Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Entre para seguir isso  
Trevomader

Problema com vírus

Recommended Posts

Eu fiz um scan tem alguns dias no meu pc rodando windows 7 e foi encontrado dois vírus, ambos foram jogados para quarentena, mas sabe quando você sente que não foi o suficiente? Passei duas vezes o combofix e ambas as vezes foram deletados arquivos e o pc reiniciado (uma vezes não foi gerado relatório).

Segundo o avast o vírus mais perigoso estava hospedado no c:\windows.old\programdata\windows\wer\reportqueue , porém eu acabei apagando está pasta. Existe algum programa melhor ou algo do tipo para me dar certeza que o vírus foi excluído?

Editado por Trevomader

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Diego, eu não consegui fazer o download do Gmer, mas aqui vai os log's do DDS.

    dds:

    DDS (Ver_2012-11-20.01) - NTFS_x86

    Internet Explorer: 10.0.9200.16576

    Run by Bernardo at 19:18:45 on 2013-06-07

    Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.3565.2828 [GMT -3:00]

    .

    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ================

    .

    C:\Windows\system32\wininit.exe

    C:\Windows\system32\lsm.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

    C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

    C:\Windows\system32\nvvsvc.exe

    C:\Windows\System32\spoolsv.exe

    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\Program Files\Intel\iCLS Client\HeciServer.exe

    C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

    C:\Windows\system32\PnkBstrA.exe

    C:\Windows\system32\viakaraokesrv.exe

    C:\Windows\system32\taskhost.exe

    C:\Windows\system32\sppsvc.exe

    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

    C:\Windows\system32\Dwm.exe

    C:\Windows\Explorer.EXE

    C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

    C:\Program Files\Nero\Update\NASvc.exe

    C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe

    C:\Program Files\AVAST Software\Avast\AvastUI.exe

    C:\Program Files\Windows Media Player\wmpnetwk.exe

    C:\Program Files\Skype\Phone\Skype.exe

    C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe

    C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

    C:\Program Files\Google\Drive\googledrivesync.exe

    C:\Windows\system32\SearchIndexer.exe

    C:\Program Files\Google\Drive\googledrivesync.exe

    C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

    C:\Windows\system32\wuauclt.exe

    C:\Windows\system32\SearchProtocolHost.exe

    C:\Windows\system32\SearchFilterHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\DllHost.exe

    C:\Windows\system32\conhost.exe

    C:\Windows\system32\wbem\wmiprvse.exe

    C:\Windows\system32\svchost.exe -k DcomLaunch

    C:\Windows\system32\svchost.exe -k RPCSS

    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\Windows\system32\svchost.exe -k LocalService

    C:\Windows\system32\svchost.exe -k netsvcs

    C:\Windows\system32\svchost.exe -k NetworkService

    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Windows\System32\svchost.exe -k secsvcs

    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Windows\system32\svchost.exe -k SDRSVC

    .

    ============== Pseudo HJT Report ===============

    .

    uStart Page = about:blank

    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

    uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

    uRun: [uTorrent] "c:\users\bernardo\appdata\roaming\utorrent\uTorrent.exe" /MINIMIZED

    uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe

    uRun: [Facebook Update] "c:\users\bernardo\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

    uRun: [steam] "c:\program files\steam\Steam.exe" -silent

    uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart

    mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r

    mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s

    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

    uPolicies-Explorer: NoDrives = dword:0

    mPolicies-Explorer: NoDriveTypeAutoRun = dword:60

    mPolicies-Explorer: NoDrives = dword:0

    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

    mPolicies-System: ConsentPromptBehaviorUser = dword:3

    mPolicies-System: EnableUIADesktopToggle = dword:0

    TCP: NameServer = 192.168.1.254 192.168.59.1

    TCP: Interfaces\{5B89C5B1-10E8-4D8D-B885-0F981C7AA7ED} : DHCPNameServer = 192.168.1.254 192.168.59.1

    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

    SSODL: WebCheck - <orphaned>

    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - c:\users\bernardo\appdata\roaming\mozilla\firefox\profiles\owlccaal.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.americanas.com.br/

    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll

    FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll

    FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIIPT.dll

    FF - plugin: c:\program files\intel\intel® management engine components\ipt\npIntelWebAPIUpdater.dll

    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll

    FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll

    FF - plugin: c:\users\bernardo\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll

    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll

    FF - ExtSQL: 2013-04-30 00:39; wrc@avast.com; c:\program files\avast software\avast\webrep\FF

    .

