Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Karteler

Logs (outro PC)

Recommended Posts

Criei um tópico ontem para um PC, esse é outro. Acho que posso ter algum tipo de ad-ware.

Aqui vão os logs do DDS e do GMER:

DDS:

DDS (Version 1.0.1) - NTFSx86

Run by Filipe at 13:40:47,29 on dom 14/12/2008

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07

Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.1023.492 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Java\jre1.6.0_05\bin\jusched.exe

C:\WINDOWS\system32\spoolsv.exe

C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

C:\Arquivos de programas\DAEMON Tools\daemon.exe

C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Arquivos de programas\iTunes\iTunesHelper.exe

C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Arquivos de programas\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\cmpe.exe

C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

C:\Arquivos de programas\NitroPC\NitroPC.exe

C:\Arquivos de programas\DNA\btdna.exe

C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

C:\Arquivos de programas\iPod\bin\iPodService.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\msiexec.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Documents and Settings\Filipe\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank

uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60337

uSearchMigratedDefaultURL = hxxp://farejador.ig.com.br/query.cgi?utf8&query={searchTerms}

mSearch Bar = hxxp://farejador.ig.com.br/ie/

uInternet Settings,ProxyOverride = *.local

mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60337

mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60337

uURLSearchHooks: {8e41e543-e069-4197-8608-e8b4c2f75747} - c:\arquivos de programas\wellgames\tbwell.dll

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\arquivos de programas\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

BHO: {8e41e543-e069-4197-8608-e8b4c2f75747} - c:\arquivos de programas\wellgames\tbwell.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\arquivos de programas\windows live toolbar\msntb.dll

BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\arquivos de programas\hotspot shield\hssie\HssIE.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\arquivos de programas\windows live toolbar\msntb.dll

TB: {8e41e543-e069-4197-8608-e8b4c2f75747} - c:\arquivos de programas\wellgames\tbwell.dll

TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\arquivos de programas\windows live toolbar\msntb.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll

TB: {8E41E543-E069-4197-8608-E8B4C2F75747} - c:\arquivos de programas\wellgames\tbwell.dll

uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\MsnMsgr.Exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

uRun: [LightDialer] c:\arquivos de programas\oi velox\conexão\DISCADOR.EXE

uRun: [updateMgr] c:\arquivos de programas\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0

uRun: [skype] "c:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized

uRun: [NitroPC] "c:\arquivos de programas\nitropc\NitroPC.exe" -minimized

uRun: [bitTorrent DNA] "c:\arquivos de programas\dna\btdna.exe"

uRun: [Gadwin PrintScreen] c:\arquivos de programas\gadwin systems\printscreen\PrintScreen.exe /nosplash

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [skyTel] SkyTel.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre1.6.0_07\bin\jusched.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

mRun: [DAEMON Tools] "c:\arquivos de programas\daemon tools\daemon.exe" -lang 1033

mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\nero\lib\NeroCheck.exe

mRun: [NBKeyScan] "c:\arquivos de programas\nero\nero8\nero backitup\NBKeyScan.exe"

mRun: [desp2k] c:\arquivos de programas\oi velox\manager\desp2k.exe

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [AppleSyncNotifier] c:\arquivos de programas\arquivos comuns\apple\mobile device support\bin\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\micros~1.lnk - c:\arquivos de programas\microsoft office\office10\OSA.EXE

IE: &Windows Live Search - c:\arquivos de programas\windows live toolbar\msntb.dll/search.htm

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office10\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\filipe\dadosd~1\mozilla\firefox\profiles\krt726gq.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

FF - prefs.js: network.proxy.ftp - 127.0.0.1

FF - prefs.js: network.proxy.ftp_port - 8080

FF - prefs.js: network.proxy.gopher - 127.0.0.1

FF - prefs.js: network.proxy.gopher_port - 8080

FF - prefs.js: network.proxy.socks - 127.0.0.1

FF - prefs.js: network.proxy.socks_port - 8080

FF - prefs.js: network.proxy.ssl - 127.0.0.1

FF - prefs.js: network.proxy.ssl_port - 8080

FF - prefs.js: network.proxy.type - 2

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-14 111184]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-14 20560]

R2 avast! Antivirus;avast! Antivirus;"c:\arquivos de programas\alwil software\avast4\ashServ.exe" [2007-10-18 155160]

R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [2007-2-26 61440]

R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]

R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-6-10 31232]

S3 avast! Mail Scanner;avast! Mail Scanner;"c:\arquivos de programas\alwil software\avast4\ashMaiSv.exe" /service [2007-10-18 254040]

S3 avast! Web Scanner;avast! Web Scanner;"c:\arquivos de programas\alwil software\avast4\ashWebSv.exe" /service [2007-10-18 352920]

S3 XDva081;XDva081;\??\c:\windows\system32\XDva081.sys []

=============== Created Last 30 ================

2008-12-05 20:34 <DIR> --d----- C:\Nexon

2008-12-05 18:12 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PMB Files

2008-12-05 18:09 <DIR> --d----- c:\arquivos de programas\Pando Networks

2008-11-28 00:09 4,379,984 a------- c:\windows\system32\D3DX9_40.dll

2008-11-28 00:09 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll

2008-11-28 00:09 452,440 a------- c:\windows\system32\d3dx10_40.dll

2008-11-28 00:09 514,384 a------- c:\windows\system32\XAudio2_3.dll

2008-11-28 00:09 235,856 a------- c:\windows\system32\xactengine3_3.dll

2008-11-28 00:09 70,992 a------- c:\windows\system32\XAPOFX1_2.dll

2008-11-28 00:09 509,448 a------- c:\windows\system32\XAudio2_2.dll

2008-11-28 00:09 68,616 a------- c:\windows\system32\XAPOFX1_1.dll

2008-11-28 00:09 23,376 a------- c:\windows\system32\X3DAudio1_5.dll

2008-11-28 00:09 238,088 a------- c:\windows\system32\xactengine3_2.dll

2008-11-28 00:08 1,493,528 a------- c:\windows\system32\D3DCompiler_39.dll

2008-11-28 00:08 467,984 a------- c:\windows\system32\d3dx10_39.dll

2008-11-28 00:08 3,851,784 a------- c:\windows\system32\D3DX9_39.dll

2008-11-26 22:49 68 ----h--- c:\windows\popcreg.dat

2008-11-26 22:47 20 a------- c:\windows\popcinfot.dat

2008-11-26 22:46 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PopCap Games

