Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Guguets

Me ajudem, não sei o que é esse Spyware!

Recommended Posts

Contraí um Spyware desconhecido, utilizei o Spybot-SD, ele limpou tudo (trojans,keyloggers,registros, etc) porém, o Spyware mudou meu plano de fundo e agora não consigo muda-lo para o normal.

Gostaria de uma ajuda, e segue log do DDS para análise:

DDS (Version 1.0.1) - NTFSx86

Run by Principal at 20:14:39,59 on 15/12/2008

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1024.464 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\Arquivos de programas\McAfee\VirusScan\McShield.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Principal\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

mWinlogon: Userinit=userinit.exe

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\arquivos de programas\mcafee\virusscan\scriptsn.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - c:\windows\downloaded program files\gbiehuni.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [NBJ] "c:\arquivos de programas\ahead\nero backitup\NBJ.exe"

uRun: [updateMgr] "c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

uRun: [shareaza] "c:\arquivos de programas\shareaza\Shareaza.exe" -tray

uRun: [steam] "d:\my games\steam\counter strike source\steam.exe" -silent

uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

mRun: [Acrobat Assistant 7.0] "c:\arquivos de programas\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [mcagent_exe] c:\arquivos de programas\mcafee.com\agent\mcagent.exe /runkey

mRun: [EPSON Stylus C63 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1034-4700-7760-000000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\reader 8.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~2.lnk - c:\arquivos de programas\adobe\reader 8.0\reader\AdobeCollabSync.exe

uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: DisableRegistryTools = 1 (0x1)

IE: Converter destino de link em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter links selecionados em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Converter links selecionados em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Converter seleção em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter seleção em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399008} - c:\windows\downloaded program files\gbiehuni.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\princi~1\dadosd~1\mozilla\firefox\profiles\tre0szbw.default\

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-22 201320]

R2 McProxy;McAfee Proxy Service;c:\arquiv~1\arquiv~1\mcafee\mcproxy\mcproxy.exe [2008-8-22 359248]

R2 McShield;McAfee Real-time Scanner;c:\arquivos de programas\mcafee\virusscan\McShield.exe [2008-8-22 144704]

R3 McSysmon;McAfee SystemGuards;c:\arquiv~1\mcafee\viruss~1\mcsysmon.exe [2008-8-22 695624]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-22 79304]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-22 35240]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-22 40488]

R3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2007-6-15 18004]

S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\princi~1\config~1\temp\DMSKSSRh.sys []

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-22 33832]

S3 npkycryp;npkycryp;\??\c:\arquivos de programas\gravity\ro\npkycryp.sys []

S3 XDva009;XDva009;\??\c:\windows\system32\XDva009.sys []

S3 XDva019;XDva019;\??\c:\windows\system32\XDva019.sys []

S3 XDva026;XDva026;\??\c:\windows\system32\XDva026.sys []

S3 XDva028;XDva028;\??\c:\windows\system32\XDva028.sys []

S3 XDva032;XDva032;\??\c:\windows\system32\XDva032.sys []

S3 XDva033;XDva033;\??\c:\windows\system32\XDva033.sys []

S3 XDva038;XDva038;\??\c:\windows\system32\XDva038.sys []

S3 XDva072;XDva072;\??\c:\windows\system32\XDva072.sys []

S3 XDva074;XDva074;\??\c:\windows\system32\XDva074.sys []

S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys []

S3 XDva168;XDva168;\??\c:\windows\system32\XDva168.sys []

=============== Created Last 30 ================

2008-12-15 18:56 250 a------- c:\windows\gmer.ini

2008-12-15 18:41 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

2008-12-14 16:56 <DIR> -cd----- c:\arquivos de programas\Spybot - Search & Destroy

2008-12-14 16:56 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-12-14 15:15 109 a--sh--- c:\windows\system32\1083278476.dat

2008-12-14 15:10 71,168 ac------ C:\U.exe

2008-12-13 16:08 15,532 ac------ C:\disturbed-719854.jpg

2008-12-09 00:31 <DIR> -cd----- c:\arquivos de programas\Gravity

2008-11-18 18:22 <DIR> -cd----- c:\arquivos de programas\OGPlanet

==================== Find3M ====================

2008-12-09 00:31 65,536 ac------ c:\windows\IFinst27.exe

2008-11-01 12:46 30 a------- c:\documents and settings\principal\jagex_runescape_preferences.dat

2008-10-24 09:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 11:00 283,648 a------- c:\windows\system32\gdi32.dll

2008-10-16 08:39 661,504 a------- c:\windows\system32\wininet.dll

2008-10-13 16:07 433,250 a------- c:\windows\system32\perfh016.dat

2008-10-13 16:07 69,374 a------- c:\windows\system32\perfc016.dat

2008-10-03 08:16 247,326 a------- c:\windows\system32\strmdll.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2001-11-23 02:08 712,704 ac---r-- c:\windows\inf\other\AUDIO3D.DLL

2007-06-28 22:14 6,409 ---sh--- c:\windows\system32\utstv.bak1

2007-07-26 19:13 714,973 ---sh--- c:\windows\system32\utstv.bak2

============= FINISH: 20:15:26,78 ===============

Editado por Guguets
Resumi a análise do tópico, + simples.