    ============= SERVICES / DRIVERS ===============

    .

    R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-30 49376]

    R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-30 174664]

    R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-4-30 21576]

    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-4-30 765736]

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-4-30 368944]

    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-4-30 29816]

    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-4-30 66336]

    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-5-20 46808]

    R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\intel\icls client\HeciServer.exe [2011-12-8 423136]

    R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files\intel\intel® management engine components\dal\Jhi_service.exe [2013-2-23 161560]

    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]

    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]

    R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2013-2-23 363800]

    R2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\ViakaraokeSrv.exe [2012-2-17 27760]

    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-10-21 68208]

    R3 MEI;Intel® Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2013-2-23 46080]

    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-2-17 1824880]

    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]

    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

    S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

    S3 StorSvc;Serviço de Armazenamento;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

    S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

    S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\wat\WatAdminSvc.exe [2013-2-24 1343400]

    S3 WSDScan;Suporte de Digitalização WSD via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]

    .

    =============== Created Last 30 ================

    .

    2013-06-07 21:19:16 -------- d-----w- C:\$RECYCLE.BIN

    2013-06-07 21:15:58 -------- d-----w- c:\users\bernardo\appdata\local\temp

    2013-06-07 21:10:02 -------- d-----w- C:\ComboFix

    2013-06-06 00:31:01 580712 ------w- c:\windows\system32\HPDiscoPMB611.dll

    2013-06-06 00:29:18 -------- d-----w- c:\program files\HP

    2013-06-06 00:25:39 90624 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\HPZPPWN7.DLL

    2013-05-24 03:11:51 -------- d-s---w- c:\users\bernardo\Google Drive

    2013-05-15 15:09:32 1796096 ----a-w- c:\windows\system32\authui.dll

    2013-05-15 15:09:32 101720 ----a-w- c:\windows\system32\consent.exe

    2013-05-15 15:09:31 47104 ----a-w- c:\windows\system32\appinfo.dll

    2013-05-15 15:05:59 2347520 ----a-w- c:\windows\system32\win32k.sys

    2013-05-15 15:05:53 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

    2013-05-15 15:05:53 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

    .

    ==================== Find3M ====================

    .

    2013-05-15 00:20:21 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

    2013-05-15 00:20:21 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

    2013-05-09 08:59:10 765736 ----a-w- c:\windows\system32\drivers\aswSnx.sys

    2013-05-09 08:59:10 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

    2013-05-09 08:59:10 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

    2013-05-09 08:59:10 174664 ----a-w- c:\windows\system32\drivers\aswVmm.sys

    2013-05-09 08:59:09 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

    2013-05-09 08:58:37 41664 ----a-w- c:\windows\avastSS.scr

    2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

    2013-04-06 02:56:36 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

    2013-04-06 02:56:27 282104 ----a-w- c:\windows\system32\PnkBstrB.xtr

    2013-04-06 02:56:27 282104 ----a-w- c:\windows\system32\PnkBstrB.exe

    2013-04-06 02:56:00 234768 ----a-w- c:\windows\system32\PnkBstrB.ex0

    2013-04-01 00:29:32 76888 ----a-w- c:\windows\system32\PnkBstrA.exe

    2013-04-01 00:21:35 138056 ----a-w- c:\users\bernardo\appdata\roaming\PnkBstrK.sys

    2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe

    2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll

    2013-03-19 02:49:16 69632 ----a-w- c:\windows\system32\smss.exe

    2013-03-18 07:28:41 124504 ----a-w- c:\windows\system32\drivers\AnyDVD.sys

    .

    ============= FINISH: 19:19:00,32 ===============

    Attach:

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 7 Professional

    Boot Device: \Device\HarddiskVolume1

    Install Date: 23/02/2013 20:40:02

    System Uptime: 07/06/2013 18:16:35 (1 hours ago)

    .

    Motherboard: BIOSTAR Group | | H61MLV2

    Processor: Intel® Pentium® CPU G630 @ 2.70GHz | SOCKET 0 | 2700/100mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 466 GiB total, 361,65 GiB free.