2008-11-26 22:46 <DIR> --d----- c:\arquivos de programas\PopCap Games

2008-11-23 21:40 <DIR> --d----- c:\arquivos de programas\Angels Online

2008-11-23 20:26 1,036,825,842 a------- C:\ao_setup_2004.exe

==================== Find3M ====================

2008-10-24 09:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 11:00 283,648 a------- c:\windows\system32\gdi32.dll

2008-10-16 18:23 826,368 a------- c:\windows\system32\wininet.dll

2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

2008-10-12 13:07 425,426 a------- c:\windows\system32\perfh016.dat

2008-10-12 13:07 67,450 a------- c:\windows\system32\perfc016.dat

2008-10-03 17:28 28,592 a---h--- c:\windows\system32\mlfcache.dat

2008-10-03 08:16 247,326 a------- c:\windows\system32\strmdll.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2008-07-30 21:08 0 a------- c:\documents and settings\filipe\jagex_runescape_preferences.dat

2008-01-09 21:56 32 a----r-- c:\documents and settings\all users\hash.dat

============= FINISH: 13:41:08,68 ===============

GMER:

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-14 14:03:30

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3AA1576]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3AA1432]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3AA1910]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF3AA100A]

SSDT sptd.sys ZwEnumerateKey [0xF740FC7E]

SSDT sptd.sys ZwEnumerateValueKey [0xF740FFF6]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF3AA150C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF3AA0F4A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF3AA0FAE]

SSDT sptd.sys ZwQueryKey [0xF74100C0]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF3AA162C]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF3AA15EC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF3AA176C]

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys O arquivo já está sendo usado por outro processo.

? C:\WINDOWS\System32\Drivers\SPTD1693.SYS O arquivo já está sendo usado por outro processo.

.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F627D4D0 16 Bytes [ D4, D7, CC, 20, FE, 80, 97, ... ]

.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F627D4E1 31 Bytes [ C0, 27, F6, A8, 18, 0B, 9D, ... ]

? C:\WINDOWS\System32\Drivers\dtscsi.sys O arquivo já está sendo usado por outro processo.

---- User code sections - GMER 1.0.14 ----

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 28001CC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 28001B00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 28001A80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 28001D80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] kernel32.dll!FindResourceA 7C80BE89 7 Bytes JMP 28001B90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 28001DF0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 28001840 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] kernel32.dll!FindResourceExA 7C835F78 7 Bytes JMP 28001C20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] kernel32.dll!OutputDebugStringW 7C85A42D 5 Bytes JMP 28001E50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] ADVAPI32.dll!CryptDeriveKey 77F6A685 7 Bytes JMP 28001000 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] ADVAPI32.dll!CryptDecrypt 77F6A7B1 2 Bytes JMP 28001060 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] ADVAPI32.dll!CryptDecrypt + 3 77F6A7B4 4 Bytes [ 09, B0, CC, CC ]

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 28004090 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 28003820 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] USER32.dll!SetWindowRgn 7E36FFB2 7 Bytes JMP 28005980 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] USER32.dll!LoadIconW 7E370894 5 Bytes JMP 280062B0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] USER32.dll!LoadImageW 7E372CFE 5 Bytes JMP 280060C0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] USER32.dll!CreateDialogParamW 7E377D4F 5 Bytes JMP 28005AC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] USER32.dll!SetWindowPlacement 7E37D84C 5 Bytes JMP 28005840 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 28005CB0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] USER32.dll!TrackPopupMenuEx 7E3BCD28 5 Bytes JMP 28004970 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] WS2_32.dll!send 71A7428A 5 Bytes JMP 2800A180 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] WS2_32.dll!WSARecv 71A74318 5 Bytes JMP 28009F60 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] WS2_32.dll!recv 71A7615A 5 Bytes JMP 28009DC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] WS2_32.dll!WSASend 71A76233 5 Bytes JMP 2800A360 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] WS2_32.dll!closesocket 71A79639 5 Bytes JMP 2800A5A0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] SHELL32.dll!Shell_NotifyIconW 7CA21B92 5 Bytes JMP 28002FE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] ole32.dll!CoInitializeEx 774DEF6B 5 Bytes JMP 28002100 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] ole32.dll!CoRegisterClassObject 774F8720 5 Bytes JMP 28002200 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] WININET.dll!InternetCloseHandle 4338DA59 5 Bytes JMP 28008F20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] WININET.dll!HttpOpenRequestA 43394341 5 Bytes JMP 28008BE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] WININET.dll!InternetReadFile 4339ABB4 5 Bytes JMP 28008D70 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1520] WININET.dll!HttpSendRequestA 4339CD40 5 Bytes JMP 28008E50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F740BA32] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F740BB6E] sptd.sys

IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F740BAF6] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F740C6CC] sptd.sys

IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F740C5A2] sptd.sys

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F742DC82] sptd.sys

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[1116] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00370002

IAT C:\WINDOWS\system32\services.exe[1116] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00370000

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00C606A0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00C60390

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00C58E90

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00C5A3D0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00C5D540

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00C5B120

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00C5A700

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00C5C880

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00C5F870

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00C5F8B0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00C609F0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00C5F470

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00C5D4A0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00C5BC40

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00C5ADD0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00C5B6C0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00C60F70

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00C5CBD0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00C5D300

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00C5DF30

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00C5DA10

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00C5DEB0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00C5E9D0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00C5E0A0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00C5AA80

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00C5BAF0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00C5F990

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00C5DB50

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00C5D440

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00C5D000

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00C5D650

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00C60A10

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00C5D950

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 00C60CB0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 00C60C50

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 00C60EA0

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 00C60F40

IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[1468] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 00C60D70

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 86797B78

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\NetBT \Device\NetBT_Tcpip_{8552E221-3F9D-4D0B-A524-19BFCADF57E2} 866758A8

Device \Driver\00000066 \Device\00000046 sptd.sys

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 86798458

Device \Driver\Cdrom \Device\CdRom0 865AC9F8

Device \FileSystem\Rdbss \Device\FsWrap 86612500

Device \Driver\Cdrom \Device\CdRom1 865AC9F8

Device \Driver\NetBT \Device\NetBt_Wins_Export 866758A8

Device \Driver\NetBT \Device\NetbiosSmb 866758A8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk0\DR0 86797E30

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 865A7B40

Device \FileSystem\MRxSmb \Device\LanmanRedirector 865A7B40

Device \Driver\NetBT \Device\NetBT_Tcpip_{66056960-590D-44C1-A633-A723EBF62928} 866758A8

Device \FileSystem\Npfs \Device\NamedPipe 86555450

Device \Driver\Ftdisk \Device\FtControl 86798458

Device \FileSystem\Msfs \Device\Mailslot 86607498

Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 864528D0

Device \Driver\dtscsi \Device\Scsi\dtscsi1 864528D0

Device \FileSystem\Cdfs \Cdfs 864EF0E8

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -480914982

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -517067560

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 386354155

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x0F 0x5C 0xC1 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x67 0x3F 0x95 0x2F ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0x62 0x02 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC6 0x7F 0x9C 0xDC ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF1 0x6E 0xC5 0x34 ...

