Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

nokciam

[Resolvido] &nbspPC lento - páginas web rolando sozinhas

Recommended Posts

Segue log HiJackThis para analise:

Obrigado

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:09:25, on 10/1/2002

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe

C:\Arquivos de programas\TeamViewer\Version4\TeamViewer.exe

C:\WINDOWS\StartupMonitor.exe

C:\WINDOWS\ZSSnp211.exe

C:\WINDOWS\Domino.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Realtek\Transcode Server\TranscodeServer.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Alwil Software\Avast5\setup\avast.setup

C:\WINDOWS\system32\wuauclt.exe

d:\Meus documentos\Downloads\HiJackThis.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\Arquivos de programas\Google\Chrome\Application\chrome.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O1 - Hosts: 02

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Arquivos de programas\Orbitdownloader\orbitcth.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\ARQUIV~1\NetWorx\deskband.dll

O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe

O4 - HKLM\..\Run: [ZSSnp211] C:\WINDOWS\ZSSnp211.exe

O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe

O4 - HKLM\..\Run: [avast5] C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [TranscodeServer] C:\Arquivos de programas\Realtek\Transcode Server\TranscodeServer.exe

O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -update activex

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "C:\Arquivos de programas\MSN Messenger\MsnMsgr.Exe" /background (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')

O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Arquivos de programas\RALINK\Common\RaUI.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Arquivos de programas\Orbitdownloader\orbitmxt.dll/202

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe (file missing)

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O14 - IERESET.INF: START_PAGE_URL=http://www.compartilhando.org/

O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O20 - Winlogon Notify: wamregps32 - wamregps32.dll (file missing)

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: avast! Antivirus - AVAST Software - C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Escritor VSS do SQL Server (SQLWriter) - Unknown owner - c:\Arquivos de programas\Microsoft SQL Server\90\Shared\sqlwriter.exe (file missing)

O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe

 

--

End of file - 8358 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá nokciam

 

 

1.

*Baixe o HostsXpert e salve-o no desktop

*Extraia para o desktop e execute-o

*Clique [Editing] > [Copy to Clipboard] > [Copy Host File]

*Cole aqui no fórum.

 

2.

*Baixe o MalwareBytes e salve-o no desktop

*Instale o programa e aguarde a atualização

*O programa será aberto automaticamente

*Na aba [Verificação], selecione [Verificação completa]

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

 

Caso já tenhas o Malwarebytes instalado....

 

*Abra o Malwarebytes, clique [Atualização] > [baixar Atualizações]

*Na aba [Verificação], selecione [x] Verificação completa

*Clique [Verificar] e selecione a partição onde o Windows está instalado

*Ao finalizar o scan, clique [sIM] > [OK] > [Ver Resultados] > [Remover Selecionados]

*Cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

opa, desculpe a demora:

 

fui postar aqui e informou ser muito grande o post, colei no word deu só 200 pgs, posso anexar arquivo?

 

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Versão da Base de Dados: 6678

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

25/5/2011 17:05:59

mbam-log-2011-05-25 (17-05-59).txt

 

Tipo de Verificação: Verificação Completa (C:\|)

Objetos escaneados: 273880

Tempo decorrido: 2 hora(s), 45 minuto(s), 52 segundo(s)

 

Processos de Memória Infectados: 0

Módulos de Memória Infectados: 0

Chaves de Registro Infectadas: 0

Valores de Registro Infectados: 1

Itens de Dados no Registro Infectados: 0

Pastas Infectadas: 0

Arquivos Infectados: 3

 

Processos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Módulos de Memória Infectados:

(Não foram detectados ítens maliciosos)

 

Chaves de Registro Infectadas:

(Não foram detectados ítens maliciosos)

 

Valores de Registro Infectados:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

 

Itens de Dados no Registro Infectados:

(Não foram detectados ítens maliciosos)

 

Pastas Infectadas:

(Não foram detectados ítens maliciosos)

 

Arquivos Infectados:

C:\Documents and Settings\All Users\Documentos\PENDRIVE\ativar_windows_xp_office2003_visio2007\kf151\keyfinder.exe (Application.FindKey) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Documentos\PENDRIVE\crack_oem_vista_x86\Crack Ativador Windows Vista - Versão 32-Bits.exe (Worm.VB) -> Quarantined and deleted successfully.

C:\kf151\keyfinder.exe (Application.FindKey) -> Quarantined and deleted successfully.

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Baixe o OTS e salve-o no desktop

*Execute-o e selecione a opção:

[x] Scan All Users

*Clique [Quick Scan] e cole o relatório apresentado (OTS.txt localizado no desktop)

 

Caso o relatório fique demasiadamente grande...

 

*Acesse este link

*Clique [Enviar arquivo]

*Localize o arquivo OTS.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

Compartilhar este post


Link para o post
Compartilhar em outros sites

o OTS está travando quando chega em uma HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\MOUNTPOINT2\{69E1473A-0AR7-11DB-93FF-AD8ADB63B72

Compartilhar este post


Link para o post
Compartilhar em outros sites

*Baixe o OTL e salve-o no desktop

*Execute-o e selecione a opção:

[X] Verificar All Users

*Clique [Verificação Rápida] e cole os relatórios apresentados (OTL.txt e Extras.txt localizados no desktop)

 

Caso os relatórios fiquem demasiadamente grandes...

 

*Acesse este link

*Clique [Enviar arquivo]

*Localize o arquivo OTL.txt no desktop

*Clique [Abrir] > [Créer le lien Cjoint]

*Cole o endereço criado

*Faça o mesmo procedimento para o relatório Extras.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

OK...

 

nokciam...Vamos lá!

 

 

 

1.

*Execute o OTL e clique [Limpeza] > [OK]

*O PC será reiniciado

 

2.

