivo conectado ao sistema não está funcionando.

kernel: MBR read successfully

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x862B253B

user & kernel MBR OK

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-776561741-1606980848-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,70,6d,4e,57,2b,0e,4d,92,c8,93,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,70,6d,4e,57,2b,0e,4d,92,c8,93,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'winlogon.exe'(664)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'lsass.exe'(724)

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(3300)

c:\windows\system32\WININET.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\wpdshserviceobj.dll

c:\windows\system32\portabledevicetypes.dll

c:\windows\system32\portabledeviceapi.dll

.

Tempo para conclusão: 2011-05-10 00:40:43

ComboFix-quarantined-files.txt 2011-05-10 03:40

.

Pré-execução: 9 pasta(s) 53.731.332.096 bytes disponíveis

Pós execução: 10 pasta(s) 53.716.209.664 bytes disponíveis

.

- - End Of File - - F7AEA6E10E5C1B6047015D31F9E621E4

wings · Maio 10, 2011

OK...log limpo.

1.

*Baixe o DelFix e salve-o no desktop

*Execute-o e clique [suppression]

*Cole o relatório apresentado

ennay · Maio 10, 2011

mais uma vez, obrigada por estar ajudando!

como você pediu segue o log do del fix

# DelFix v7.7B - Rapport créé le 10/05/2011 à 18:10

# Mis à jour le 15/04/11 à 19h30 par Xplode

# Système d'exploitation : Microsoft Windows XP (32 bits) [versÆo 5.1.2600] Service Pack 3

# Nom d'utilisateur : Administrador - ROBERTO (Administrateur)

# Exécuté depuis : C:\Documents and Settings\Administrador\Desktop\DelFix.exe

# Option [suppression]

~~~~~~ Dossier(s) ~~~~~~

-> C:\Qoobox\BackEnv ... ACL modifié avec succès.

Supprimé : C:\Qoobox

-> C:\Qoobox\BackEnv ... ACL modifié avec succès.

Supprimé : C:\USBFix

~~~~~~ Fichier(s) ~~~~~~

Supprimé : C:\ComboFix.txt

Supprimé : C:\UsbFix.txt

Supprimé : C:\UsbFix_Upload_Me_ROBERTO.zip

Supprimé : C:\WINDOWS\grep.exe

Supprimé : C:\WINDOWS\PEV.exe

Supprimé : C:\WINDOWS\NIRCMD.exe

Supprimé : C:\WINDOWS\MBR.exe

Supprimé : C:\WINDOWS\sed.exe

Supprimé : C:\WINDOWS\SWREG.exe

Supprimé : C:\WINDOWS\SWSC.exe

Supprimé : C:\WINDOWS\SWXCACLS.exe

Supprimé : C:\WINDOWS\zip.exe

Supprimé : C:\Documents and Settings\Administrador\Desktop\UsbFix.exe

Supprimé : C:\Documents and Settings\Administrador\Desktop\HijackThis.exe

~~~~~~ Registre ~~~~~~

Clé Supprimée : HKCU\SOFTWARE\USBFix

Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cfxxe

Clé Supprimée : HKLM\Software\Classes\.cfxxe

Clé Supprimée : HKLM\Software\Classes\cfxxefile

Clé Supprimée : HKLM\Software\TrendMicro\Hijackthis

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\USBFix

Clé Supprimée : HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

ACL [0] -> [7] & Clé Supprimée : HKLM\SOFTWARE\Swearware

~~~~~~ Autre ~~~~~~

-> Prefetch vidé

########## EOF - "C:\DelFixSuppr.txt" - [1785 octets] ##########

meu pc continua dando umas travadinhas quando eu rolo a pagina...pq será?

wings · Maio 11, 2011

1.

*Execute o DelFix e clique [Désinstallation]

2.

*Ative novamente o seu antivírus

3.

*Baixe o ATF Cleaner e salve-o no desktop

*Execute-o

*Selecione:

[X] Select All

*Clique [Empty Selected]

*Feche o ATF-Cleaner

4.

*Baixe e instale o CCleaner

*Clique [Executar Limpeza]

*Clique [Registro] -> [Procurar erros] -> [Corrigir Erros Selecionados] -> [Corrigir Todos os Erros Selecionados]

*Feche o CCleaner

5.

*Clique com o botão direito do mouse em Meu Computador e selecione Propriedades

*Clique em Restauração do Sistema

*Selecione a opção:

[X] Desativar Restauração do Sistema

*Clique [Aplicar] > [sim] > [OK]

6.

*Ative novamente a Restauração do Sistema pelo mesmo caminho acima descrito

O PC está limpo.

Um abraço. :)

ennay · Maio 11, 2011

vlw wings pela força! ;)

Meu pc tá um pouco melhor...porém a barra de tarefa continua com o estilo do w98 :( e o avast agora tá "gritando" um rootkit... Se meu pc tá limpo, você pode me dar uma sugestão do que eu possa fazer para minha barra de tarefa voltar azul? em propriedades de video nem aparece a opção de mudar para xp...Quando reinicio o pc agora, antes de aparecer a barra de carregamento do xp, aparece aquela tela onde escolho que sistema operacional quero entrar... muito doido esse pc ficou... se tiver uma sugestão agradeço-lhe!!!

wings · Maio 11, 2011

1.

*Baixe o GMER e salve-o no desktop

*Crie uma pasta chamada GMER em C:\ e extraia para lá

*Desative temporariamente o antivírus

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Feche todos os programas ativos, inclusive o seu navegador

*Execute-o

*Caso receba a mensagem de atividade de rootkit e se deseja fazer um scan, clique [NÃO]

Na coluna da direita, desmarque:

[] IAT/EAT

[] Show All

*Clique [scan] e aguarde o término

*Clique [save...] e salve no desktop

*Cole o relatório

ennay · Maio 11, 2011

pelo q entendi o GMER encontrou algo pq disse q axou algo no system

GMER 1.0.15.15627 - http://www.gmer.net

Rootkit scan 2011-05-11 17:32:47

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort2 WDC_WD800BB-22JHC0 rev.05.01C05

Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\kgrdrpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF5A53202]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF5AB9CB2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF5A776C1]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF5A5581C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF5A55874]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF5A5598A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF5A77075]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF5A55772]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF5A558C4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF5A557C6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF5A55938]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF5A53226]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF5A77D87]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF5A7803D]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF5A55C0E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF5A77BF2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF5A77A5D]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF5AB9D62]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF5A52FF0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF5A5324A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF5A55D82]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF5A53CDA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF5A5584C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF5A5589C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF5A559B4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF5A773D1]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF5A5579E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF5A55A46]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF5A55904]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF5A557F4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF5A55B2A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF5A55962]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF5AB9DFA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF5A778D8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF5A53BA0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF5A7772A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF5AC2E48]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF5A766E8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF5A5326E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF5A53292]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF5A5304A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF5A53186]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF5A77E8E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF5A53162]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF5A531AA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF5A532B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF5ACF902]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 37C 804E29E8 4 Bytes [E8, 66, A7, F5]

PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F5ACCD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B8E8 4 Bytes CALL F5A54335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP F5ACF906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP F5ACB2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