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x52 0x46 0x3A 0x0F ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x0F 0x5C 0xC1 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x67 0x3F 0x95 0x2F ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0x62 0x02 0x00 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC6 0x7F 0x9C 0xDC ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF1 0x6E 0xC5 0x34 ...

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x52 0x46 0x3A 0x0F ...

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Obrigado por atender. ^^

    DDS (Version 1.0.1) - NTFSx86

    Run by Filipe at 0:12:51,43 on s*b 20/12/2008

    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_07

    Microsoft Windows XP Home Edition 5.1.2600.2.1252.55.1046.18.1023.459 [GMT -2:00]

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch

    svchost.exe

    C:\WINDOWS\System32\svchost.exe -k netsvcs

    svchost.exe

    svchost.exe

    C:\Arquivos de programas\Alwil Software\Avast4\aswUpdSv.exe

    C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\RTHDCPL.EXE

    C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe

    C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe

    C:\Arquivos de programas\DAEMON Tools\daemon.exe

    C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Arquivos de programas\iTunes\iTunesHelper.exe

    C:\Arquivos de programas\COMODO\SafeSurf\cssurf.exe

    C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

    C:\Arquivos de programas\Bonjour\mDNSResponder.exe

    C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe

    C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe

    C:\Arquivos de programas\Skype\Phone\Skype.exe

    C:\WINDOWS\system32\cmpe.exe

    C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe

    C:\Arquivos de programas\NitroPC\NitroPC.exe

    C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe

    C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\WINDOWS\system32\IoctlSvc.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe

    C:\WINDOWS\System32\svchost.exe -k HTTPFilter

    C:\WINDOWS\system32\wuauclt.exe

    C:\Arquivos de programas\iPod\bin\iPodService.exe

    C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe

    C:\WINDOWS\system32\wscntfy.exe

    C:\Arquivos de programas\Mozilla Firefox\firefox.exe

    C:\Documents and Settings\Filipe\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank

    uSearch Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60337

    uSearchMigratedDefaultURL = hxxp://farejador.ig.com.br/query.cgi?utf8&query={searchTerms}

    mSearch Bar = hxxp://farejador.ig.com.br/ie/

    uInternet Settings,ProxyOverride = *.local

    mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60337

    mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60337

    uURLSearchHooks: {8e41e543-e069-4197-8608-e8b4c2f75747} - c:\arquivos de programas\wellgames\tbwell.dll

    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\arquivos de programas\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll

    BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\arquivos de programas\arquivos comuns\adobe\acrobat\activex\AcroIEHelperShim.dll

    BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\arquivos de programas\askbardis\bar\bin\askBar.dll

    BHO: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\arquivos de programas\real\realplayer\rpbrowserrecordplugin.dll

    BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

    BHO: {8e41e543-e069-4197-8608-e8b4c2f75747} - c:\arquivos de programas\wellgames\tbwell.dll

    BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

    BHO: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\arquivos de programas\windows live toolbar\msntb.dll

    BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\arquivos de programas\hotspot shield\hssie\HssIE.dll

    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll

    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\arquivos de programas\windows live toolbar\msntb.dll

    TB: {8e41e543-e069-4197-8608-e8b4c2f75747} - c:\arquivos de programas\wellgames\tbwell.dll

    TB: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\arquivos de programas\askbardis\bar\bin\askBar.dll

    TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\arquivos de programas\windows live toolbar\msntb.dll

    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\ycomp5_6_0_1.dll

    TB: {8E41E543-E069-4197-8608-E8B4C2F75747} - c:\arquivos de programas\wellgames\tbwell.dll

    uRun: [MsnMsgr] "c:\arquivos de programas\windows live\messenger\MsnMsgr.Exe" /background

    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

    uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\arquivos de programas\arquivos comuns\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020

    uRun: [LightDialer] c:\arquivos de programas\oi velox\conexão\DISCADOR.EXE

    uRun: [updateMgr] c:\arquivos de programas\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0

    uRun: [skype] "c:\arquivos de programas\skype\phone\Skype.exe" /nosplash /minimized

    uRun: [NitroPC] "c:\arquivos de programas\nitropc\NitroPC.exe" -minimized

    uRun: [Gadwin PrintScreen] c:\arquivos de programas\gadwin systems\printscreen\PrintScreen.exe /nosplash

    mRun: [igfxtray] c:\windows\system32\igfxtray.exe

    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

    mRun: [igfxpers] c:\windows\system32\igfxpers.exe

    mRun: [RTHDCPL] RTHDCPL.EXE

    mRun: [skyTel] SkyTel.EXE

    mRun: [Alcmtr] ALCMTR.EXE

    mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre1.6.0_07\bin\jusched.exe"

    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

    mRun: [nwiz] nwiz.exe /install

    mRun: [avast!] c:\arquiv~1\alwils~1\avast4\ashDisp.exe

    mRun: [DAEMON Tools] "c:\arquivos de programas\daemon tools\daemon.exe" -lang 1033

    mRun: [NeroFilterCheck] c:\arquivos de programas\arquivos comuns\nero\lib\NeroCheck.exe

    mRun: [NBKeyScan] "c:\arquivos de programas\nero\nero8\nero backitup\NBKeyScan.exe"

    mRun: [desp2k] c:\arquivos de programas\oi velox\manager\desp2k.exe

    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

    mRun: [AppleSyncNotifier] c:\arquivos de programas\arquivos comuns\apple\mobile device support\bin\AppleSyncNotifier.exe

    mRun: [QuickTime Task] "c:\arquivos de programas\quicktime\QTTask.exe" -atboottime

    mRun: [iTunesHelper] "c:\arquivos de programas\itunes\iTunesHelper.exe"

    mRun: [COMODO SafeSurf] "c:\arquivos de programas\comodo\safesurf\cssurf.exe" -s

    mRun: [COMODO Internet Security] "c:\arquivos de programas\comodo\comodo internet security\cfp.exe" -h

    mRun: [Adobe Reader Speed Launcher] "c:\arquivos de programas\adobe\reader 9.0\reader\Reader_sl.exe"