*Execute o HostsXpert

*Clique [Restore Microsoft's Hosts File]

*Feche o programa

 

3.

*Baixe o DDS e salve-o no desktop

*Execute-o e salve os relatórios (DDS.txt e Attach.txt) no desktop

*Cole o relatório DDS.txt

 

4.

*Baixe o GMER e salve-o no desktop

*Extraia para o desktop

*Desative temporariamente o antivírus

*Feche todos os programas ativos, MSN, anti-spywares...

*Saia da Internet

*Execute-o

*Caso receba a mensagem de atividade de rootkit e se deseja fazer um scan, clique [NÃO]

*Na coluna à direita, desmarque a opção []IAT/EAT

*Clique [scan] e aguarde o término

*Clique [save...] e salve no desktop

*Cole o relatório

Compartilhar este post


Link para o post
Compartilhar em outros sites

DDS

 

 

.

DDS (Ver_11-05-19.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by Administrador at 21:34:58 on 2011-05-27

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.1536.1151 [GMT -3:00]

.

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe

C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\slserv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe

C:\WINDOWS\StartupMonitor.exe

C:\WINDOWS\ZSSnp211.exe

C:\WINDOWS\Domino.exe

C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\RALINK\Common\RaUI.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Administrador\Desktop\dds.com

C:\WINDOWS\system32\WSCRIPT.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie_rsearch.html

mWinlogon: SfcDisable=-99 (0xffffff9d)

BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\arquivos de programas\orbitdownloader\orbitcth.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - c:\arquiv~1\networx\deskband.dll

TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [TranscodeServer] c:\arquivos de programas\realtek\transcode server\TranscodeServer.exe

mRun: [Run StartupMonitor] StartupMonitor.exe

mRun: [ZSSnp211] c:\windows\ZSSnp211.exe

mRun: [Domino] c:\windows\Domino.exe

mRun: [avast5] c:\arquiv~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

dRun: [MsnMsgr] "c:\arquivos de programas\msn messenger\MsnMsgr.Exe" /background

dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"

dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\ralink~1.lnk - c:\arquivos de programas\ralink\common\RaUI.exe

uPolicies-system: NoVisualStyleChoice = 0 (0x0)

uPolicies-system: NoColorChoice = 0 (0x0)

uPolicies-system: NoSizeChoice = 0 (0x0)

IE: &Download by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\arquivos de programas\orbitdownloader\orbitmxt.dll/202

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab

DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: wamregps32 - wamregps32.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

============= SERVICES / DRIVERS ===============

.

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-11-27 28552]

R0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys [2003-4-27 8704]

R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [2005-9-19 77312]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2002-1-11 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-26 307928]

R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2010-1-17 181120]

R1 IfsMount;IfsMount;c:\windows\system32\drivers\ifsmount.sys [2010-1-17 51072]

R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2010-2-27 38976]

R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-7-28 115856]

R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-7-28 41424]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-26 19544]

R2 avast! Antivirus;avast! Antivirus;c:\arquivos de programas\alwil software\avast5\AvastSvc.exe [2010-2-16 42184]

R2 Dev_UNIDRV;Dev_UNIDRV;c:\windows\system32\drivers\UNIDRV.SYS [2006-8-17 6080]

R2 nxsIO32;NextSensor Kernel I/O Driver;c:\windows\system32\drivers\nxsIO32.sys [2007-8-20 2208]

R2 TeamViewer4;TeamViewer 4;c:\arquivos de programas\teamviewer\version4\TeamViewer_Service.exe [2009-6-25 185640]

R3 CX88Tune;Conexant 2388x TvTuner;c:\windows\system32\drivers\CX88Tune.sys [2006-6-30 29696]

R3 CX88VCap;Conexant 2388x Capture;c:\windows\system32\drivers\CX88Vid.sys [2006-6-30 192640]

R3 CX88XBar;Conexant 2388x Crossbar;c:\windows\system32\drivers\CX88XBar.sys [2006-6-30 14336]

R3 padenum;Enumerador de dispositivos de NTPAD;c:\windows\system32\drivers\padenum.sys [2007-1-21 10624]

R3 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys [2003-4-27 99360]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-7-10 99472]

S2 gupdate;Google Update Service (gupdate);c:\arquivos de programas\google\update\GoogleUpdate.exe [2002-1-10 136176]

S3 dTVdrvNT;dTVdrvNT;c:\windows\system32\DTVDRVNT.SYS [2006-6-30 12188]

S3 KS-959;Kingsun KS-959 USB Infrared Adapter;c:\windows\system32\drivers\KS-959.sys [2006-7-22 19034]

S3 RTCore32;RTCore32;\??\c:\documents and settings\all users\documentos\pendrive\programas\rmclock_22_bin\rtcore32.sys --> c:\documents and settings\all users\documentos\pendrive\programas\rmclock_22_bin\RTCore32.sys [?]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-7-28 91472]

S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2009-7-28 32016]

S3 VendorJoystickEnabler;Driver para joystick paralelo de consola;c:\windows\system32\drivers\ntpad.sys --> c:\windows\system32\drivers\ntpad.sys [?]

S4 vsdatant;vsdatant; [x]

.

=============== File Associations ===============

.

regfile\shell\edit\command=%SystemRoot%\system32\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2011-05-27 22:02:21 -------- d-sh--w- C:\found.001

2011-05-25 15:26:21 -------- d-----w- c:\documents and settings\administrador\dados de aplicativos\Malwarebytes

2011-05-25 15:26:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-25 15:26:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-25 15:26:06 -------- d-----w- c:\documents and settings\all users\dados de aplicativos\Malwarebytes

2011-05-25 15:26:05 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2011-05-22 21:15:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

.