.text win32k.sys!EngFreeUserMem + 674 BF809952 5 Bytes JMP F5A56CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSurface + 45 BF813941 5 Bytes JMP F5A56BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E7C2 5 Bytes JMP F5A55E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngSetLastError + 7AAB BF82BB0A 5 Bytes JMP F5A55F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 2C80 BF83D688 5 Bytes JMP F5A56E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 4722 BF83F12A 5 Bytes JMP F5A57040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!FONTOBJ_pxoGetXform + 105F1 BF85F745 5 Bytes JMP F5A561AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!FONTOBJ_pxoGetXform + 1067C BF85F7D0 5 Bytes JMP F5A56352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!FONTOBJ_pxoGetXform + 12296 BF8613EA 5 Bytes JMP F5A56B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBlt + 35C1 BF8656FF 5 Bytes JMP F5A56C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 411E BF87D9BF 5 Bytes JMP F5A5632A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGradientFill + 3AA1 BF89F596 5 Bytes JMP F5A56D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMultiByteToWideChar + 2F30 BF8AD40B 5 Bytes JMP F5A55E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngTextOut + 1093 BF8B91FD 5 Bytes JMP F5A55FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngTextOut + 7558 BF8BF6C2 5 Bytes JMP F5A56F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngAlphaBlend + 3E8 BF8C3233 5 Bytes JMP F5A5606A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1517 BF8EB872 5 Bytes JMP F5A560DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1797 BF8EBAF2 5 Bytes JMP F5A56114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9928 5 Bytes JMP F5A55DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 1A0A BF9135D6 5 Bytes JMP F5A55F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 25DE BF9141AA 5 Bytes JMP F5A56034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 4F3D BF916B09 5 Bytes JMP F5A5646C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPlgBlt + 190E BF944A89 5 Bytes JMP F5A56EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[128] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[128] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[128] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[128] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00301014

.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00300804

.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00300A08

.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00300C0C

.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00300E10

.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003001F8

.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003003FC

.text C:\WINDOWS\system32\svchost.exe[128] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00300600

.text C:\WINDOWS\system32\svchost.exe[128] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804

.text C:\WINDOWS\system32\svchost.exe[128] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

.text C:\WINDOWS\system32\svchost.exe[128] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600

.text C:\WINDOWS\system32\svchost.exe[128] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8

.text C:\WINDOWS\system32\svchost.exe[128] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

.text C:\WINDOWS\system32\svchost.exe[192] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[192] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[192] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[192] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00301014

.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00300804

.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00300A08

.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00300C0C

.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00300E10

.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003001F8

.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003003FC

.text C:\WINDOWS\system32\svchost.exe[192] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00300600

.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804

.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600

.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8

.text C:\WINDOWS\system32\svchost.exe[192] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003B1014

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003B0804

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003B0A08

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003B0C0C

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003B0E10

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003B01F8

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003B03FC

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003B0600

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003C0804

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003C0A08

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003C0600

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003C01F8

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[328] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003C03FC

.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[416] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[416] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00301014

.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00300804

.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00300A08

.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00300C0C

.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00300E10

.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003001F8

.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003003FC

.text C:\WINDOWS\system32\svchost.exe[416] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00300600

.text C:\WINDOWS\system32\svchost.exe[416] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804

.text C:\WINDOWS\system32\svchost.exe[416] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

.text C:\WINDOWS\system32\svchost.exe[416] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600

.text C:\WINDOWS\system32\svchost.exe[416] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8

.text C:\WINDOWS\system32\svchost.exe[416] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

.text C:\WINDOWS\system32\svchost.exe[452] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[452] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[452] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[452] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00301014

.text C:\WINDOWS\system32\svchost.exe[452] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00300804

.text C:\WINDOWS\system32\svchost.exe[452] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00300A08

.text C:\WINDOWS\system32\svchost.exe[452] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00300C0C

.text C:\WINDOWS\system32\svchost.exe[452] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00300E10

.text C:\WINDOWS\system32\svchost.exe[452] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003001F8

.text C:\WINDOWS\system32\svchost.exe[452] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003003FC

.text C:\WINDOWS\system32\svchost.exe[452] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00300600

.text C:\WINDOWS\system32\svchost.exe[452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804

.text C:\WINDOWS\system32\svchost.exe[452] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

.text C:\WINDOWS\system32\svchost.exe[452] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600

.text C:\WINDOWS\system32\svchost.exe[452] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8

.text C:\WINDOWS\system32\svchost.exe[452] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

.text C:\WINDOWS\System32\svchost.exe[480] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\svchost.exe[480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[480] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00301014

.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00300804

.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00300A08

.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00300C0C

.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00300E10

.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003001F8

.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003003FC

.text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00300600

.text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804

.text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

.text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600

.text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8

.text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[528] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\svchost.exe[528] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00301014

.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00300804

.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00300A08

.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00300C0C

.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00300E10

.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003001F8

.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003003FC

.text C:\WINDOWS\System32\svchost.exe[528] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00300600

.text C:\WINDOWS\System32\svchost.exe[528] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804

.text C:\WINDOWS\System32\svchost.exe[528] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

.text C:\WINDOWS\System32\svchost.exe[528] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600

.text C:\WINDOWS\System32\svchost.exe[528] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8

.text C:\WINDOWS\System32\svchost.exe[528] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

.text C:\WINDOWS\System32\smss.exe[608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000701F8

.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000703FC

.text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002E1014

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002E0804

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002E0A08

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002E0C0C

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002E0E10

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002E01F8

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002E03FC

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002E0600

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002F0804

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002F0A08

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002F0600

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002F01F8

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002F03FC

.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002E1014

.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002E0804

.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002E0A08

.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002E0C0C

.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002E0E10

.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002E01F8

.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002E03FC

.text C:\WINDOWS\system32\services.exe[756] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002E0600

.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002F0804

.text C:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002F0A08

.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002F0600

.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002F01F8

.text C:\WINDOWS\system32\services.exe[756] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002F03FC

.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002E1014

.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002E0804

.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002E0A08

.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002E0C0C

.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002E0E10

.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002E01F8

.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002E03FC

.text C:\WINDOWS\system32\lsass.exe[768] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002E0600

.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002F0804

.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002F0A08

.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002F0600

.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002F01F8

.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002F03FC

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003A1014

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003A0804

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003A0A08

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003A0C0C

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003A0E10

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003A01F8

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003A03FC

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003A0600

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003B0804

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003B0A08

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003B0600

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003B01F8

.text C:\Arquivos de programas\Windows Live\Messenger\msnmsgr.exe[828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003B03FC

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00301014

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00300804

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00300A08

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00300C0C

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00300E10

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003001F8

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003003FC

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00300600

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00301014

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00300804

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00300A08

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00300C0C

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00300E10

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003001F8

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003003FC

.text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00300600

.text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804

.text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

.text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600

.text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8

.text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00301014

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00300804

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00300A08

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00300C0C

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00300E10

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003001F8

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003003FC

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00300600

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8

.text C:\Arquivos de programas\Windows Live\Contacts\wlcomm.exe[1068] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C7000A

.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C8000A

.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C6000C

.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[1304] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00361014

.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00360804

.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00360A08

.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00360C0C

.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00360E10

.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003601F8

.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003603FC

.text C:\WINDOWS\Explorer.EXE[1304] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00360600

.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00370804

.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00370A08

.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00370600

.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003701F8

.text C:\WINDOWS\Explorer.EXE[1304] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003703FC

.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1556] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00301014

.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00300804

.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00300A08

.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00300C0C

.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00300E10

.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003001F8

.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003003FC

.text C:\WINDOWS\system32\svchost.exe[1556] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00300600

.text C:\WINDOWS\system32\svchost.exe[1556] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804

.text C:\WINDOWS\system32\svchost.exe[1556] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