    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

    StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

    StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\micros~1.lnk - c:\arquivos de programas\microsoft office\office10\OSA.EXE

    IE: &Windows Live Search - c:\arquivos de programas\windows live toolbar\msntb.dll/search.htm

    IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office10\EXCEL.EXE/3000

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\arquivos de programas\java\jre1.6.0_07\bin\ssv.dll

    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\arquiv~1\arquiv~1\skype\SKYPE4~1.DLL

    Notify: igfxcui - igfxdev.dll

    AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\cssdll32.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\filipe\dadosd~1\mozilla\firefox\profiles\krt726gq.default\

    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT147694&SearchSource=3&q=

    FF - prefs.js: browser.search.selectedEngine - Google

    FF - prefs.js: keyword.URL - hxxp://br.search.yahoo.com/search?ei=ISO-8859-1&fr=megaup&p=

    FF - prefs.js: network.proxy.ftp - 127.0.0.1

    FF - prefs.js: network.proxy.ftp_port - 8080

    FF - prefs.js: network.proxy.gopher - 127.0.0.1

    FF - prefs.js: network.proxy.gopher_port - 8080

    FF - prefs.js: network.proxy.socks - 127.0.0.1

    FF - prefs.js: network.proxy.socks_port - 8080

    FF - prefs.js: network.proxy.ssl - 127.0.0.1

    FF - prefs.js: network.proxy.ssl_port - 8080

    FF - prefs.js: network.proxy.type - 2

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-14 111184]

    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-12-17 101776]

    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-12-17 31504]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-14 20560]

    R2 avast! Antivirus;avast! Antivirus;"c:\arquivos de programas\alwil software\avast4\ashServ.exe" [2007-10-18 155160]

    R2 cmdAgent;COMODO Internet Security Helper Service;"c:\arquivos de programas\comodo\comodo internet security\cmdagent.exe" [2008-12-17 618232]

    R2 cmpe;Context Manager Process Extension;c:\windows\system32\cmpe.exe [2007-2-26 61440]

    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]

    R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);c:\windows\system32\drivers\RMSPPPOE.SYS [2002-6-10 31232]

    S3 avast! Mail Scanner;avast! Mail Scanner;"c:\arquivos de programas\alwil software\avast4\ashMaiSv.exe" /service [2007-10-18 254040]

    S3 avast! Web Scanner;avast! Web Scanner;"c:\arquivos de programas\alwil software\avast4\ashWebSv.exe" /service [2007-10-18 352920]

    S3 XDva081;XDva081;\??\c:\windows\system32\XDva081.sys []

    =============== Created Last 30 ================

    2008-12-18 11:54 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\POP3Profiles

    2008-12-17 04:24 249,592 a------- c:\windows\system32\cssdll32.dll

    2008-12-17 04:24 <DIR> --d----- c:\arquivos de programas\AskBarDis

    2008-12-17 04:22 147,192 a------- c:\windows\system32\guard32.dll

    2008-12-17 04:22 101,776 a------- c:\windows\system32\drivers\cmdguard.sys

    2008-12-17 04:22 31,504 a------- c:\windows\system32\drivers\cmdhlp.sys

    2008-12-17 04:22 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\comodo

    2008-12-17 04:22 <DIR> --d----- c:\arquivos de programas\COMODO

    2008-12-15 17:49 <DIR> --d----- C:\xampp

    2008-12-15 17:35 286,720 -------- c:\windows\Setup1.exe

    2008-12-14 13:44 250 a------- c:\windows\gmer.ini

    2008-12-05 20:34 <DIR> --d----- C:\Nexon

    2008-12-05 18:12 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PMB Files

    2008-12-05 18:09 <DIR> --d----- c:\arquivos de programas\Pando Networks

    2008-11-28 00:09 4,379,984 a------- c:\windows\system32\D3DX9_40.dll

    2008-11-28 00:09 2,036,576 a------- c:\windows\system32\D3DCompiler_40.dll

    2008-11-28 00:09 452,440 a------- c:\windows\system32\d3dx10_40.dll

    2008-11-28 00:09 514,384 a------- c:\windows\system32\XAudio2_3.dll

    2008-11-28 00:09 235,856 a------- c:\windows\system32\xactengine3_3.dll

    2008-11-28 00:09 70,992 a------- c:\windows\system32\XAPOFX1_2.dll

    2008-11-28 00:09 509,448 a------- c:\windows\system32\XAudio2_2.dll

    2008-11-28 00:09 68,616 a------- c:\windows\system32\XAPOFX1_1.dll

    2008-11-28 00:09 23,376 a------- c:\windows\system32\X3DAudio1_5.dll

    2008-11-28 00:09 238,088 a------- c:\windows\system32\xactengine3_2.dll

    2008-11-28 00:08 1,493,528 a------- c:\windows\system32\D3DCompiler_39.dll

    2008-11-28 00:08 467,984 a------- c:\windows\system32\d3dx10_39.dll

    2008-11-28 00:08 3,851,784 a------- c:\windows\system32\D3DX9_39.dll

    2008-11-26 22:49 68 ----h--- c:\windows\popcreg.dat

    2008-11-26 22:47 20 a------- c:\windows\popcinfot.dat

    2008-11-26 22:46 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\PopCap Games

    2008-11-26 22:46 <DIR> --d----- c:\arquivos de programas\PopCap Games

    2008-11-23 21:40 <DIR> --d----- c:\arquivos de programas\Angels Online

    2008-11-23 20:26 1,036,825,842 a------- C:\ao_setup_2004.exe

    ==================== Find3M ====================

    2008-10-24 09:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys

    2008-10-23 11:00 283,648 a------- c:\windows\system32\gdi32.dll

    2008-10-16 18:23 826,368 a------- c:\windows\system32\wininet.dll

    2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll

    2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll

    2008-10-12 13:07 425,426 a------- c:\windows\system32\perfh016.dat

    2008-10-12 13:07 67,450 a------- c:\windows\system32\perfc016.dat

    2008-10-03 17:28 28,592 a---h--- c:\windows\system32\mlfcache.dat

    2008-10-03 08:16 247,326 a------- c:\windows\system32\strmdll.dll

    2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

    2008-07-30 21:08 0 a------- c:\documents and settings\filipe\jagex_runescape_preferences.dat

    2008-01-09 21:56 32 a----r-- c:\documents and settings\all users\hash.dat

    ============= FINISH: 0:13:11,62 ===============

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Separei o log do GMER em várias partes, já que ficou muito grande para postar. Espero que não atrapalhe sua análise.