==================== Find3M ====================

.

2011-05-10 11:10:59 40112 ----a-w- c:\windows\avastSS.scr

2011-05-10 11:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-03-07 05:33:42 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:36:11 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:53:05 1858048 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 21:38:02,39 ===============

 

Attach

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_11-05-19.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 30/6/2006 20:55:57

System Uptime: 27/5/2011 21:17:23 (0 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | A7V600-X

Processor: AMD Sempron 2600+ | SOCKET A | 1833/166mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 37 GiB total, 4,606 GiB free.

D: is FIXED (NTFS) - 37 GiB total, 5,086 GiB free.

I: is CDROM ()

J: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: VIA Rhine II Fast Ethernet Adapter

Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_80ED1043&REV_78\3&61AAA01&0&90

Manufacturer: VIA Technologies, Inc.

Name: VIA Rhine II Fast Ethernet Adapter

PNP Device ID: PCI\VEN_1106&DEV_3065&SUBSYS_80ED1043&REV_78\3&61AAA01&0&90

Service: FETND5BV

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Bluetooth PAN Network Adapter

Device ID: ROOT\NET\0000

Manufacturer: IVT Corporation

Name: Bluetooth PAN Network Adapter

PNP Device ID: ROOT\NET\0000

Service: BT

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: VirtualBox Host-Only Ethernet Adapter

Device ID: ROOT\NET\0001

Manufacturer: Sun Microsystems, Inc.

Name: VirtualBox Host-Only Ethernet Adapter

PNP Device ID: ROOT\NET\0001

Service: VBoxNetAdp

.

==== System Restore Points ===================

.

RP494: 2/1/2002 06:31:21 - Software Distribution Service 3.0

RP495: 6/2/2011 19:03:08 - Installed Transcode Server

RP496: 20/3/2011 20:26:26 - Software Distribution Service 3.0

RP497: 10/1/2002 20:26:50 - Instalação de driver não assinada

RP498: 11/1/2002 02:18:37 - Software Distribution Service 3.0

RP499: 25/5/2011 09:20:58 - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Shockwave Player 11.5

Arquivo do WinRAR

Assistente de Conexão do Windows Live

µTorrent

Atualização Crítica para o Windows Media Player 11 (KB959772)

Atualização de Segurança para o Windows Media Player (KB2378111)

Atualização de Segurança para o Windows Media Player (KB911564)

Atualização de Segurança para o Windows Media Player (KB952069)

Atualização de Segurança para o Windows Media Player (KB954155)

Atualização de Segurança para o Windows Media Player (KB968816)

Atualização de Segurança para o Windows Media Player (KB973540)

Atualização de Segurança para o Windows Media Player (KB975558)

Atualização de Segurança para o Windows Media Player (KB978695)

Atualização de Segurança para o Windows Media Player 11 (KB936782)

Atualização de Segurança para o Windows Media Player 11 (KB954154)

Atualização de Segurança para o Windows Media Player 6.4 (KB925398)

Atualização de segurança para Step by Step Interactive Training (KB923723)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127-v2)

Atualização de Segurança para Windows Internet Explorer 7 (KB938127)

Atualização de Segurança para Windows Internet Explorer 7 (KB961260)

Atualização de Segurança para Windows Internet Explorer 7 (KB963027)

Atualização de Segurança para Windows Internet Explorer 8 (KB2183461)

Atualização de Segurança para Windows Internet Explorer 8 (KB2360131)

Atualização de Segurança para Windows Internet Explorer 8 (KB2416400)

Atualização de Segurança para Windows Internet Explorer 8 (KB2482017)

Atualização de Segurança para Windows Internet Explorer 8 (KB2497640)

Atualização de Segurança para Windows Internet Explorer 8 (KB2510531)

Atualização de Segurança para Windows Internet Explorer 8 (KB969897)

Atualização de Segurança para Windows Internet Explorer 8 (KB971961)

Atualização de Segurança para Windows Internet Explorer 8 (KB972260)

Atualização de Segurança para Windows Internet Explorer 8 (KB976325)

Atualização de Segurança para Windows Internet Explorer 8 (KB978207)

Atualização de Segurança para Windows Internet Explorer 8 (KB981332)

Atualização de Segurança para Windows XP (KB2079403)

Atualização de Segurança para Windows XP (KB2115168)

Atualização de Segurança para Windows XP (KB2121546)

Atualização de Segurança para Windows XP (KB2160329)

Atualização de Segurança para Windows XP (KB2229593)

Atualização de Segurança para Windows XP (KB2259922)

Atualização de Segurança para Windows XP (KB2279986)

Atualização de Segurança para Windows XP (KB2286198)

Atualização de Segurança para Windows XP (KB2296011)

Atualização de Segurança para Windows XP (KB2296199)

Atualização de Segurança para Windows XP (KB2347290)

Atualização de Segurança para Windows XP (KB2360937)

Atualização de Segurança para Windows XP (KB2387149)

Atualização de Segurança para Windows XP (KB2393802)

Atualização de Segurança para Windows XP (KB2412687)

Atualização de Segurança para Windows XP (KB2419632)

Atualização de Segurança para Windows XP (KB2423089)

Atualização de Segurança para Windows XP (KB2436673)

Atualização de Segurança para Windows XP (KB2440591)

Atualização de Segurança para Windows XP (KB2443105)

Atualização de Segurança para Windows XP (KB2476687)

Atualização de Segurança para Windows XP (KB2478960)

Atualização de Segurança para Windows XP (KB2478971)

Atualização de Segurança para Windows XP (KB2479628)

Atualização de Segurança para Windows XP (KB2479943)

Atualização de Segurança para Windows XP (KB2481109)

Atualização de Segurança para Windows XP (KB2483185)

Atualização de Segurança para Windows XP (KB2485376)