.text C:\WINDOWS\system32\svchost.exe[1556] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600

.text C:\WINDOWS\system32\svchost.exe[1556] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8

.text C:\WINDOWS\system32\svchost.exe[1556] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00301014

.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00300804

.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00300A08

.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00300C0C

.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00300E10

.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003001F8

.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003003FC

.text C:\WINDOWS\system32\svchost.exe[1592] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00300600

.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804

.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600

.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8

.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0076000A

.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00A8000A

.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0075000C

.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1608] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00301014

.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00300804

.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00300A08

.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00300C0C

.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00300E10

.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003001F8

.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003003FC

.text C:\WINDOWS\System32\svchost.exe[1608] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00300600

.text C:\WINDOWS\System32\svchost.exe[1608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804

.text C:\WINDOWS\System32\svchost.exe[1608] USER32.dll!GetCursorPos 7E37974E 5 Bytes JMP 027F000A

.text C:\WINDOWS\System32\svchost.exe[1608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08

.text C:\WINDOWS\System32\svchost.exe[1608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600

.text C:\WINDOWS\System32\svchost.exe[1608] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8

.text C:\WINDOWS\System32\svchost.exe[1608] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC

.text C:\WINDOWS\System32\svchost.exe[1608] ole32.dll!CoCreateInstance 774E057E 5 Bytes JMP 00FA000A

.text C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe[1724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe[1724] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe[1724] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[2024] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\spoolsv.exe[2024] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[2024] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\spoolsv.exe[2024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002E1014

.text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002E0804

.text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002E0A08

.text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002E0C0C

.text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002E0E10

.text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002E01F8

.text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002E03FC

.text C:\WINDOWS\system32\spoolsv.exe[2024] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002E0600

.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002F0804

.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002F0A08

.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002F0600

.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002F01F8

.text C:\WINDOWS\system32\spoolsv.exe[2024] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002F03FC

.text C:\WINDOWS\System32\alg.exe[2196] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\alg.exe[2196] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[2196] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\alg.exe[2196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[2196] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002E0804

.text C:\WINDOWS\System32\alg.exe[2196] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002E0A08

.text C:\WINDOWS\System32\alg.exe[2196] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002E0600

.text C:\WINDOWS\System32\alg.exe[2196] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002E01F8

.text C:\WINDOWS\System32\alg.exe[2196] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002E03FC

.text C:\WINDOWS\System32\alg.exe[2196] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002F1014

.text C:\WINDOWS\System32\alg.exe[2196] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002F0804

.text C:\WINDOWS\System32\alg.exe[2196] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002F0A08

.text C:\WINDOWS\System32\alg.exe[2196] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002F0C0C

.text C:\WINDOWS\System32\alg.exe[2196] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002F0E10

.text C:\WINDOWS\System32\alg.exe[2196] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002F01F8

.text C:\WINDOWS\System32\alg.exe[2196] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002F03FC

.text C:\WINDOWS\System32\alg.exe[2196] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002F0600

.text C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe[2684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe[2684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\VTTimer.exe[2700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8

.text C:\WINDOWS\system32\VTTimer.exe[2700] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\VTTimer.exe[2700] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC

.text C:\WINDOWS\system32\VTTimer.exe[2700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\VTTimer.exe[2700] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003B1014

.text C:\WINDOWS\system32\VTTimer.exe[2700] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003B0804

.text C:\WINDOWS\system32\VTTimer.exe[2700] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003B0A08

.text C:\WINDOWS\system32\VTTimer.exe[2700] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003B0C0C

.text C:\WINDOWS\system32\VTTimer.exe[2700] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003B0E10

.text C:\WINDOWS\system32\VTTimer.exe[2700] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003B01F8

.text C:\WINDOWS\system32\VTTimer.exe[2700] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003B03FC

.text C:\WINDOWS\system32\VTTimer.exe[2700] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003B0600

.text C:\WINDOWS\system32\VTTimer.exe[2700] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003C0804

.text C:\WINDOWS\system32\VTTimer.exe[2700] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003C0A08

.text C:\WINDOWS\system32\VTTimer.exe[2700] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003C0600

.text C:\WINDOWS\system32\VTTimer.exe[2700] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003C01F8

.text C:\WINDOWS\system32\VTTimer.exe[2700] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003C03FC

.text C:\WINDOWS\system32\VTtrayp.exe[2724] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8

.text C:\WINDOWS\system32\VTtrayp.exe[2724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\VTtrayp.exe[2724] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC

.text C:\WINDOWS\system32\VTtrayp.exe[2724] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\VTtrayp.exe[2724] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003C0804

.text C:\WINDOWS\system32\VTtrayp.exe[2724] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003C0A08

.text C:\WINDOWS\system32\VTtrayp.exe[2724] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003C0600

.text C:\WINDOWS\system32\VTtrayp.exe[2724] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003C01F8

.text C:\WINDOWS\system32\VTtrayp.exe[2724] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003C03FC

.text C:\WINDOWS\system32\VTtrayp.exe[2724] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003D1014

.text C:\WINDOWS\system32\VTtrayp.exe[2724] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003D0804

.text C:\WINDOWS\system32\VTtrayp.exe[2724] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003D0A08

.text C:\WINDOWS\system32\VTtrayp.exe[2724] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003D0C0C

.text C:\WINDOWS\system32\VTtrayp.exe[2724] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003D0E10

.text C:\WINDOWS\system32\VTtrayp.exe[2724] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003D01F8

.text C:\WINDOWS\system32\VTtrayp.exe[2724] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003D03FC

.text C:\WINDOWS\system32\VTtrayp.exe[2724] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003D0600

.text C:\WINDOWS\SOUNDMAN.EXE[2816] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8

.text C:\WINDOWS\SOUNDMAN.EXE[2816] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\SOUNDMAN.EXE[2816] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC

.text C:\WINDOWS\SOUNDMAN.EXE[2816] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\SOUNDMAN.EXE[2816] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003B0804

.text C:\WINDOWS\SOUNDMAN.EXE[2816] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003B0A08

.text C:\WINDOWS\SOUNDMAN.EXE[2816] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003B0600

.text C:\WINDOWS\SOUNDMAN.EXE[2816] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003B01F8

.text C:\WINDOWS\SOUNDMAN.EXE[2816] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003B03FC

.text C:\WINDOWS\SOUNDMAN.EXE[2816] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003C1014

.text C:\WINDOWS\SOUNDMAN.EXE[2816] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003C0804

.text C:\WINDOWS\SOUNDMAN.EXE[2816] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003C0A08

.text C:\WINDOWS\SOUNDMAN.EXE[2816] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003C0C0C

.text C:\WINDOWS\SOUNDMAN.EXE[2816] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003C0E10

.text C:\WINDOWS\SOUNDMAN.EXE[2816] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003C01F8

.text C:\WINDOWS\SOUNDMAN.EXE[2816] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003C03FC

.text C:\WINDOWS\SOUNDMAN.EXE[2816] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003C0600

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003C1014

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003C0804

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003C0A08

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003C0C0C

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003C0E10

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003C01F8

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003C03FC

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003C0600

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00A00804

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00A00A08

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00A00600

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00A001F8

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00A003FC

.text C:\WINDOWS\system32\ctfmon.exe[2864] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8

.text C:\WINDOWS\system32\ctfmon.exe[2864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[2864] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC

.text C:\WINDOWS\system32\ctfmon.exe[2864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[2864] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00361014

.text C:\WINDOWS\system32\ctfmon.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00360804