    GMER 1.0.14.14536 - http://www.gmer.net

    Rootkit scan 2008-12-20 01:08:23

    Windows 5.1.2600 Service Pack 2

    ---- System - GMER 1.0.14 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF3E32906]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF3C60576]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xF3E31E66]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xF3E324C2]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF3C60432]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xF3E31BC0]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xF3E33DC0]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF3E32AEC]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xF3E31796]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xF3E32D3A]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF3C60910]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF3C6000A]

    SSDT sptd.sys ZwEnumerateKey [0xF744FC7E]

    SSDT sptd.sys ZwEnumerateValueKey [0xF744FFF6]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xF3E33A42]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xF3E320AC]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xF3E326FA]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF3C6050C]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF3C5FF4A]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xF3E3233C]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF3C5FFAE]

    SSDT sptd.sys ZwQueryKey [0xF74500C0]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF3C6062C]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xF3E33496]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF3E31CDE]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF3C605EC]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xF3E337FA]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xF3E33BF0]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF3C6076C]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xF3E32046]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xF3E32230]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xF3E31A8A]

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xF3E31958]

    ---- Kernel code sections - GMER 1.0.14 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 2EBE 80503C92 2 Bytes [ C6, F3 ]

    .text ntkrnlpa.exe!ZwCallbackReturn + 2F6A 80503D3E 2 Bytes [ C6, F3 ]

    ? C:\WINDOWS\system32\drivers\sptd.sys O arquivo já está sendo usado por outro processo.

    ? C:\WINDOWS\System32\Drivers\SPTD1693.SYS O arquivo já está sendo usado por outro processo.

    .text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F651C4D0 16 Bytes CALL 2F77FF85

    .text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F651C4E1 31 Bytes [ B0, 51, F6, 24, 82, DA, 29, ... ]

    ? C:\WINDOWS\System32\Drivers\dtscsi.sys O arquivo já está sendo usado por outro processo.

    ---- User code sections - GMER 1.0.14 ----

    .text C:\WINDOWS\system32\ctfmon.exe[204] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\ctfmon.exe[204] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\ctfmon.exe[204] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\ctfmon.exe[204] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\ctfmon.exe[204] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\ctfmon.exe[204] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\ctfmon.exe[204] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\ctfmon.exe[204] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\ctfmon.exe[204] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\ctfmon.exe[204] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\ctfmon.exe[204] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe[276] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00375810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe[276] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00375740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe[276] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 003753D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe[276] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 003716D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe[276] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 00371550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe[276] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 00371860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe[276] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 00371230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe[276] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 003713C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe[276] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 51, 88 ]

    .text C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe[276] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 003750E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\COMODO Internet Security\cmdagent.exe[276] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 00375260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe[284] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00395810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe[284] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00395740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe[284] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 003953D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe[284] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 003916D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe[284] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 00391550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe[284] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 00391860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe[284] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 00391230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe[284] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 003913C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe[284] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 53, 88 ]

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe[284] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 003950E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexStoreSvr.exe[284] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 00395260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\Explorer.EXE[344] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\Explorer.EXE[344] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\Explorer.EXE[344] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\Explorer.EXE[344] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\Explorer.EXE[344] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\Explorer.EXE[344] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\Explorer.EXE[344] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\Explorer.EXE[344] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\Explorer.EXE[344] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\Explorer.EXE[344] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\Explorer.EXE[344] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\spoolsv.exe[792] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\spoolsv.exe[792] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\spoolsv.exe[792] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\spoolsv.exe[792] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\spoolsv.exe[792] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\spoolsv.exe[792] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\spoolsv.exe[792] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\spoolsv.exe[792] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\spoolsv.exe[792] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\spoolsv.exe[792] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\spoolsv.exe[792] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\RTHDCPL.EXE[912] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\RTHDCPL.EXE[912] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\RTHDCPL.EXE[912] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\RTHDCPL.EXE[912] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\RTHDCPL.EXE[912] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\RTHDCPL.EXE[912] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\RTHDCPL.EXE[912] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\RTHDCPL.EXE[912] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\RTHDCPL.EXE[912] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\RTHDCPL.EXE[912] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\RTHDCPL.EXE[912] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wuauclt.exe[968] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wuauclt.exe[968] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wuauclt.exe[968] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wuauclt.exe[968] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wuauclt.exe[968] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wuauclt.exe[968] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wuauclt.exe[968] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wuauclt.exe[968] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\wuauclt.exe[968] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wuauclt.exe[968] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wuauclt.exe[968] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe[976] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe[976] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe[976] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe[976] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe[976] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe[976] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe[976] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe[976] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe[976] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe[976] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Java\jre1.6.0_07\bin\jusched.exe[976] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Skype\Phone\Skype.exe[1012] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Skype\Phone\Skype.exe[1012] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Skype\Phone\Skype.exe[1012] user32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Skype\Phone\Skype.exe[1012] user32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Skype\Phone\Skype.exe[1012] user32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Skype\Phone\Skype.exe[1012] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Skype\Phone\Skype.exe[1012] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Skype\Phone\Skype.exe[1012] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Skype\Phone\Skype.exe[1012] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\Skype\Phone\Skype.exe[1012] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Skype\Phone\Skype.exe[1012] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe[1024] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe[1024] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe[1024] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe[1024] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe[1024] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe[1024] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe[1024] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe[1024] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe[1024] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe[1024] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\ARQUIV~1\ALWILS~1\Avast4\ashDisp.exe[1024] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\winlogon.exe[1116] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\winlogon.exe[1116] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\winlogon.exe[1116] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\winlogon.exe[1116] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\winlogon.exe[1116] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\winlogon.exe[1116] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\winlogon.exe[1116] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\winlogon.exe[1116] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\winlogon.exe[1116] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\winlogon.exe[1116] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\winlogon.exe[1116] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\services.exe[1164] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\services.exe[1164] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\services.exe[1164] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\services.exe[1164] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\services.exe[1164] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\services.exe[1164] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\services.exe[1164] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\services.exe[1164] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\services.exe[1164] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\services.exe[1164] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\services.exe[1164] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\lsass.exe[1176] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\lsass.exe[1176] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\lsass.exe[1176] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\lsass.exe[1176] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\lsass.exe[1176] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\lsass.exe[1176] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\lsass.exe[1176] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\lsass.exe[1176] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\lsass.exe[1176] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\lsass.exe[1176] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\lsass.exe[1176] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe[1228] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 003C5810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe[1228] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 003C5740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe[1228] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 003C53D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe[1228] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 003C16D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe[1228] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 003C1550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe[1228] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 003C1860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe[1228] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 003C1230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe[1228] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 003C13C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe[1228] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 56, 88 ]