Atualização de Segurança para Windows XP (KB2485663)

Atualização de Segurança para Windows XP (KB2503658)

Atualização de Segurança para Windows XP (KB2506212)

Atualização de Segurança para Windows XP (KB2506223)

Atualização de Segurança para Windows XP (KB2507618)

Atualização de Segurança para Windows XP (KB2508272)

Atualização de Segurança para Windows XP (KB2508429)

Atualização de Segurança para Windows XP (KB2509553)

Atualização de Segurança para Windows XP (KB2511455)

Atualização de Segurança para Windows XP (KB2524375)

Atualização de Segurança para Windows XP (KB923561)

Atualização de Segurança para Windows XP (KB938464-v2)

Atualização de Segurança para Windows XP (KB938464)

Atualização de Segurança para Windows XP (KB941569)

Atualização de Segurança para Windows XP (KB946648)

Atualização de Segurança para Windows XP (KB950760)

Atualização de Segurança para Windows XP (KB950762)

Atualização de Segurança para Windows XP (KB950974)

Atualização de Segurança para Windows XP (KB951066)

Atualização de Segurança para Windows XP (KB951376-v2)

Atualização de Segurança para Windows XP (KB951698)

Atualização de Segurança para Windows XP (KB951748)

Atualização de Segurança para Windows XP (KB952004)

Atualização de Segurança para Windows XP (KB952954)

Atualização de Segurança para Windows XP (KB954211)

Atualização de Segurança para Windows XP (KB954459)

Atualização de Segurança para Windows XP (KB954600)

Atualização de Segurança para Windows XP (KB955069)

Atualização de Segurança para Windows XP (KB956572)

Atualização de Segurança para Windows XP (KB956744)

Atualização de Segurança para Windows XP (KB956802)

Atualização de Segurança para Windows XP (KB956803)

Atualização de Segurança para Windows XP (KB956841)

Atualização de Segurança para Windows XP (KB956844)

Atualização de Segurança para Windows XP (KB957097)

Atualização de Segurança para Windows XP (KB958644)

Atualização de Segurança para Windows XP (KB958687)

Atualização de Segurança para Windows XP (KB958690)

Atualização de Segurança para Windows XP (KB958869)

Atualização de Segurança para Windows XP (KB959426)

Atualização de Segurança para Windows XP (KB960225)

Atualização de Segurança para Windows XP (KB960715)

Atualização de Segurança para Windows XP (KB960803)

Atualização de Segurança para Windows XP (KB960859)

Atualização de Segurança para Windows XP (KB961371)

Atualização de Segurança para Windows XP (KB961373)

Atualização de Segurança para Windows XP (KB961501)

Atualização de Segurança para Windows XP (KB968537)

Atualização de Segurança para Windows XP (KB969059)

Atualização de Segurança para Windows XP (KB969898)

Atualização de Segurança para Windows XP (KB969947)

Atualização de Segurança para Windows XP (KB970238)

Atualização de Segurança para Windows XP (KB970430)

Atualização de Segurança para Windows XP (KB971468)

Atualização de Segurança para Windows XP (KB971486)

Atualização de Segurança para Windows XP (KB971557)

Atualização de Segurança para Windows XP (KB971633)

Atualização de Segurança para Windows XP (KB971657)

Atualização de Segurança para Windows XP (KB972270)

Atualização de Segurança para Windows XP (KB973346)

Atualização de Segurança para Windows XP (KB973354)

Atualização de Segurança para Windows XP (KB973507)

Atualização de Segurança para Windows XP (KB973869)

Atualização de Segurança para Windows XP (KB973904)

Atualização de Segurança para Windows XP (KB974112)

Atualização de Segurança para Windows XP (KB974318)

Atualização de Segurança para Windows XP (KB974392)

Atualização de Segurança para Windows XP (KB974571)

Atualização de Segurança para Windows XP (KB975025)

Atualização de Segurança para Windows XP (KB975467)

Atualização de Segurança para Windows XP (KB975560)

Atualização de Segurança para Windows XP (KB975561)

Atualização de Segurança para Windows XP (KB975562)

Atualização de Segurança para Windows XP (KB975713)

Atualização de Segurança para Windows XP (KB977165-v2)

Atualização de Segurança para Windows XP (KB977816)

Atualização de Segurança para Windows XP (KB977914)

Atualização de Segurança para Windows XP (KB978037)

Atualização de Segurança para Windows XP (KB978251)

Atualização de Segurança para Windows XP (KB978262)

Atualização de Segurança para Windows XP (KB978338)

Atualização de Segurança para Windows XP (KB978542)

Atualização de Segurança para Windows XP (KB978601)

Atualização de Segurança para Windows XP (KB978706)

Atualização de Segurança para Windows XP (KB979309)

Atualização de Segurança para Windows XP (KB979482)

Atualização de Segurança para Windows XP (KB979687)

Atualização de Segurança para Windows XP (KB980195)

Atualização de Segurança para Windows XP (KB980218)

Atualização de Segurança para Windows XP (KB980232)

Atualização de Segurança para Windows XP (KB980436)

Atualização de Segurança para Windows XP (KB981322)

Atualização de Segurança para Windows XP (KB981852)

Atualização de Segurança para Windows XP (KB981957)

Atualização de Segurança para Windows XP (KB981997)

Atualização de Segurança para Windows XP (KB982132)

Atualização de Segurança para Windows XP (KB982214)

Atualização de Segurança para Windows XP (KB982665)

Atualização para Windows Internet Explorer 8 (KB969497)

Atualização para Windows Internet Explorer 8 (KB976662)

Atualização para Windows XP (KB2141007)

Atualização para Windows XP (KB2345886)

Atualização para Windows XP (KB2467659)