.text C:\WINDOWS\system32\ctfmon.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00360A08

.text C:\WINDOWS\system32\ctfmon.exe[2864] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00360C0C

.text C:\WINDOWS\system32\ctfmon.exe[2864] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00360E10

.text C:\WINDOWS\system32\ctfmon.exe[2864] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003601F8

.text C:\WINDOWS\system32\ctfmon.exe[2864] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003603FC

.text C:\WINDOWS\system32\ctfmon.exe[2864] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00360600

.text C:\WINDOWS\system32\ctfmon.exe[2864] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00370804

.text C:\WINDOWS\system32\ctfmon.exe[2864] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00370A08

.text C:\WINDOWS\system32\ctfmon.exe[2864] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00370600

.text C:\WINDOWS\system32\ctfmon.exe[2864] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003701F8

.text C:\WINDOWS\system32\ctfmon.exe[2864] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003703FC

.text C:\gmer\gmer.exe[3992] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8

.text C:\gmer\gmer.exe[3992] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\gmer\gmer.exe[3992] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC

.text C:\gmer\gmer.exe[3992] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\gmer\gmer.exe[3992] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003C1014

.text C:\gmer\gmer.exe[3992] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003C0804

.text C:\gmer\gmer.exe[3992] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003C0A08

.text C:\gmer\gmer.exe[3992] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003C0C0C

.text C:\gmer\gmer.exe[3992] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003C0E10

.text C:\gmer\gmer.exe[3992] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003C01F8

.text C:\gmer\gmer.exe[3992] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003C03FC

.text C:\gmer\gmer.exe[3992] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003C0600

.text C:\gmer\gmer.exe[3992] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00AB0804

.text C:\gmer\gmer.exe[3992] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00AB0A08

.text C:\gmer\gmer.exe[3992] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00AB0600

.text C:\gmer\gmer.exe[3992] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00AB01F8

.text C:\gmer\gmer.exe[3992] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00AB03FC

.text C:\WINDOWS\system32\wscntfy.exe[4032] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\wscntfy.exe[4032] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\wscntfy.exe[4032] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\wscntfy.exe[4032] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\wscntfy.exe[4032] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804

.text C:\WINDOWS\system32\wscntfy.exe[4032] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08

.text C:\WINDOWS\system32\wscntfy.exe[4032] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600

.text C:\WINDOWS\system32\wscntfy.exe[4032] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8

.text C:\WINDOWS\system32\wscntfy.exe[4032] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC

.text C:\WINDOWS\system32\wscntfy.exe[4032] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00311014

.text C:\WINDOWS\system32\wscntfy.exe[4032] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00310804

.text C:\WINDOWS\system32\wscntfy.exe[4032] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00310A08

.text C:\WINDOWS\system32\wscntfy.exe[4032] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00310C0C

.text C:\WINDOWS\system32\wscntfy.exe[4032] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00310E10

.text C:\WINDOWS\system32\wscntfy.exe[4032] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003101F8

.text C:\WINDOWS\system32\wscntfy.exe[4032] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003103FC

.text C:\WINDOWS\system32\wscntfy.exe[4032] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00310600

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 862CE53B

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 862CE53B

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 862CE53B

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 862CE53B

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T0L0-12 862CE53B

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP3T0L0-7 862CE53B

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----

wings · Maio 11, 2011

*Baixe o TDSSKiller e salve-o no desktop

*Execute o TDSSKiller e clique [start scan]

Decisões à serem tomadas:

*Caso encontre contaminação clique na opção apresentada: [Cure] ou [Delete]

*Caso encontre algum arquivo suspeito, clique na opção apresentada: [skip]

*Ao término, clique [Continue]. Se a reinicialização for necessária, clique [Reboot Now]

*Cole o relatório C:\TDSSKiller.versão_data_hora_log.txt

*Caso não seja solicitada a reinicialização, clique [Report] e cole o relatório

ennay · Maio 12, 2011

bom dia , wings!

segue o log

2011/05/12 08:45:53.0515 2420 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16

2011/05/12 08:45:55.0531 2420 ================================================================================

2011/05/12 08:45:55.0531 2420 SystemInfo:

2011/05/12 08:45:55.0531 2420

2011/05/12 08:45:55.0531 2420 OS Version: 5.1.2600 ServicePack: 3.0

2011/05/12 08:45:55.0531 2420 Product type: Workstation

2011/05/12 08:45:55.0531 2420 ComputerName: ROBERTO

2011/05/12 08:45:55.0531 2420 UserName: Administrador

2011/05/12 08:45:55.0531 2420 Windows directory: C:\WINDOWS

2011/05/12 08:45:55.0531 2420 System windows directory: C:\WINDOWS

2011/05/12 08:45:55.0531 2420 Processor architecture: Intel x86

2011/05/12 08:45:55.0531 2420 Number of processors: 1

2011/05/12 08:45:55.0531 2420 Page size: 0x1000

2011/05/12 08:45:55.0531 2420 Boot type: Normal boot

2011/05/12 08:45:55.0531 2420 ================================================================================

2011/05/12 08:45:56.0093 2420 Initialize success

2011/05/12 08:46:00.0656 1232 ================================================================================

2011/05/12 08:46:00.0656 1232 Scan started

2011/05/12 08:46:00.0656 1232 Mode: Manual;

2011/05/12 08:46:00.0656 1232 ================================================================================

2011/05/12 08:46:02.0234 1232 Aavmker4 (3f6884eff406238d39aaa892218f1df7) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/05/12 08:46:02.0531 1232 ACPI (cfcb02e103e44ac7080ca04c1b5c2d7c) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/05/12 08:46:02.0703 1232 ACPIEC (ebd5cf43ad9526eab9b2a15a54760ea9) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/05/12 08:46:02.0890 1232 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/05/12 08:46:03.0140 1232 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/05/12 08:46:03.0625 1232 ALCXWDM (f3e15607ba53249c765e36388b332c2f) C:\WINDOWS\system32\drivers\ALCXWDM.SYS

2011/05/12 08:46:04.0312 1232 aswFsBlk (7f08d9c504b015d81a8abd75c80028c5) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/05/12 08:46:04.0437 1232 aswMon2 (c2181ef6b54752273a0759a968c59279) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/05/12 08:46:04.0531 1232 aswRdr (ac48bdd4cd5d44af33087c06d6e9511c) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/05/12 08:46:04.0671 1232 aswSnx (b64134316fcd1f20e0f10ef3e65bd522) C:\WINDOWS\system32\drivers\aswSnx.sys

2011/05/12 08:46:04.0796 1232 aswSP (d6788e3211afa9951ed7a4d617f68a4f) C:\WINDOWS\system32\drivers\aswSP.sys

2011/05/12 08:46:04.0906 1232 aswTdi (4d100c45517809439c7b6dd98997fa00) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/05/12 08:46:05.0015 1232 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/05/12 08:46:05.0250 1232 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/05/12 08:46:05.0421 1232 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/05/12 08:46:05.0593 1232 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/05/12 08:46:05.0781 1232 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/05/12 08:46:05.0937 1232 btaudio (3bc0afbd546162fe6ed6ccb15befad73) C:\WINDOWS\system32\drivers\btaudio.sys

2011/05/12 08:46:06.0062 1232 BTDriver (1d25fb8b6b073e6f4fb51034f734ea2c) C:\WINDOWS\system32\DRIVERS\btport.sys