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Log do GMER Rootkit Scan

    GMER 1.0.14.14536 - http://www.gmer.net

    Rootkit scan 2008-12-15 19:11:58

    Windows 5.1.2600 Service Pack 2

    ---- System - GMER 1.0.14 ----

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF57B29AA]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF57B2A41]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF57B2958]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF57B296C]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF57B2A55]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF57B2A81]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF57B2AEF]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF57B2AD9]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF57B29EA]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF57B2B1B]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF57B2A2D]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF57B2930]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF57B2944]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF57B29BE]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF57B2B57]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF57B2AC3]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF57B2AAD]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF57B2A6B]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF57B2B43]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF57B2B2F]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF57B2996]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF57B2982]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF57B2A97]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF57B2A19]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF57B2B05]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF57B2A00]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF57B29D4]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.14 ----

    .text ntoskrnl.exe!ZwYieldExecution 804F8B8D 7 Bytes JMP F57B29D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwOpenKey 80567D7B 5 Bytes JMP F57B2A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwQueryValueKey 8056B183 7 Bytes JMP F57B2AB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!NtSetInformationProcess 8056BDCD 5 Bytes JMP F57B2986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwCreateKey 8056E829 5 Bytes JMP F57B2A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwQueryKey 8056EC39 7 Bytes JMP F57B2B5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF30 7 Bytes JMP F57B2AF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!NtCreateFile 8056FC78 5 Bytes JMP F57B29AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80571F71 5 Bytes JMP F57B2A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!NtMapViewOfSection 805723EC 7 Bytes JMP F57B29EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!NtOpenProcess 80572D86 5 Bytes JMP F57B2934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80573135 7 Bytes JMP F57B29C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwSetValueKey 80573D0D 7 Bytes JMP F57B2A9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwEnumerateValueKey 8057FC04 7 Bytes JMP F57B2ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwCreateProcessEx 80581F0E 7 Bytes JMP F57B2970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwTerminateProcess 805847CC 5 Bytes JMP F57B2A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!NtOpenThread 8058C892 5 Bytes JMP F57B2948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwNotifyChangeKey 80590EA2 5 Bytes JMP F57B2B1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwDeleteValueKey 80593B38 1 Byte [ E9 ]

    PAGE ntoskrnl.exe!ZwDeleteValueKey + 2 80593B3A 5 Bytes [ EF, 21, 75, 90, 90 ]

    PAGE ntoskrnl.exe!ZwDeleteKey 805951C2 7 Bytes JMP F57B2A59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwCreateProcess 805B0B34 5 Bytes JMP F57B295C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwSetContextThread 8062C493 5 Bytes JMP F57B299A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwRestoreKey 8064C0D2 5 Bytes JMP F57B2B33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwUnloadKey 8064C3A7 7 Bytes JMP F57B2B09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064CC74 7 Bytes JMP F57B2AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwRenameKey 8064D0B9 7 Bytes JMP F57B2A6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwReplaceKey 8064D5AE 2 Bytes JMP F57B2B47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    PAGE ntoskrnl.exe!ZwReplaceKey + 3 8064D5B1 2 Bytes [ 16, 75 ]

    ---- User code sections - GMER 1.0.14 ----

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A000A

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A006E

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F79

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0053

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F8A

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A002C

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00A6

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0089

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00B7

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F1E

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A00DC

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0FA5

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FE5

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0F5E

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0FC0

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A001B

    .text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F43

    .text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00280036

    .text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00280087

    .text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00280025

    .text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 0028000A

    .text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 0028006C

    .text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00280FCA

    .text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00280FEF

    .text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00280051

    .text C:\WINDOWS\System32\svchost.exe[524] WS2_32.dll!socket 71A73B91 5 Bytes JMP 006D0FEF

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01770000

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01770044

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01770033

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01770F59

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01770022

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01770F9B

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0177007C

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0177005F

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01770EFE

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01770F0F

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 017700B2

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 01770F8A

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 01770FE5

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 01770F34

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 01770FB6

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 01770011

    .text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0177008D

    .text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 01760047

    .text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 01760FC3

    .text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 01760036

    .text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 0176001B

    .text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 01760080

    .text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 01760FD4

    .text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 01760000

    .text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 01760FE5

    .text C:\WINDOWS\Explorer.EXE[824] WININET.dll!InternetOpenW 7719AED5 5 Bytes JMP 01740FEF