Atualização para Windows XP (KB951978)

Atualização para Windows XP (KB955759)

Atualização para Windows XP (KB955839)

Atualização para Windows XP (KB961503)

Atualização para Windows XP (KB967715)

Atualização para Windows XP (KB968389)

Atualização para Windows XP (KB971029)

Atualização para Windows XP (KB971737)

Atualização para Windows XP (KB973687)

Atualização para Windows XP (KB973815)

AudioCommander

avast! Free Antivirus

BlueSoleil

Borland C++Builder 5

CCleaner

CDBurnerXP Pro 3

DAEMON Tools

Dic Michaelis - UOL

DriveImage XML

Ext2 IFS 1.11a for Windows XP

Ferramenta de Carregamento do Windows Live

Foxit Reader

FreeRIP v2.60

GetDataBack for FAT and GetDataBack for NTFS

Girder 3.3

Google Chrome

Google Update Helper

Gravador do Microsoft SQL Server VSS

HD Tune 2.53

Hotfix for Microsoft .NET Framework 3.0 (KB932471)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for MSXML 2 (KB887606)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows XP (KB954550-v5)

Hotfix para o Windows Media Player 11 (KB939683)

Hotfix para Windows XP (KB2158563)

Hotfix para Windows XP (KB2443685)

Hotfix para Windows XP (KB952287)

Hotfix para Windows XP (KB961118)

Hotfix para Windows XP (KB976098-v2)

Hotfix para Windows XP (KB979306)

Hotfix para Windows XP (KB981793)

J2ME Wireless Toolkit 2.2

J2SE Development Kit 5.0 Update 7

J2SE Runtime Environment 5.0 Update 7

Java Auto Updater

Java 6 Update 18

Java 6 Update 5

Lexmark Z700-P700 Series

Malwarebytes' Anti-Malware

MediaPortal

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Brazilian Portuguese Language Pack

Microsoft .NET Framework 1.1 Security Update (KB2416447)

Microsoft .NET Framework 1.1 Security Update (KB979906)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PTB

Microsoft .NET Framework 3.0 Brazilian Portuguese Language Pack

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PTB

Microsoft .NET Framework 3.5 Language Pack SP1 - ptb

Microsoft .NET Framework 3.5 SP1

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft National Language Support Downlevel APIs

Microsoft Office 2000 Premium

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft XML Parser

MP3 Player Utilities 3.5.02

MSVCRT

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6 Service Pack 2 (KB954459)

MySQL Servers and Clients 4.0.18

NetoDragon 56K Voice Modem

NetWorx 5.1

NVIDIA Drivers

Orbit Downloader

Pacote de Idiomas do Microsoft .NET Framework 3.5 SP1 - PTB

Pacote de Idiomas do Português (Brasil) para Microsoft .NET Framework 3.0

PlayTV Pro Ultra

PowerVCR II

Project64 1.6

Quake III Arena

Ralink Wireless LAN Card

Revo Uninstaller 1.85

Samsung USB Driver

Security Update for CAPICOM (KB931906)

Security Update para o produto Microsoft .NET Framework 2.0 (KB928365)

Segoe UI

SoundMAX

SQLyog 4.06

StartupMonitor

Subtitle Workshop 2.51

Sun xVM VirtualBox

TeamViewer 4

Transcode Server

Unity Web Player

USB PC Camera (ZS211)

VIA Integrated Setup Wizard

VIA Rhine-Family Fast Ethernet Adapter

WebFldrs XP

Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray

Windows Genuine Advantage Notifications (KB905474)

Windows Imaging Component

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Media Format 11 runtime

Windows Media Player 11

Windows Presentation Foundation

Windows Presentation Foundation Language Pack (PTB)

Windows XP Service Pack 3

XML Paper Specification Shared Components Language Pack 1.0

XML Paper Specification Shared Components Pack 1.0

.

==== End Of File ===========================

 

GMER

 

 

GMER 1.0.15.15627 - http://www.gmer.net

Rootkit scan 2011-05-28 03:04:37

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP0802N rev.TK200-04

Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\kxrdapow.sys

 

 

---- System - GMER 1.0.15 ----

 

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB6E0D202]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB6EFFCB2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB6E316C1]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB6E0F81C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB6E0F874]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB6E0F98A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB6E31075]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB6E0F772]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB6E0F8C4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB6E0F7C6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB6E0F938]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB6E0D226]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB6E31D87]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB6E3203D]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB6E0FC0E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB6E31BF2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB6E31A5D]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB6EFFD62]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB6E0CFF0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB6E0D24A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB6E0FD82]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB6E0DCDA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB6E0F84C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB6E0F89C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB6E0F9B4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB6E313D1]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB6E0F79E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB6E0FA46]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB6E0F904]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB6E0F7F4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB6E0FB2A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB6E0F962]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB6EFFDFA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB6E318D8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB6E0DBA0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB6E3172A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB6F08E48]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB6E306E8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB6E0D26E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB6E0D292]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB6E0D04A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB6E0D186]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB6E31E8E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB6E0D162]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB6E0D1AA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB6E0D2B6]

 

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB6F15902]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

 

---- Kernel code sections - GMER 1.0.15 ----

 

.text ntoskrnl.exe!_abnormal_termination + 37C 804E29E8 4 Bytes CALL FD050CF3

PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP B6F12D5C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL B6E0E335 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP B6F15906 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP B6F112BE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