2011/05/12 08:46:06.0234 1232 BTKRNL (9515d10ceaf284ab1a21934e1958d4fd) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2011/05/12 08:46:06.0343 1232 BTSERIAL (af3cc52fc040a402a6ad07ac1bd4fe76) C:\WINDOWS\system32\drivers\btserial.sys

2011/05/12 08:46:06.0437 1232 BTSLBCSP (e233ae94f1b66ddbfbca9566d0f7fdba) C:\WINDOWS\system32\drivers\btslbcsp.sys

2011/05/12 08:46:06.0593 1232 BTWDNDIS (66bff2643e5f6a0f80208dde1c4b653a) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2011/05/12 08:46:06.0718 1232 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\WINDOWS\system32\Drivers\btwusb.sys

2011/05/12 08:46:06.0984 1232 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/05/12 08:46:07.0187 1232 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/05/12 08:46:07.0296 1232 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/05/12 08:46:07.0531 1232 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/05/12 08:46:08.0078 1232 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\WINDOWS\system32\drivers\cpuz132_x32.sys

2011/05/12 08:46:08.0406 1232 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/05/12 08:46:08.0546 1232 dmboot (f8002f47101ef7e4fbb4379452d16c91) C:\WINDOWS\system32\drivers\dmboot.sys

2011/05/12 08:46:08.0703 1232 dmio (fe2c5d52066427c82ee473da3b5065c1) C:\WINDOWS\system32\drivers\dmio.sys

2011/05/12 08:46:08.0812 1232 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/05/12 08:46:08.0968 1232 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/05/12 08:46:09.0140 1232 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/05/12 08:46:09.0296 1232 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/05/12 08:46:09.0453 1232 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2011/05/12 08:46:09.0718 1232 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys

2011/05/12 08:46:09.0859 1232 Fips (a8d31e836ccf2f51009ce7dffecf6d51) C:\WINDOWS\system32\drivers\Fips.sys

2011/05/12 08:46:09.0953 1232 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2011/05/12 08:46:10.0078 1232 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/05/12 08:46:10.0203 1232 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/05/12 08:46:10.0296 1232 Ftdisk (d24d7839d594b255e1c298245b7ba6a2) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/05/12 08:46:10.0437 1232 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/05/12 08:46:10.0656 1232 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/05/12 08:46:10.0953 1232 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/05/12 08:46:11.0062 1232 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/05/12 08:46:11.0203 1232 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/05/12 08:46:11.0312 1232 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/05/12 08:46:11.0593 1232 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

2011/05/12 08:46:11.0968 1232 i8042prt (485bc6beb778b5e9702e6aa3d384c0cb) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/05/12 08:46:12.0203 1232 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/05/12 08:46:12.0562 1232 intelppm (7844c7948f40c44cb8012104fca7271b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/05/12 08:46:12.0703 1232 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/05/12 08:46:12.0812 1232 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/05/12 08:46:12.0921 1232 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/05/12 08:46:13.0031 1232 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/05/12 08:46:13.0171 1232 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/05/12 08:46:13.0312 1232 isapnp (2f61347dc1e20b593f8b66a92d9a46b4) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/05/12 08:46:13.0390 1232 Kbdclass (d3d4832b494cbf9a87cf86d7517013cb) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/05/12 08:46:13.0500 1232 kbdhid (68d9a763447d5488e155579e2990c5ad) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/05/12 08:46:13.0640 1232 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/05/12 08:46:13.0875 1232 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/05/12 08:46:14.0265 1232 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/05/12 08:46:14.0421 1232 Modem (04abc65d1d05aa0b396416b08e51b727) C:\WINDOWS\system32\drivers\Modem.sys

2011/05/12 08:46:14.0531 1232 Mouclass (a23a5edd91db897d1c8f0c2e9458e0b0) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/05/12 08:46:14.0656 1232 mouhid (53d3dba64871148591bfe21b492c3558) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/05/12 08:46:14.0812 1232 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/05/12 08:46:15.0015 1232 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/05/12 08:46:15.0156 1232 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/05/12 08:46:15.0312 1232 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/05/12 08:46:15.0468 1232 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/05/12 08:46:15.0578 1232 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/05/12 08:46:15.0687 1232 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/05/12 08:46:15.0937 1232 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/05/12 08:46:16.0062 1232 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/05/12 08:46:16.0218 1232 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/05/12 08:46:16.0359 1232 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/05/12 08:46:16.0484 1232 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/05/12 08:46:16.0593 1232 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/05/12 08:46:16.0718 1232 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/05/12 08:46:16.0859 1232 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/05/12 08:46:17.0000 1232 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/05/12 08:46:17.0296 1232 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/05/12 08:46:17.0421 1232 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/05/12 08:46:17.0609 1232 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/05/12 08:46:17.0718 1232 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/05/12 08:46:17.0843 1232 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/05/12 08:46:18.0078 1232 Parport (9badee6b698bf1af36e25a1a64a89eab) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/05/12 08:46:18.0187 1232 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/05/12 08:46:18.0312 1232 ParVdm (598a4e8249dcee03c4426b1cf3917abd) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/05/12 08:46:18.0468 1232 PCI (f97146d1a50500b38ec8d4015e83e0a7) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/05/12 08:46:18.0687 1232 PCIIde (62e28fb2d275059532389c615c04e054) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/05/12 08:46:18.0828 1232 Pcmcia (e5b6489d932d374e2c3cb077b13faa82) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/05/12 08:46:19.0562 1232 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/05/12 08:46:19.0671 1232 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/05/12 08:46:19.0796 1232 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/05/12 08:46:20.0390 1232 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/05/12 08:46:20.0546 1232 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/05/12 08:46:20.0703 1232 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/05/12 08:46:20.0812 1232 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/05/12 08:46:20.0953 1232 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/05/12 08:46:21.0062 1232 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/05/12 08:46:21.0203 1232 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/05/12 08:46:21.0375 1232 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/05/12 08:46:21.0515 1232 redbook (68d749b04bfbbd4d4d15cc5185afa4dd) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/05/12 08:46:21.0703 1232 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/05/12 08:46:21.0953 1232 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/05/12 08:46:22.0109 1232 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/05/12 08:46:22.0218 1232 Serial (c681c4804504fb2d799daacab2073c94) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/05/12 08:46:22.0484 1232 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/05/12 08:46:22.0875 1232 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/05/12 08:46:22.0968 1232 sr (d6c5a1a97fe0c533e712652ad9dc00d4) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/05/12 08:46:23.0140 1232 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/05/12 08:46:23.0343 1232 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/05/12 08:46:23.0468 1232 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/05/12 08:46:23.0984 1232 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/05/12 08:46:24.0171 1232 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/05/12 08:46:24.0328 1232 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/05/12 08:46:24.0421 1232 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/05/12 08:46:24.0671 1232 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/05/12 08:46:25.0031 1232 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys

2011/05/12 08:46:25.0171 1232 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/05/12 08:46:25.0390 1232 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/05/12 08:46:25.0562 1232 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/05/12 08:46:25.0703 1232 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/05/12 08:46:25.0828 1232 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/05/12 08:46:25.0937 1232 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/05/12 08:46:26.0093 1232 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/05/12 08:46:26.0187 1232 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/05/12 08:46:26.0312 1232 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/05/12 08:46:26.0406 1232 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/05/12 08:46:26.0546 1232 viagfx (22adafa1b08dc33b9402ebaff85b67de) C:\WINDOWS\system32\DRIVERS\vtmini.sys