    .text C:\WINDOWS\Explorer.EXE[824] WININET.dll!InternetOpenA 771A574E 5 Bytes JMP 0174000A

    .text C:\WINDOWS\Explorer.EXE[824] WININET.dll!InternetOpenUrlA 771A5A01 5 Bytes JMP 01740FD4

    .text C:\WINDOWS\Explorer.EXE[824] WININET.dll!InternetOpenUrlW 771B5B4A 5 Bytes JMP 01740FAD

    .text C:\WINDOWS\Explorer.EXE[824] WS2_32.dll!socket 71A73B91 5 Bytes JMP 01730000

    .text C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 1002C3CF C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (Gbieh Module/Banco Unibanco)

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070000

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070071

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070060

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070F7C

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070039

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070F9E

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 000700A9

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070098

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000700D5

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F46

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 000700F0

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00070F8D

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00070FE5

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00070F61

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00070FAF

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00070FD4

    .text C:\WINDOWS\system32\services.exe[904] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 000700C4

    .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00060FC0

    .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 0006005B

    .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00060011

    .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00060000

    .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00060040

    .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00060F9E

    .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00060FE5

    .text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00060FAF

    .text C:\WINDOWS\system32\services.exe[904] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00040FEF

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EB0000

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00EB0F6F

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00EB0F80

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EB0058

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EB0047

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00EB0FA5

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00EB00AB

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00EB009A

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EB0F48

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EB00E1

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00EB0F2D

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00EB002C

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00EB0011

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00EB007F

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00EB0FC0

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00EB0FD1

    .text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00EB00D0

    .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00EA0FC0

    .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00EA0F8A

    .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00EA0FD1

    .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00EA0011

    .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00EA0F9B

    .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00EA0047

    .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00EA0000

    .text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00EA002C

    .text C:\WINDOWS\system32\lsass.exe[916] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00E80FEF

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C7000A

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C70F80

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C70F9B

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C70069

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C70058

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C70036

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C70F39

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C70F4A

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C70F1E

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C700B7

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C70F0D

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C70047

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C70FEF

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C70F5B

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C70025

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C70FD4

    .text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C7009C

    .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00C6000A

    .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00C60F83

    .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00C60FB9

    .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00C60FDE

    .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00C60040

    .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00C60F9E

    .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00C60FEF

    .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00C6001B

    .text C:\WINDOWS\system32\svchost.exe[1072] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00C40FE5

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00840FEF

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00840076

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0084005B

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00840F81

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00840F9E

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00840040

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008400B6

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00840F64

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008400DB

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00840F42

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00840F27

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00840FB9

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0084000A

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0084009B

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00840FD4

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0084002F

    .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00840F53

    .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00830FC3

    .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 0083005B

    .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00830FD4

    .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 0083000A

    .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 0083004A

    .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 77F78F7D 3 Bytes JMP 0083002F

    .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW + 4 77F78F81 1 Byte [ 88 ]

    .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 77F7C41B 3 Bytes JMP 00830FEF

    .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA + 4 77F7C41F 1 Byte [ 88 ]

    .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 3 Bytes JMP 00830FA8

    .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA + 4 77F7D5BF 1 Byte [ 88 ]

    .text C:\WINDOWS\system32\svchost.exe[1148] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00810000

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02760000

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 027600B5

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02760FB6

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0276008E

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02760FD1

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02760058

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 027600E6

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02760F94

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02760F61

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02760F72

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 02760F50

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02760069

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0276001B

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 02760FA5

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02760047

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 02760036

    .text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 02760F83

    .text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 02750F94

    .text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 02750011

    .text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 02750FAF

    .text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 02750FD4

    .text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 02750000

    .text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 02750F5E

    .text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 02750FE5

    .text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 02750F79

    .text C:\WINDOWS\System32\svchost.exe[1292] WS2_32.dll!socket 71A73B91 5 Bytes JMP 020D0FE5

    .text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenW 7719AED5 5 Bytes JMP 02170014

    .text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenA 771A574E 5 Bytes JMP 02170FEF

    .text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenUrlA 771A5A01 5 Bytes JMP 02170FDE

    .text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenUrlW 771B5B4A 5 Bytes JMP 02170FCD