.text win32k.sys!EngFreeUserMem + 674 BF809922 5 Bytes JMP B6E10CCE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B6E10BDA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngSetLastError + 783B BF824157 5 Bytes JMP B6E0FF60 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateBitmap + F9C BF828CE9 5 Bytes JMP B6E10E38 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316DA 5 Bytes JMP B6E11040 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnmapFontFileFD + B8F2 BF83A37C 5 Bytes JMP B6E10B4A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCopyBits + 5F35 BF857E69 5 Bytes JMP B6E0FFD0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 348C BF866FF4 5 Bytes JMP B6E101AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 3517 BF86707F 5 Bytes JMP B6E10352 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + 3F47 BF867AAF 5 Bytes JMP B6E0FE84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XLATEOBJ_iXlate + AAFC BF86E664 5 Bytes JMP B6E10C04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngUnicodeToMultiByteN + 2ED7 BF871F85 5 Bytes JMP B6E10F9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngGetCurrentCodePage + 411E BF88C9D8 5 Bytes JMP B6E1032A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngTextOut + 4149 BF8B0CBE 5 Bytes JMP B6E0FE9C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreatePalette + 2DBF BF8C26A3 5 Bytes JMP B6E10D80 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngStretchBltROP + 450 BF8C3048 5 Bytes JMP B6E1006A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1517 BF8CB4AA 5 Bytes JMP B6E100DA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngFillPath + 1797 BF8CB72A 5 Bytes JMP B6E10114 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngDeleteSemaphore + 3B3E BF8ED1B7 5 Bytes JMP B6E0FDB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 19B2 BF913F1F 5 Bytes JMP B6E0FF1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 2586 BF914AF3 5 Bytes JMP B6E10034 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateClip + 4EE5 BF917452 5 Bytes JMP B6E1046C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPlgBlt + 1924 BF945FB0 5 Bytes JMP B6E10EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

? C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

 

---- User code sections - GMER 1.0.15 ----

 

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8

.text C:\Arquivos de programas\Java\jre6\bin\jqs.exe[164] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC

.text C:\WINDOWS\system32\nvsvc32.exe[504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8

.text C:\WINDOWS\system32\nvsvc32.exe[504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\nvsvc32.exe[504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\nvsvc32.exe[504] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804

.text C:\WINDOWS\system32\nvsvc32.exe[504] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08

.text C:\WINDOWS\system32\nvsvc32.exe[504] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]

.text C:\WINDOWS\system32\nvsvc32.exe[504] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600

.text C:\WINDOWS\system32\nvsvc32.exe[504] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8

.text C:\WINDOWS\system32\nvsvc32.exe[504] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\WINDOWS\System32\alg.exe[524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\alg.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\alg.exe[524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\alg.exe[524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\alg.exe[524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\alg.exe[524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\alg.exe[524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\alg.exe[524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\alg.exe[524] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\System32\alg.exe[524] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\alg.exe[524] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\alg.exe[524] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\System32\alg.exe[524] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\System32\alg.exe[524] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\alg.exe[524] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\System32\alg.exe[524] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00381014

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00380804

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00380A08

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00380C0C

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00380E10

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003801F8

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003803FC

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00380600

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC

.text C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe[556] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]

.text C:\WINDOWS\System32\smss.exe[628] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8

.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC

.text C:\WINDOWS\system32\winlogon.exe[708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\winlogon.exe[708] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\winlogon.exe[708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\services.exe[752] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\services.exe[752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[752] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\services.exe[752] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\services.exe[752] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\services.exe[752] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\services.exe[752] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\services.exe[752] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\services.exe[752] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\services.exe[752] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\lsass.exe[764] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\lsass.exe[764] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[764] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\lsass.exe[764] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\lsass.exe[764] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\lsass.exe[764] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[828] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[920] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[920] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1080] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\svchost.exe[1080] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\svchost.exe[1080] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\svchost.exe[1080] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1140] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1140] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1140] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1140] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1140] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1140] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8

.text C:\Arquivos de programas\TeamViewer\Version4\TeamViewer_Service.exe[1172] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC

.text C:\WINDOWS\StartupMonitor.exe[1276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8

.text C:\WINDOWS\StartupMonitor.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\StartupMonitor.exe[1276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC

.text C:\WINDOWS\StartupMonitor.exe[1276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\StartupMonitor.exe[1276] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804

.text C:\WINDOWS\StartupMonitor.exe[1276] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08

.text C:\WINDOWS\StartupMonitor.exe[1276] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]

.text C:\WINDOWS\StartupMonitor.exe[1276] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600

.text C:\WINDOWS\StartupMonitor.exe[1276] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8

.text C:\WINDOWS\StartupMonitor.exe[1276] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC

.text C:\WINDOWS\StartupMonitor.exe[1276] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\WINDOWS\StartupMonitor.exe[1276] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\WINDOWS\StartupMonitor.exe[1276] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\WINDOWS\StartupMonitor.exe[1276] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\WINDOWS\StartupMonitor.exe[1276] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\WINDOWS\StartupMonitor.exe[1276] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\WINDOWS\StartupMonitor.exe[1276] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\WINDOWS\StartupMonitor.exe[1276] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\WINDOWS\system32\LEXBCES.EXE[1468] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00381014

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00380804

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00380A08

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00380C0C

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00380E10

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003801F8

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003803FC

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00380600

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC

.text C:\WINDOWS\system32\LEXPPS.EXE[1492] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]

.text C:\WINDOWS\system32\spoolsv.exe[1524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\spoolsv.exe[1524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[1524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\spoolsv.exe[1524] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\spoolsv.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\spoolsv.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\spoolsv.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\spoolsv.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\spoolsv.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\spoolsv.exe[1524] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\spoolsv.exe[1524] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\spoolsv.exe[1524] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\spoolsv.exe[1524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\spoolsv.exe[1524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\spoolsv.exe[1524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\spoolsv.exe[1524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\spoolsv.exe[1524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1756] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\svchost.exe[1756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\svchost.exe[1756] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\svchost.exe[1756] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\WINDOWS\ZSSnp211.exe[1784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8