2011/05/12 08:46:26.0765 1232 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/05/12 08:46:26.0937 1232 VolSnap (eb6b1e2c984d84470ff4fe7ef98cd44a) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/05/12 08:46:27.0125 1232 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/05/12 08:46:27.0312 1232 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/05/12 08:46:27.0703 1232 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/05/12 08:46:27.0812 1232 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/05/12 08:46:28.0015 1232 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/05/12 08:46:28.0015 1232 ================================================================================

2011/05/12 08:46:28.0015 1232 Scan finished

2011/05/12 08:46:28.0015 1232 ================================================================================

2011/05/12 08:46:28.0093 3780 Detected object count: 1

2011/05/12 08:46:47.0078 3780 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/05/12 08:46:47.0078 3780 \HardDisk0 - ok

2011/05/12 08:46:47.0078 3780 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

2011/05/12 08:47:00.0703 3948 Deinitialize success

meu pc ficou beeeeeeeemmmm melhor, sem akelas travadinhas e reiniciou mais rapido. A barra de tarefas está azul. Parece que ficou tudo bem ! Vou esperar até amanhã pra dizer q ficou 100% já q houve outra vez q ele ficou assim tb mas depois voltou a ficar uma $%&*@ rsrs de qualquer forma eu entro pra te informar.

Novamente, te agradeço muito!!!!

wings · Maio 12, 2011

*Desative temporariamente o antivírus

*Feche todos os programas ativos, inclusive o seu navegador

*Execute novamente o GMER

*Caso receba a mensagem de atividade de rootkit e se deseja fazer um scan, clique [NÃO]

Na coluna da direita, desmarque:

[] IAT/EAT

[] Show All

*Clique [scan] e aguarde o término

*Clique [save...] e salve no desktop

*Cole o relatório

ennay · Maio 13, 2011

bom dia wings!

segue o log do gmer

GMER 1.0.15.15627 - http://www.gmer.net

Rootkit scan 2011-05-13 10:19:19

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-12 WDC_WD800BB-22JHC0 rev.05.01C05

Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\kgrdrpow.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF55B2202]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF5618CB2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF55D66C1]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF55B481C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF55B4874]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF55B498A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF55D6075]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF55B4772]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF55B48C4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF55B47C6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF55B4938]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF55B2226]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF55D6D87]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF55D703D]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF55B4C0E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF55D6BF2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF55D6A5D]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF5618D62]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF55B1FF0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF55B224A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF55B4D82]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF55B2CDA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF55B484C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF55B489C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF55B49B4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF55D63D1]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF55B479E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF55B4A46]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF55B4904]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF55B47F4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF55B4B2A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF55B4962]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF5618DFA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF55D68D8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF55B2BA0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF55D672A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF5621E48]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF55D56E8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF55B226E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF55B2292]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF55B204A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF55B2186]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF55D6E8E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF55B2162]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF55B21AA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF55B22B6]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF562E902]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 37C 804E29E8 4 Bytes [E8, 56, 5D, F5]

.text ntoskrnl.exe!_abnormal_termination + 47C 804E2AE8 2 Bytes [b6, 22] {MOV DH, 0x22}

.text ntoskrnl.exe!_abnormal_termination + 47F 804E2AEB 1 Byte [F5]

PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F562BD5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B8E8 4 Bytes CALL F55B3335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP F562E906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP F562A2BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

.text mrxsmb.sys F56A740B 1 Byte [33]

.text mrxsmb.sys F56A7411 1 Byte [6D]

.text mrxsmb.sys F56A741C 1 Byte [6C]

.text mrxsmb.sys F56A7422 1 Byte [6D]

.text mrxsmb.sys F56A742B 1 Byte [6D]

.text ...

.text win32k.sys!EngFreeUserMem + 674 BF809952 5 Bytes JMP F55B5CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSurface + 45 BF813941 5 Bytes JMP F55B5BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E7C2 5 Bytes JMP F55B4E9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngSetLastError + 7AAB BF82BB0A 5 Bytes JMP F55B4F60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 2C80 BF83D688 5 Bytes JMP F55B5E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 4722 BF83F12A 5 Bytes JMP F55B6040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!FONTOBJ_pxoGetXform + 105F1 BF85F745 5 Bytes JMP F55B51AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!FONTOBJ_pxoGetXform + 1067C BF85F7D0 5 Bytes JMP F55B5352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!FONTOBJ_pxoGetXform + 12296 BF8613EA 5 Bytes JMP F55B5B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBlt + 35C1 BF8656FF 5 Bytes JMP F55B5C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 411E BF87D9BF 5 Bytes JMP F55B532A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGradientFill + 3AA1 BF89F596 5 Bytes JMP F55B5D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngMultiByteToWideChar + 2F30 BF8AD40B 5 Bytes JMP F55B4E84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngTextOut + 1093 BF8B91FD 5 Bytes JMP F55B4FD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngTextOut + 7558 BF8BF6C2 5 Bytes JMP F55B5F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngAlphaBlend + 3E8 BF8C3233 5 Bytes JMP F55B506A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1517 BF8EB872 5 Bytes JMP F55B50DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1797 BF8EBAF2 5 Bytes JMP F55B5114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9928 5 Bytes JMP F55B4DB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 1A0A BF9135D6 5 Bytes JMP F55B4F1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 25DE BF9141AA 5 Bytes JMP F55B5034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 4F3D BF916B09 5 Bytes JMP F55B546C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPlgBlt + 190E BF944A89 5 Bytes JMP F55B5EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[120] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\svchost.exe[120] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[120] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\svchost.exe[120] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\svchost.exe[120] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\svchost.exe[120] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\svchost.exe[120] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\svchost.exe[120] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\System32\svchost.exe[120] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\svchost.exe[120] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[176] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\spoolsv.exe[176] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[176] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\spoolsv.exe[176] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\spoolsv.exe[176] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\spoolsv.exe[176] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\spoolsv.exe[176] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\spoolsv.exe[176] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\spoolsv.exe[176] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\spoolsv.exe[176] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\spoolsv.exe[176] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\spoolsv.exe[176] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\spoolsv.exe[176] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\spoolsv.exe[176] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\spoolsv.exe[176] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[240] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[240] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[240] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[240] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[240] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[240] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[240] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[240] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[240] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[240] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00381014

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00380804

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00380A08

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00380C0C

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00380E10

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003801F8

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003803FC

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00380600

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC

.text C:\Arquivos de programas\Software WIDCOMM\Bluetooth\bin\btwdins.exe[344] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]

.text C:\WINDOWS\system32\svchost.exe[488] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[488] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[488] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[488] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[488] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[488] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[524] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[524] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\System32\smss.exe[600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[608] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\svchost.exe[608] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[608] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\svchost.exe[608] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[608] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\System32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\System32\svchost.exe[608] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\System32\svchost.exe[608] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\svchost.exe[608] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\svchost.exe[608] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\svchost.exe[608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\svchost.exe[608] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\svchost.exe[608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\System32\svchost.exe[608] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\svchost.exe[608] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000701F8

.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000703FC

.text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\services.exe[752] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\services.exe[752] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[752] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\services.exe[752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\services.exe[752] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\services.exe[752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\services.exe[752] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\services.exe[752] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\lsass.exe[764] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\lsass.exe[764] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[764] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\System32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\System32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\System32\svchost.exe[1024] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\svchost.exe[1024] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\svchost.exe[1024] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\svchost.exe[1024] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\System32\svchost.exe[1024] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\svchost.exe[1024] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1060] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1060] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1060] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1104] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\wuauclt.exe[1200] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8