    .text C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe[1228] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 003C50E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Oi Velox\Manager\desp2k.exe[1228] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 003C5260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\RUNDLL32.EXE[1308] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\RUNDLL32.EXE[1308] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\RUNDLL32.EXE[1308] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\RUNDLL32.EXE[1308] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\RUNDLL32.EXE[1308] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\RUNDLL32.EXE[1308] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\RUNDLL32.EXE[1308] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\RUNDLL32.EXE[1308] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\RUNDLL32.EXE[1308] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\RUNDLL32.EXE[1308] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\RUNDLL32.EXE[1308] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1344] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1344] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1344] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1344] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1344] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    Editado por Karteler

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • .text C:\WINDOWS\system32\svchost.exe[1344] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\svchost.exe[1344] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1344] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1400] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1400] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1400] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1400] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\svchost.exe[1400] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1400] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iTunes\iTunesHelper.exe[1484] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iTunes\iTunesHelper.exe[1484] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iTunes\iTunesHelper.exe[1484] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iTunes\iTunesHelper.exe[1484] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iTunes\iTunesHelper.exe[1484] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iTunes\iTunesHelper.exe[1484] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\iTunes\iTunesHelper.exe[1484] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iTunes\iTunesHelper.exe[1484] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iTunes\iTunesHelper.exe[1484] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iTunes\iTunesHelper.exe[1484] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iTunes\iTunesHelper.exe[1484] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\SafeSurf\cssurf.exe[1532] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\SafeSurf\cssurf.exe[1532] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\SafeSurf\cssurf.exe[1532] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\SafeSurf\cssurf.exe[1532] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\SafeSurf\cssurf.exe[1532] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\SafeSurf\cssurf.exe[1532] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\COMODO\SafeSurf\cssurf.exe[1532] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\SafeSurf\cssurf.exe[1532] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\SafeSurf\cssurf.exe[1532] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\SafeSurf\cssurf.exe[1532] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\COMODO\SafeSurf\cssurf.exe[1532] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[1544] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[1544] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[1544] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[1544] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[1544] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[1544] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[1544] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[1544] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[1544] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\System32\svchost.exe[1544] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[1544] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1664] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1664] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1664] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1664] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1664] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1664] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\svchost.exe[1664] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1664] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe[1712] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe[1712] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe[1712] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe[1712] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe[1712] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe[1712] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe[1712] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe[1712] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe[1712] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe[1712] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Hotspot Shield\bin\openvpnas.exe[1712] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iPod\bin\iPodService.exe[1816] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iPod\bin\iPodService.exe[1816] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iPod\bin\iPodService.exe[1816] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iPod\bin\iPodService.exe[1816] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iPod\bin\iPodService.exe[1816] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iPod\bin\iPodService.exe[1816] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\iPod\bin\iPodService.exe[1816] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iPod\bin\iPodService.exe[1816] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iPod\bin\iPodService.exe[1816] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iPod\bin\iPodService.exe[1816] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\iPod\bin\iPodService.exe[1816] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1824] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1824] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1824] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1824] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1824] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1824] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\svchost.exe[1824] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[1824] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 28001CC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 28001B00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 28001A80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 28001D80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] kernel32.dll!FindResourceA 7C80BE89 7 Bytes JMP 28001B90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 28001DF0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 28001840 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] kernel32.dll!FindResourceExA 7C835F78 7 Bytes JMP 28001C20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 0056DBBD C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] kernel32.dll!OutputDebugStringW 7C85A42D 5 Bytes JMP 28001E50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] ADVAPI32.dll!CryptDeriveKey 77F6A685 7 Bytes JMP 28001000 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] ADVAPI32.dll!CryptDecrypt 77F6A7B1 2 Bytes JMP 28001060 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] ADVAPI32.dll!CryptDecrypt + 3 77F6A7B4 4 Bytes [ 09, B0, CC, CC ]