.text C:\WINDOWS\ZSSnp211.exe[1784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\ZSSnp211.exe[1784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC

.text C:\WINDOWS\ZSSnp211.exe[1784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\ZSSnp211.exe[1784] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804

.text C:\WINDOWS\ZSSnp211.exe[1784] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08

.text C:\WINDOWS\ZSSnp211.exe[1784] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]

.text C:\WINDOWS\ZSSnp211.exe[1784] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600

.text C:\WINDOWS\ZSSnp211.exe[1784] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8

.text C:\WINDOWS\ZSSnp211.exe[1784] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC

.text C:\WINDOWS\ZSSnp211.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\WINDOWS\ZSSnp211.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\WINDOWS\ZSSnp211.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\WINDOWS\ZSSnp211.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\WINDOWS\ZSSnp211.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\WINDOWS\ZSSnp211.exe[1784] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\WINDOWS\ZSSnp211.exe[1784] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\WINDOWS\ZSSnp211.exe[1784] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\WINDOWS\Explorer.EXE[1788] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\Explorer.EXE[1788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[1788] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\Explorer.EXE[1788] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\Explorer.EXE[1788] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\Explorer.EXE[1788] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\Explorer.EXE[1788] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\Explorer.EXE[1788] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600

.text C:\WINDOWS\Explorer.EXE[1788] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\Explorer.EXE[1788] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC

.text C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe[1888] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe[1888] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\Arquivos de programas\Alwil Software\Avast5\AvastSvc.exe[1888] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00381014

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00380804

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00380A08

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00380C0C

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00380E10

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003801F8

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003803FC

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00380600

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC

.text C:\Arquivos de programas\IVT Corporation\BlueSoleil\BTNtService.exe[1920] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]

.text C:\WINDOWS\system32\wscntfy.exe[1964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\wscntfy.exe[1964] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003A0804

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003A0A08

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003A0600

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003A01F8

.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe[2028] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003A03FC

.text C:\WINDOWS\Domino.exe[2060] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8

.text C:\WINDOWS\Domino.exe[2060] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\Domino.exe[2060] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC

.text C:\WINDOWS\Domino.exe[2060] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\Domino.exe[2060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00380804

.text C:\WINDOWS\Domino.exe[2060] USER32.dll!UnhookWindowsHookEx 7E37D5F3 3 Bytes JMP 00380A08

.text C:\WINDOWS\Domino.exe[2060] USER32.dll!UnhookWindowsHookEx + 4 7E37D5F7 1 Byte [82]

.text C:\WINDOWS\Domino.exe[2060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00380600

.text C:\WINDOWS\Domino.exe[2060] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003801F8

.text C:\WINDOWS\Domino.exe[2060] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003803FC

.text C:\WINDOWS\Domino.exe[2060] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00391014

.text C:\WINDOWS\Domino.exe[2060] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00390804

.text C:\WINDOWS\Domino.exe[2060] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00390A08

.text C:\WINDOWS\Domino.exe[2060] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00390C0C

.text C:\WINDOWS\Domino.exe[2060] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00390E10

.text C:\WINDOWS\Domino.exe[2060] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003901F8

.text C:\WINDOWS\Domino.exe[2060] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003903FC

.text C:\WINDOWS\Domino.exe[2060] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00390600

.text C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe[2092] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\ARQUIV~1\ALWILS~1\Avast5\avastUI.exe[2092] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\RUNDLL32.EXE[2144] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\ctfmon.exe[2152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8

.text C:\WINDOWS\system32\ctfmon.exe[2152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[2152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC

.text C:\WINDOWS\system32\ctfmon.exe[2152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\ctfmon.exe[2152] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\ctfmon.exe[2152] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\ctfmon.exe[2152] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\ctfmon.exe[2152] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\ctfmon.exe[2152] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\ctfmon.exe[2152] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\ctfmon.exe[2152] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\ctfmon.exe[2152] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\ctfmon.exe[2152] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\ctfmon.exe[2152] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\ctfmon.exe[2152] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\ctfmon.exe[2152] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\ctfmon.exe[2152] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 00381014

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 00380804

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 00380A08

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 00380C0C

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 00380E10

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 003801F8

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 003803FC

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 00380600

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC

.text C:\Arquivos de programas\RALINK\Common\RaUI.exe[2256] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002C1014

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002C0804

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002C0A08

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002C0C0C

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002C0E10

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002C01F8

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002C03FC

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002C0600

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D0804

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0A08

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D0600

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D01F8

.text C:\WINDOWS\system32\NOTEPAD.EXE[2564] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D03FC

.text C:\WINDOWS\System32\svchost.exe[2760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8

.text C:\WINDOWS\System32\svchost.exe[2760] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC

.text C:\WINDOWS\System32\svchost.exe[2760] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!SetServiceObjectSecurity 77FB6D81 5 Bytes JMP 002B1014

.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfigA 77FB6E69 5 Bytes JMP 002B0804

.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfigW 77FB7001 5 Bytes JMP 002B0A08

.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfig2A 77FB7101 5 Bytes JMP 002B0C0C

.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!ChangeServiceConfig2W 77FB7189 5 Bytes JMP 002B0E10

.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!CreateServiceA 77FB7211 5 Bytes JMP 002B01F8

.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!CreateServiceW 77FB73A9 5 Bytes JMP 002B03FC

.text C:\WINDOWS\System32\svchost.exe[2760] ADVAPI32.dll!DeleteService 77FB74B1 5 Bytes JMP 002B0600

.text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C0804

.text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0A08

.text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C0600

.text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C01F8

.text C:\WINDOWS\System32\svchost.exe[2760] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C03FC

.text C:\Documents and Settings\Administrador\Desktop\gmer\gmer.exe[3132] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62]