.text C:\WINDOWS\system32\wuauclt.exe[1200] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\wuauclt.exe[1200] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC

.text C:\WINDOWS\system32\wuauclt.exe[1200] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\wuauclt.exe[1200] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\wuauclt.exe[1200] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\wuauclt.exe[1200] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\wuauclt.exe[1200] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\wuauclt.exe[1200] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\wuauclt.exe[1200] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\wuauclt.exe[1200] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\wuauclt.exe[1200] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\wuauclt.exe[1200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\wuauclt.exe[1200] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\wuauclt.exe[1200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\wuauclt.exe[1200] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\wuauclt.exe[1200] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC

.text C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe[1316] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe[1316] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe[1316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[1472] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\Explorer.EXE[1472] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\Explorer.EXE[1472] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600

.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\Explorer.EXE[1472] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC

.text C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe[1652] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe[1652] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\VTTimer.exe[1668] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8

.text C:\WINDOWS\system32\VTTimer.exe[1668] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\VTTimer.exe[1668] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC

.text C:\WINDOWS\system32\VTTimer.exe[1668] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\VTTimer.exe[1668] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00381014

.text C:\WINDOWS\system32\VTTimer.exe[1668] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00380804

.text C:\WINDOWS\system32\VTTimer.exe[1668] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00380A08

.text C:\WINDOWS\system32\VTTimer.exe[1668] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00380C0C

.text C:\WINDOWS\system32\VTTimer.exe[1668] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00380E10

.text C:\WINDOWS\system32\VTTimer.exe[1668] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003801F8

.text C:\WINDOWS\system32\VTTimer.exe[1668] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003803FC

.text C:\WINDOWS\system32\VTTimer.exe[1668] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00380600

.text C:\WINDOWS\system32\VTTimer.exe[1668] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804

.text C:\WINDOWS\system32\VTTimer.exe[1668] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08

.text C:\WINDOWS\system32\VTTimer.exe[1668] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600

.text C:\WINDOWS\system32\VTTimer.exe[1668] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8

.text C:\WINDOWS\system32\VTTimer.exe[1668] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC

.text C:\WINDOWS\system32\VTTimer.exe[1668] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]

.text C:\WINDOWS\system32\VTtrayp.exe[1676] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8

.text C:\WINDOWS\system32\VTtrayp.exe[1676] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\VTtrayp.exe[1676] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC

.text C:\WINDOWS\system32\VTtrayp.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\VTtrayp.exe[1676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804

.text C:\WINDOWS\system32\VTtrayp.exe[1676] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08

.text C:\WINDOWS\system32\VTtrayp.exe[1676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600

.text C:\WINDOWS\system32\VTtrayp.exe[1676] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8

.text C:\WINDOWS\system32\VTtrayp.exe[1676] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC

.text C:\WINDOWS\system32\VTtrayp.exe[1676] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]

.text C:\WINDOWS\system32\VTtrayp.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003A1014

.text C:\WINDOWS\system32\VTtrayp.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003A0804

.text C:\WINDOWS\system32\VTtrayp.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003A0A08

.text C:\WINDOWS\system32\VTtrayp.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003A0C0C

.text C:\WINDOWS\system32\VTtrayp.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003A0E10

.text C:\WINDOWS\system32\VTtrayp.exe[1676] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003A01F8

.text C:\WINDOWS\system32\VTtrayp.exe[1676] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003A03FC

.text C:\WINDOWS\system32\VTtrayp.exe[1676] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003A0600

.text C:\WINDOWS\SOUNDMAN.EXE[1684] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8

.text C:\WINDOWS\SOUNDMAN.EXE[1684] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\SOUNDMAN.EXE[1684] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC

.text C:\WINDOWS\SOUNDMAN.EXE[1684] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\SOUNDMAN.EXE[1684] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804

.text C:\WINDOWS\SOUNDMAN.EXE[1684] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08

.text C:\WINDOWS\SOUNDMAN.EXE[1684] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]

.text C:\WINDOWS\SOUNDMAN.EXE[1684] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600

.text C:\WINDOWS\SOUNDMAN.EXE[1684] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8

.text C:\WINDOWS\SOUNDMAN.EXE[1684] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC

.text C:\WINDOWS\SOUNDMAN.EXE[1684] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\WINDOWS\SOUNDMAN.EXE[1684] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\WINDOWS\SOUNDMAN.EXE[1684] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\WINDOWS\SOUNDMAN.EXE[1684] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\WINDOWS\SOUNDMAN.EXE[1684] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\WINDOWS\SOUNDMAN.EXE[1684] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\WINDOWS\SOUNDMAN.EXE[1684] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\WINDOWS\SOUNDMAN.EXE[1684] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00E70804

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00E70A08

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00E70600

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00E701F8

.text C:\Arquivos de programas\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1692] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00E703FC

.text C:\WINDOWS\system32\ctfmon.exe[1700] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8

.text C:\WINDOWS\system32\ctfmon.exe[1700] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[1700] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC

.text C:\WINDOWS\system32\ctfmon.exe[1700] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[1700] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\ctfmon.exe[1700] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\ctfmon.exe[1700] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\ctfmon.exe[1700] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\ctfmon.exe[1700] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\ctfmon.exe[1700] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\ctfmon.exe[1700] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\ctfmon.exe[1700] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\ctfmon.exe[1700] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\ctfmon.exe[1700] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\ctfmon.exe[1700] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\ctfmon.exe[1700] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\ctfmon.exe[1700] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC

.text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[2436] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\alg.exe[2436] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\alg.exe[2436] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\alg.exe[2436] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\System32\alg.exe[2436] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\alg.exe[2436] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\alg.exe[2436] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\System32\alg.exe[2436] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\System32\alg.exe[2436] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\alg.exe[2436] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\System32\alg.exe[2436] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\wuauclt.exe[2564] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8

.text C:\WINDOWS\system32\wuauclt.exe[2564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\wuauclt.exe[2564] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC

.text C:\WINDOWS\system32\wuauclt.exe[2564] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\wuauclt.exe[2564] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\wuauclt.exe[2564] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\wuauclt.exe[2564] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\wuauclt.exe[2564] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\wuauclt.exe[2564] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\wuauclt.exe[2564] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\wuauclt.exe[2564] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\wuauclt.exe[2564] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\wuauclt.exe[2564] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\wuauclt.exe[2564] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\wuauclt.exe[2564] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\wuauclt.exe[2564] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\wuauclt.exe[2564] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC

.text C:\WINDOWS\system32\msiexec.exe[2600] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8

.text C:\WINDOWS\system32\msiexec.exe[2600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\msiexec.exe[2600] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC

.text C:\WINDOWS\system32\msiexec.exe[2600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\msiexec.exe[2600] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\msiexec.exe[2600] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\msiexec.exe[2600] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\msiexec.exe[2600] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\msiexec.exe[2600] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\msiexec.exe[2600] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\msiexec.exe[2600] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\msiexec.exe[2600] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\msiexec.exe[2600] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\msiexec.exe[2600] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\msiexec.exe[2600] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\msiexec.exe[2600] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\msiexec.exe[2600] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC

.text C:\Arquivos de programas\Claro\Claro.exe[2828] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8

.text C:\Arquivos de programas\Claro\Claro.exe[2828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\Arquivos de programas\Claro\Claro.exe[2828] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC