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 28004090 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 28003820 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] USER32.dll!SetWindowRgn 7E36FFB2 7 Bytes JMP 28005980 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] USER32.dll!LoadIconW 7E370894 5 Bytes JMP 280062B0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] USER32.dll!LoadImageW 7E372CFE 5 Bytes JMP 280060C0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] USER32.dll!CreateDialogParamW 7E377D4F 5 Bytes JMP 28005AC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] USER32.dll!SetWindowPlacement 7E37D84C 5 Bytes JMP 28005840 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 28005CB0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] USER32.dll!TrackPopupMenuEx 7E3BCD28 5 Bytes JMP 28004970 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] WS2_32.dll!send 71A7428A 5 Bytes JMP 2800A180 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] WS2_32.dll!WSARecv 71A74318 5 Bytes JMP 28009F60 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] WS2_32.dll!recv 71A7615A 5 Bytes JMP 28009DC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] WS2_32.dll!WSASend 71A76233 5 Bytes JMP 2800A360 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] WS2_32.dll!closesocket 71A79639 5 Bytes JMP 2800A5A0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] SHELL32.dll!Shell_NotifyIconW 7CA21B92 5 Bytes JMP 28002FE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] ole32.dll!CoInitializeEx 774DEF6B 5 Bytes JMP 28002100 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] ole32.dll!CoRegisterClassObject 774F8720 5 Bytes JMP 28002200 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] WININET.dll!InternetCloseHandle 4338DA59 5 Bytes JMP 28008F20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] WININET.dll!HttpOpenRequestA 43394341 5 Bytes JMP 28008BE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] WININET.dll!InternetReadFile 4339ABB4 5 Bytes JMP 28008D70 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Windows Live\Messenger\MsnMsgr.Exe[1872] WININET.dll!HttpSendRequestA 4339CD40 5 Bytes JMP 28008E50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1940] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Bonjour\mDNSResponder.exe[1972] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Bonjour\mDNSResponder.exe[1972] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Bonjour\mDNSResponder.exe[1972] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Bonjour\mDNSResponder.exe[1972] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Bonjour\mDNSResponder.exe[1972] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Bonjour\mDNSResponder.exe[1972] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Bonjour\mDNSResponder.exe[1972] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Bonjour\mDNSResponder.exe[1972] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Bonjour\mDNSResponder.exe[1972] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\Bonjour\mDNSResponder.exe[1972] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Bonjour\mDNSResponder.exe[1972] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe[2044] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe[2044] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe[2044] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe[2044] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe[2044] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe[2044] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe[2044] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe[2044] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe[2044] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe[2044] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Alwil Software\Avast4\ashServ.exe[2044] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe[2132] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe[2132] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe[2132] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe[2132] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe[2132] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe[2132] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe[2132] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe[2132] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe[2132] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe[2132] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7Debug\mdm.exe[2132] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe[2196] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe[2196] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe[2196] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe[2196] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe[2196] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe[2196] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe[2196] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe[2196] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe[2196] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe[2196] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Arquivos comuns\Nero\Lib\NMIndexingService.exe[2196] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • .text C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2340] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2340] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2340] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2340] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2340] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2340] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2340] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2340] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2340] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2340] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Gadwin Systems\PrintScreen\PrintScreen.exe[2340] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe[2548] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe[2548] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe[2548] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe[2548] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe[2548] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe[2548] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe[2548] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe[2548] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe[2548] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe[2548] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Nero\Nero8\Nero BackItUp\NBService.exe[2548] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\alg.exe[2860] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\alg.exe[2860] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\alg.exe[2860] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\alg.exe[2860] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\alg.exe[2860] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\alg.exe[2860] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\alg.exe[2860] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\alg.exe[2860] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\System32\alg.exe[2860] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\alg.exe[2860] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[2880] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[2880] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[2880] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[2880] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[2880] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[2880] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[2880] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[2880] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[2880] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\System32\svchost.exe[2880] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\System32\svchost.exe[2880] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\IoctlSvc.exe[2948] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\IoctlSvc.exe[2948] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\IoctlSvc.exe[2948] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\IoctlSvc.exe[2948] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\IoctlSvc.exe[2948] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\IoctlSvc.exe[2948] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\IoctlSvc.exe[2948] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\IoctlSvc.exe[2948] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\IoctlSvc.exe[2948] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\IoctlSvc.exe[2948] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\IoctlSvc.exe[2948] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe[3072] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe[3072] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe[3072] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe[3072] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe[3072] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe[3072] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe[3072] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe[3072] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe[3072] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe[3072] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Arquivos de programas\Windows Live\Messenger\usnsvc.exe[3072] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[3096] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[3096] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[3096] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[3096] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[3096] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[3096] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[3096] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[3096] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[3096] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\svchost.exe[3096] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\svchost.exe[3096] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wdfmgr.exe[3192] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wdfmgr.exe[3192] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wdfmgr.exe[3192] USER32.dll!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wdfmgr.exe[3192] USER32.dll!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wdfmgr.exe[3192] USER32.dll!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wdfmgr.exe[3192] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wdfmgr.exe[3192] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wdfmgr.exe[3192] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wdfmgr.exe[3192] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\WINDOWS\system32\wdfmgr.exe[3192] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\WINDOWS\system32\wdfmgr.exe[3192] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    .text C:\Documents and Settings\Filipe\Desktop\gmer\gmer.exe[3324] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll

    .text C:\Documents and Settings\Filipe\Desktop\gmer\gmer.exe[3324] USER32.DLL!EndTask 7E3A9E75 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Documents and Settings\Filipe\Desktop\gmer\gmer.exe[3324] USER32.DLL!mouse_event 7E3B6515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll

    .text C:\Documents and Settings\Filipe\Desktop\gmer\gmer.exe[3324] USER32.DLL!keybd_event 7E3B6559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll

    .text C:\Documents and Settings\Filipe\Desktop\gmer\gmer.exe[3324] GDI32.dll!BitBlt 77E56F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll

    .text C:\Documents and Settings\Filipe\Desktop\gmer\gmer.exe[3324] GDI32.dll!CreateDCA 77E5B259 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll

    .text C:\Documents and Settings\Filipe\Desktop\gmer\gmer.exe[3324] GDI32.dll!CreateDCW 77E5BE99 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll

    .text C:\Documents and Settings\Filipe\Desktop\gmer\gmer.exe[3324] GDI32.dll!CreateDCW + 3 77E5BE9C 2 Bytes [ 1A, 98 ]

    .text C:\Documents and Settings\Filipe\Desktop\gmer\gmer.exe[3324] ole32.dll!CoCreateInstanceEx 774DFA6B 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll

    .text C:\Documents and Settings\Filipe\Desktop\gmer\gmer.exe[3324] ole32.dll!CoGetClassObject 774F5DB2 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    ---- Kernel IAT/EAT - GMER 1.0.14 ----

    IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F744BA32] sptd.sys

    IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F744BB6E] sptd.sys

    IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F744BAF6] sptd.sys

    IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F744C6CC] sptd.sys

    IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F744C5A2] sptd.sys

    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F746DC82] sptd.sys

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F72D5710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F72D5770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F72D5990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F72D5950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F72D5950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F72D5770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F72D5710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F72D5990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F72D5990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F72D5950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F72D5770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F72D5710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F72D5950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F72D5710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F72D5770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F72D5990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F72D5710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F72D5770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F72D5950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F72D5990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F72D5950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F72D5770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F72D5710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F72D5950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F72D5990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F72D5710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F72D5770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    ---- User IAT/EAT - GMER 1.0.14 ----

    IAT C:\WINDOWS\system32\services.exe[1164] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005E0002

    IAT C:\WINDOWS\system32\services.exe[1164] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005E0000

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0060FFD0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0060F8E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [00610020] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0060FF40] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0060FF00] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [006100B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0060FF00] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0060FF40] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [006100B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0060F8E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0060FF00] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0060FF40] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [006100B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [006100B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0060FF00] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [006100B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0060FF00] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0060F8E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] [00610020] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0060FF00] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0060F8E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [006100B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0060F060] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [00610020] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0060FF80] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0060FFD0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0060FF40] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0060F8E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0060FF00] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [006100B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcA] [0060F440] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!DefWindowProcW] [0060F4D0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetSysColor] [0060F010] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!RegisterClassA] [0060F970] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!RegisterClassW] [0060FA30] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!SystemParametersInfoW] [0060FC10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CallWindowProcW] [0060F300] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!CallWindowProcA] [0060F3A0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHLWAPI.dll [uSER32.dll!GetSystemMetrics] [0060FAF0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0060F060] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] [00610020] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0060FF00] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0060FF40] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [006100B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0060F8E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0060FFD0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0060FF80] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!AdjustWindowRectEx] [0060FD20] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcA] [0060F440] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSystemMetrics] [0060FAF0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSysColor] [0060F010] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DefWindowProcW] [0060F4D0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!RegisterClassW] [0060FA30] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetSysColorBrush] [0060F0A0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!FillRect] [0060FE30] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DrawFrameControl] [0060FEA0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!DrawEdge] [0060FE80] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!SystemParametersInfoW] [0060FC10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!GetScrollInfo] [0060F290] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!CallWindowProcW] [0060F300] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\SHELL32.dll [uSER32.dll!SetScrollInfo] [0060F180] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [GDI32.dll!DeleteObject] [0060F060] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [006100B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0060FF00] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0060FF40] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0060F8E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0060FFD0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0060FF80] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!SystemParametersInfoW] [0060FC10] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetSystemMetrics] [0060FAF0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!GetSysColor] [0060F010] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CallWindowProcW] [0060F300] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!RegisterClassW] [0060FA30] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DefWindowProcW] [0060F4D0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0060FF40] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0060FF00] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [006100B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [0060F8E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [006100B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0060FF00] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0060FF80] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0060FFD0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0060F8E0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [00610020] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\CRYPT32.dll [uSER32.dll!GetSystemMetrics] [0060FAF0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0060FF00] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe[1788] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [006100B0] C:\Arquivos de programas\COMODO\COMODO Internet Security\cfp.exe