.text C:\Documents and Settings\Administrador\Desktop\gmer\gmer.exe[3132] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]

 

---- Devices - GMER 1.0.15 ----

 

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

 

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

 

Device \Driver\Cdrom \Device\CdRom0 89DF35C0

Device \Driver\Cdrom \Device\CdRom1 89DF35C0

 

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

 

Device \Driver\st3wolf \Device\Scsi\st3wolf1 89DF34B0

Device \Driver\st3wolf \Device\Scsi\st3wolf1Port3Path0Target1Lun0 89DF34B0

Device \Driver\st3wolf \Device\Scsi\st3wolf1Port3Path0Target0Lun0 89DF34B0

 

---- Registry - GMER 1.0.15 ----

 

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B0ADD23D-720E-D8E2-D27E-2D0B8C0B4F6D}

 

---- EOF - GMER 1.0.15 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

1.

*Delete o DDS e seus relatórios.

 

2.

*Delete o GMER e seu relatório.

 

3.

*Execute o hijack, clique em [Do a system scan only], selecione a entrada abaixo e clique em [Fix checked]

O20 - Winlogon Notify: wamregps32 - wamregps32.dll (file missing)

*Feche o hijack

 

 

Informe se foi resolvido

Compartilhar este post


Link para o post
Compartilhar em outros sites

ok, as páginas pararam de rolar sozinhas.

 

flash ok.

 

o carregamento da net continua lento, mas acho q tem um pouco haver com o provedor oi brt

 

agora quando é feito acesso ao orkut por exemplo e é clicado no campo usuário, o pc trava teclado e mouse. se insiro um mouse/teclado usb eles funcionam normal, mas os outros ficam travados e tem de reiniciar o pc.

 

obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

agora quando é feito acesso ao orkut por exemplo e é clicado no campo usuário, o pc trava teclado e mouse. se insiro um mouse/teclado usb eles funcionam normal, mas os outros ficam travados e tem de reiniciar o pc.

Não há associação com malwares.

 

Vou fazer só uma busca do motivo do OTS parar na chave: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\MOUNTPOINT2

 

1.

*Clique em [iniciar] > [Executar] > digite: Gpedit.msc

*Clique [OK]

*Em "Configuração do Computador", expanda "Modelos Administrativos" e clique em "Sistema".

*Na coluna a direita, clique com o botão direito do mouse em "Desativar AutoExecutar" e selecione "Propriedades"

*Selecione "Ativado"

*Na caixa abaixo de onde está escrito "Desativar Executar automaticamente em:" selecione "Todas as unidades"

*Clique [Aplicar] > [OK]

*Reinicie o computador

 

2.

*Baixe o USBFix e salve-o no desktop

*Conecte o pen drive no PC

*Execute-o e clique [Pesquisa]

*Ao finalizar, remova o pen drive e cole o relatório apresentado

Compartilhar este post


Link para o post
Compartilhar em outros sites

reprodução automática desativada.

 

não tenho mais pendrives.

OK..execute o USBFix sem o pen drive.

Compartilhar este post


Link para o post
Compartilhar em outros sites

############################## | UsbFix 7.046 | [Pesquisa]

 

Usuário: Administrador (Administrador) # PCMARIA [ ]

Atualizado em 23/05/2011 por TeamXscript

Começou em 15:10:17 | 30/05/2011

Site: http://www.teamxscript.org

Submit your sample: http://www.teamxscript.org/Upload.php

Contato: TeamXscript.ElDesaparecido@gmail.com

 

CPU: AMD Sempron 2600+

Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3

Internet Explorer 8.0.6001.18702

 

Windows Firewall: Habilitado

Antivirus: avast! Antivirus 5.0.100664421 [(!) Disabled | Updated]

RAM -> 1536 Mb

C:\ (%systemdrive%) -> Disco fixo # 37 Gb (7 Mb livre - 20%) [] # NTFS

D:\ -> Disco fixo # 37 Gb (5 Mb livre - 14%) [Disco local] # NTFS

I:\ -> CD-ROM

J:\ -> CD-ROM

 

################## | Ficheiros # pastas infeciosos |

 

 

 

################## | Registro |

 

Presente ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoRecentDocsMenu

 

################## | Mountpoints2 |

 

HKCU\.\.\.\.\Explorer\MountPoints2\{133e8842-233f-11df-9a0f-00059e824e75}

Shell\AutoRun\Command = H:\AutoRun.exe

 

 

################## | Vaccin |

 

(!) Este computador não é vacinada!

 

################## | E.O.F |

Compartilhar este post


Link para o post
Compartilhar em outros sites

Realmente não há nada demais na chave.

 

1.

*Execute o UsbFix e clique [uninstall]

 

2.

*Clique em [iniciar] > [Executar] > digite: Gpedit.msc

*Clique [OK]

*Em "Configuração do Computador", expanda "Modelos Administrativos" e clique em "Sistema".

*Clique com o botão direito do mouse em "Desativar AutoExecutar" e selecione "Propriedades"

*Selecione "Desativado"

*Na caixa abaixo de onde está escrito "Desativar Executar automaticamente em:" selecione "Todas as unidades"

*Clique em [Aplicar] > [OK]

*Reinicie o computador

 

O PC está limpo. :)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok obrigado,

 

não querendo abusar mas já o fazendo, caberia um gerenciador de conteúdo? tens alguma sugestão?

 

Grato pelo empenho.

Compartilhar este post


Link para o post
Compartilhar em outros sites

perguntei uma coisa e acertei em outra estava a procura disso mesmo q você passou.

 

mas o q perguntei porque esse pc é usado por crianças e gostaria de bloquear alguns conteúdos.

 

mais uma vez obrigado

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.