.text C:\Arquivos de programas\Claro\Claro.exe[2828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!GetSysColor 7E368E78 5 Bytes JMP 00442440 C:\Arquivos de programas\Claro\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!GetSysColorBrush 7E368EAB 5 Bytes JMP 004424A0 C:\Arquivos de programas\Claro\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!SetScrollInfo 7E369056 7 Bytes JMP 00442330 C:\Arquivos de programas\Claro\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!GetScrollInfo 7E37DFE2 7 Bytes JMP 00442280 C:\Arquivos de programas\Claro\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!ShowScrollBar 7E37F2F2 5 Bytes JMP 00442400 C:\Arquivos de programas\Claro\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!GetScrollPos 7E37F704 5 Bytes JMP 004422C0 C:\Arquivos de programas\Claro\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!SetScrollPos 7E37F750 5 Bytes JMP 00442370 C:\Arquivos de programas\Claro\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!GetScrollRange 7E37F787 5 Bytes JMP 004422F0 C:\Arquivos de programas\Claro\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!SetScrollRange 7E37F99B 5 Bytes JMP 004423B0 C:\Arquivos de programas\Claro\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC

.text C:\Arquivos de programas\Claro\Claro.exe[2828] USER32.dll!EnableScrollBar 7E3B8005 7 Bytes JMP 00442240 C:\Arquivos de programas\Claro\SkinMagicU.dll (SkinMagic Toolkit/Appspeed Inc.)

.text C:\Arquivos de programas\Claro\Claro.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 004E1014

.text C:\Arquivos de programas\Claro\Claro.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 004E0804

.text C:\Arquivos de programas\Claro\Claro.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 004E0A08

.text C:\Arquivos de programas\Claro\Claro.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 004E0C0C

.text C:\Arquivos de programas\Claro\Claro.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 004E0E10

.text C:\Arquivos de programas\Claro\Claro.exe[2828] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 004E01F8

.text C:\Arquivos de programas\Claro\Claro.exe[2828] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 004E03FC

.text C:\Arquivos de programas\Claro\Claro.exe[2828] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 004E0600

.text C:\WINDOWS\system32\wscntfy.exe[3708] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\wscntfy.exe[3708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\WINDOWS\system32\wscntfy.exe[3708] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\wscntfy.exe[3708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\wscntfy.exe[3708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\wscntfy.exe[3708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\wscntfy.exe[3708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\wscntfy.exe[3708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\wscntfy.exe[3708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC

.text C:\WINDOWS\system32\wscntfy.exe[3708] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002E1014

.text C:\WINDOWS\system32\wscntfy.exe[3708] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002E0804

.text C:\WINDOWS\system32\wscntfy.exe[3708] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002E0A08

.text C:\WINDOWS\system32\wscntfy.exe[3708] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002E0C0C

.text C:\WINDOWS\system32\wscntfy.exe[3708] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002E0E10

.text C:\WINDOWS\system32\wscntfy.exe[3708] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002E01F8

.text C:\WINDOWS\system32\wscntfy.exe[3708] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002E03FC

.text C:\WINDOWS\system32\wscntfy.exe[3708] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002E0600

.text C:\gmer\gmer.exe[4072] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8

.text C:\gmer\gmer.exe[4072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]

.text C:\gmer\gmer.exe[4072] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC

.text C:\gmer\gmer.exe[4072] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\gmer\gmer.exe[4072] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 003F1014

.text C:\gmer\gmer.exe[4072] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 003F0804

.text C:\gmer\gmer.exe[4072] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 003F0A08

.text C:\gmer\gmer.exe[4072] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 003F0C0C

.text C:\gmer\gmer.exe[4072] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 003F0E10

.text C:\gmer\gmer.exe[4072] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003F01F8

.text C:\gmer\gmer.exe[4072] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003F03FC

.text C:\gmer\gmer.exe[4072] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 003F0600

.text C:\gmer\gmer.exe[4072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00AA0804

.text C:\gmer\gmer.exe[4072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00AA0A08

.text C:\gmer\gmer.exe[4072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00AA0600

.text C:\gmer\gmer.exe[4072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00AA01F8

.text C:\gmer\gmer.exe[4072] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00AA03FC

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\WINDOWS\system32\SET9.tmp?!\??\C:\WINDOWS\system32\rpcrt4.dll?\??\C:\WINDOWS\system32\SETA.tmp?!\??\C:\WINDOWS\system32\xpsp4res.dll?\??\C:\WINDOWS\system32\SET18.tmp?!\??\C:\WINDOWS\system32\vbscript.dll?\??\C:\WINDOWS\system32\SET19.tmp?!\??\C:\WINDOWS\system32\jscript.dll?\??\C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help\Rgstrtn.lck??

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 0

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109110000000000000000F01FEC\InstallProperties@EstimatedSize 763261

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\00002109110000000000000000F01FEC\Patches@AllPatches 10E57EEBF3DDF5D49BC606E956834D91?CECC24119ACAB484AB093C5AAC91885C?CB8AF982E8A614341B49BE624BE9F9D5?12EE75850D30E2846902A5033B412AEA?5D34E4A5F858DB94AB27F8031E970306?84125F966FB9CDC4FB6701D3AE3FDD80?ACD702F79933BC049A86E695191B24A1?33007B5FC97E965409FBCBB9E4F4F364?9B247DCF55A7CB447A677F592FF1DECD?

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-0011-0000-0000-0000000FF1CE}@EstimatedSize 763261

Reg HKLM\SOFTWARE\Classes\Installer\Products\00002109110000000000000000F01FEC\Patches@Patches 10E57EEBF3DDF5D49BC606E956834D91?CECC24119ACAB484AB093C5AAC91885C?CB8AF982E8A614341B49BE624BE9F9D5?895910D395B7A74408EA18B507B348FF?12EE75850D30E2846902A5033B412AEA?5D34E4A5F858DB94AB27F8031E970306?84125F966FB9CDC4FB6701D3AE3FDD80?ACD702F79933BC049A86E695191B24A1?D582444CF4E54A8419DD74AAAA869ED2?33007B5FC97E965409FBCBB9E4F4F364?9B247DCF55A7CB447A677F592FF1DECD?

Reg HKLM\SOFTWARE\Classes\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}@ RefEvents

Reg HKLM\SOFTWARE\Classes\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TypeLib@ {00024517-0000-0000-C000-000000000046}

Reg HKLM\SOFTWARE\Classes\Interface\{8BD21D12-EC42-11CE-9E0D-00AA006002F3}\TypeLib@Version 1.2

---- EOF - GMER 1.0.15 ----

Por enquanto tudo bem...

wings · Maio 13, 2011

Boa tarde ennay

Log limpo. :)

1.

*Delete o TDSSKiller e o relatório C:\TDSSKiller.versão_data_hora_log.txt

2.

*Delete o GMER e seus relatórios.

3.

*Clique [iniciar] > [Executar] > digite: msconfig e clique [OK]

*Na aba "BOOT.INI", selecione a linha:

C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

*Clique [Verificar caminhos de inicialização] > [sIM] > [OK]

*Reinicie o PC

*Ao iniciar o Windows, clique em "Não mostrar esta mensagem ou iniciar o utilitário de configuração do sistema ao iniciar o Windows"

Um abraço.

Arquivado

[Resolvido] &nbspLogs

Recommended Posts

ennay 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

ennay 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

ennay 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

ennay 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

ennay 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

ennay 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

ennay 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

ennay 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

ennay 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22

Compartilhar este post

Link para o post

Compartilhar em outros sites

ennay 0

Compartilhar este post

Link para o post

Compartilhar em outros sites

wings 22