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00CF06A0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00CF0390

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00CE8E90

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00CEA3D0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 00CED540

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00CEB120

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00CEA700

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00CEC880

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 00CEF870

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 00CEF8B0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00CF09F0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 00CEF470

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 00CED4A0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00CEBC40

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00CEADD0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 00CEB6C0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 00CF0F70

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 00CECBD0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 00CED300

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00CEDF30

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 00CEDA10

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00CEDEB0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 00CEE9D0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00CEE0A0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00CEAA80

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00CEBAF0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 00CEF990

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 00CEDB50

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 00CED440

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 00CED000

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 00CED650

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00CF0A10

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00CED950

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadIconW] 00CF0CB0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadCursorW] 00CF0C50

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!CreateDialogParamW] 00CF0EA0

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!DialogBoxParamW] 00CF0F40

    IAT C:\Arquivos de programas\NitroPC\NitroPC.exe[2288] @ C:\WINDOWS\system32\ole32.dll [uSER32.dll!LoadStringW] 00CF0D70

    ---- Devices - GMER 1.0.14 ----

    Device \FileSystem\Ntfs \Ntfs 86D87398

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    Device \Driver\NetBT \Device\NetBT_Tcpip_{8552E221-3F9D-4D0B-A524-19BFCADF57E2} 869910E8

    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    Device \Driver\00000067 \Device\00000049 sptd.sys

    Device \Driver\Ftdisk \Device\HarddiskVolume1 86D87A40

    Device \Driver\Cdrom \Device\CdRom0 86B2FEB0

    Device \FileSystem\Rdbss \Device\FsWrap 86B67990

    Device \Driver\Cdrom \Device\CdRom1 86B2FEB0

    Device \Driver\NetBT \Device\NetBt_Wins_Export 869910E8

    Device \Driver\NetBT \Device\NetbiosSmb 869910E8

    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    Device \Driver\Disk \Device\Harddisk0\DR0 86D875D0

    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86B699E8

    Device \FileSystem\MRxSmb \Device\LanmanRedirector 86B699E8

    Device \FileSystem\Npfs \Device\NamedPipe 86B9AAB0

    Device \Driver\NetBT \Device\NetBT_Tcpip_{66056960-590D-44C1-A633-A723EBF62928} 869910E8

    Device \Driver\Ftdisk \Device\FtControl 86D87A40

    Device \FileSystem\Msfs \Device\Mailslot 86A56BC8

    Device \Driver\dtscsi \Device\Scsi\dtscsi1Port2Path0Target0Lun0 86A29DB8

    Device \Driver\dtscsi \Device\Scsi\dtscsi1 86A29DB8

    Device \FileSystem\Cdfs \Cdfs 86775318

    ---- Registry - GMER 1.0.14 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 -480914982

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 -517067560

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 386354155

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x0F 0x5C 0xC1 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x67 0x3F 0x95 0x2F ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0xB8 0x18 0x9D ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC6 0x7F 0x9C 0xDC ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF1 0x6E 0xC5 0x34 ...

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x52 0x46 0x3A 0x0F ...

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Arquivos de programas\DAEMON Tools\

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x90 0x0F 0x5C 0xC1 ...

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x67 0x3F 0x95 0x2F ...

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x64 0xB8 0x18 0x9D ...

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xC6 0x7F 0x9C 0xDC ...

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xF1 0x6E 0xC5 0x34 ...

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43

    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x52 0x46 0x3A 0x0F ...

    ---- EOF - GMER 1.0.14 ----

    Desculpe por qualquer inconveniência causada pela separação do log.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Olá,

    Baixe o ATF-Cleaner.

    • Clique em ATF-Cleaner.exe .
    • Em "Select Files To Delete", marque Select All.
    • Clique em Empty Selected.
    • Na janela Done Cleaning dê o OK e Exit.

    Atenção: Se utiliza o Firefox:

    • No topo clique em Firefox e escolha: Select All
    • Depois, clique em Empty Selected.

    Atenção: Se utiliza o Opera:

    • No topo clique em Opera e escolha: Select All
    • Depois, clique em Empty Selected.

    Temporariamente desactive o seu anti-virus!

    Faça um Online Scan em kaspersky Virusscanner

    • Clique em Clipboard01-1.jpg
    • Quando questionando para instalar o ActiveX, clique Clipboard015.jpg
    • Aguarde a instalação e a actualização e depois clique em Clipboard013.jpg
    • Clique agora em Clipboard016.jpg
    • Nas opções do scan (settings), certifique-se que as entradas abaixo estão selecionadas:
      • Scan using the following Anti-Virus database:

      • Extended (if available otherwise Standard)

      • Scan Options:

      • Scan Archives
        Scan Mail Bases

      [*]Clique Clipboard014.jpg

      [*]Clique em My Computer para que seja feito um Scan completo no seu Sistema.

      [*]Será inciaido o scan e poderá demorar um pouco. Seja paciente e aguarde.

      [*]No final do Scan, clique no botão Save as Text

      [*]Salve o log com os resultados e cole-o na sua próxima mensagem.

      [*]Gere e cole também um novo log do HijackThis.

    Abraços

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    De acordo com as regras deste fórum, tópicos inativos são arquivados, isto é, fechados e movidos para um fórum de "tópicos arquivados". Caso o autor do tópico necessite poderá entrar em contato com a moderação solicitando a reabertura deste tópico.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Visitante
    Este tópico está impedido de receber novos posts.
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×