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0077000A

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00770F8A

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00770FAF

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00770FC0

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0077007D

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00770047

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007700CB

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007700A4

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007700F0

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00770F57

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00770F3C

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00770062

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00770FEF

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00770F79

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00770036

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00770025

    .text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00770F68

    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00760025

    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00760062

    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00760FCA

    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00760FE5

    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00760FA5

    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00760051

    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00760000

    .text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00760036

    .text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00740FEF

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00930FE5

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009300AC

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00930091

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00930076

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00930FB9

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00930036

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009300D8

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009300C7

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009300E9

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00930F50

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00930F2B

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0093005B

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0093000A

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00930F9C

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00930FCA

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0093001B

    .text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00930F6B

    .text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 0092001B

    .text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00920F72

    .text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00920FCA

    .text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00920000

    .text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00920F8D

    .text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00920F9E

    .text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00920FE5

    .text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00920FAF

    .text C:\WINDOWS\system32\svchost.exe[1448] WS2_32.dll!socket 71A73B91 5 Bytes JMP 008F000A

    .text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenW 7719AED5 5 Bytes JMP 0090000A

    .text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenA 771A574E 5 Bytes JMP 00900FEF

    .text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenUrlA 771A5A01 5 Bytes JMP 0090001B

    .text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenUrlW 771B5B4A 5 Bytes JMP 00900038

    .text C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe[1552] USER32.dll!GetKeyState 7E36C505 5 Bytes JMP 1002CA6A C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (Gbieh Module/Banco Unibanco)

    .text C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe[1552] USER32.dll!GetKeyboardState 7E36EF29 5 Bytes JMP 1002C10D C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (Gbieh Module/Banco Unibanco)

    .text C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe[1552] USER32.dll!GetAsyncKeyState 7E36F3B3 5 Bytes JMP 1002BBE5 C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (Gbieh Module/Banco Unibanco)

    .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[2000] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

    .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[2000] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041C3C0 c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 28001CC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 28001B00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 28001A80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 28001D80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!FindResourceA 7C80BE89 7 Bytes JMP 28001B90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 28001DF0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 28001840 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!FindResourceExA 7C835F78 7 Bytes JMP 28001C20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!OutputDebugStringW 7C85A42D 5 Bytes JMP 28001E50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] ADVAPI32.dll!CryptDeriveKey 77F6A685 7 Bytes JMP 28001000 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] ADVAPI32.dll!CryptDecrypt 77F6A7B1 2 Bytes JMP 28001060 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] ADVAPI32.dll!CryptDecrypt + 3 77F6A7B4 4 Bytes [ 09, B0, CC, CC ]

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 28004090 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 28003820 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!SetWindowRgn 7E36FFB2 7 Bytes JMP 28005980 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!LoadIconW 7E370894 5 Bytes JMP 280062B0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!LoadImageW 7E372CFE 5 Bytes JMP 280060C0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!CreateDialogParamW 7E377D4F 5 Bytes JMP 28005AC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!SetWindowPlacement 7E37D84C 5 Bytes JMP 28005840 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 28005CB0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!TrackPopupMenuEx 7E3BCD28 5 Bytes JMP 28004970 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WS2_32.dll!send 71A7428A 5 Bytes JMP 2800A180 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WS2_32.dll!WSARecv 71A74318 5 Bytes JMP 28009F60 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WS2_32.dll!recv 71A7615A 5 Bytes JMP 28009DC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WS2_32.dll!WSASend 71A76233 5 Bytes JMP 2800A360 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WS2_32.dll!closesocket 71A79639 5 Bytes JMP 2800A5A0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] SHELL32.dll!Shell_NotifyIconW 7CA21B92 5 Bytes JMP 28002FE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] ole32.dll!CoInitializeEx 774DEF6B 5 Bytes JMP 28002100 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] ole32.dll!CoRegisterClassObject 774F8720 5 Bytes JMP 28002200 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WININET.dll!HttpOpenRequestA 771A368D 2 Bytes JMP 28008BE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WININET.dll!HttpOpenRequestA + 3 771A3690 2 Bytes [ E6, B0 ]

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WININET.dll!InternetCloseHandle 771A4D4C 5 Bytes JMP 28008F20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WININET.dll!HttpSendRequestA 771A60D9 5 Bytes JMP 28008E50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WININET.dll!InternetReadFile 771A828C 5 Bytes JMP 28008D70 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FEF

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B005D

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F72

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B004C

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B002F

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0F9E

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F28

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F43

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0EF2

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0F03

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001B009C

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001B0F8D

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001B000A

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001B006E

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001B0FC3

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001B0FD4

    .text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001B008B

    .text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 002A002F

    .text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 002A0FA1

    .text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 002A0FDE

    .text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 002A0014

    .text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 002A005E

    .text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 002A0FBC

    .text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 002A0FEF

    .text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 002A0FCD

    ---- Devices - GMER 1.0.14 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

    ---- EOF - GMER 1.0.14 ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×