    D: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP60: 30/05/2013 03:23:36 - ComboFix created restore point

    RP61: 02/06/2013 19:00:06 - Backup do Windows

    RP62: 04/06/2013 20:48:21 - ComboFix created restore point

    RP63: 05/06/2013 21:29:04 - Installed HP Deskjet 5520 series Basic Device Software

    .

    ==== Installed Programs ======================

    .

    Adobe Flash Player 11 Plugin

    Adobe Reader XI (11.0.03) - Português

    AnyDVD

    Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

    µTorrent

    Atualizações da NVIDIA 1.11.3

    aTube Catcher

    avast! Free Antivirus

    BS.Player FREE

    CANYON USB PC CAMERA

    CloneCD

    Combat Arms

    Counter-Strike 1.6

    Dota 2

    DVD Shrink 3.2

    DVDFab 9.0.2.2 (17/01/2013) Qt

    Facebook Video Calling 1.2.0.287

    Google Chrome

    Google Drive

    Google Update Helper

    HP Deskjet 5520 series Basic Device Software

    ImgBurn

    Intel® Management Engine Components

    Intel® Trusted Connect Service Client

    League of Legends

    MechWarrior Online

    Microsoft .NET Framework 4 Client Profile

    Microsoft .NET Framework 4 Client Profile PTB Language Pack

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

    Mozilla Firefox 21.0 (x86 pt-BR)

    Mozilla Maintenance Service

    Nero Burning ROM

    Nero Burning ROM Help (CHM)

    Nero BurningROM 12

    Nero ControlCenter

    Nero ControlCenter Help (CHM)

    Nero Core Components

    Nero SharedVideoCodecs

    Nero Update

    NVIDIA Driver de gráficos 311.06

    NVIDIA Driver do 3D Vision 311.06

    NVIDIA Install Application

    NVIDIA Stereoscopic 3D Driver

    NVIDIA Update Components

    Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

    Painel de controle da NVIDIA 311.06

    Pando Media Booster

    PhotoScape

    Platform

    Prerequisite installer

    PunkBuster Services

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

    Skype™ 6.3

    Star Wars: The Old Republic

    Steam

    TweetDeck

    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

    VIA Gerenciador de dispositivo de plataforma

    WinRAR 4.20 (32-bit)

    .

    ==== End Of File ===========================

    Assim que eu ter acesso ao Gmer posto aqui os log's. Espero estar fazendo tudo certo agora.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Aqui está o log do gmer.

    GMER 2.1.19163 - http://www.gmer.net

    Rootkit scan 2013-06-07 20:21:24

    Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD5000AAKX-003CA0 rev.15.01H15 465,76GB

    Running: ih25098y.exe; Driver: C:\Users\Bernardo\AppData\Local\Temp\ufldikog.sys

    ---- System - GMER 2.1 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91835644]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9263A668]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x918360D6]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9184189A]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x918418E6]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x91841A80]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x91841808]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9263AA00]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91841850]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x918365D4]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x918367F0]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91841A3A]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x91836E8C]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x918356AA]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9183A6AC]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9263A730]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x92638C80]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91835710]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9183AA76]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9183791C]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x918418C4]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91841908]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x91841AA4]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9184182E]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x91839F92]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x918419B8]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x91841878]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9183A384]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x91841A5E]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9263A890]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x918377E8]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x918374F6]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91835776]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x918357DC]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x91836D06]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9183532C]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91835502]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91835490]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x91837056]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x918371B8]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9183558A]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9263A958]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x91836CE6]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x92638CB0]

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91835842]

    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9263A7DC]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x92653E80]

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Kernel code sections - GMER 2.1 ----

    .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E4BA09 1 Byte [06]

    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E851F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82E8C220 4 Bytes [44, 56, 83, 91]

    .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82E8C248 4 Bytes [68, A6, 63, 92]

    .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82E8C2A8 4 Bytes [D6, 60, 83, 91]

    .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82E8C2FC 8 Bytes [9A, 18, 84, 91, E6, 18, 84, ...] {CALL FAR 0x8418:0xe6918418; XCHG ECX, EAX}

    .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82E8C308 4 Bytes [80, 1A, 84, 91] {SBB BYTE [EDX], 0x84; XCHG ECX, EAX}

    .text ...

    PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83019D3D 5 Bytes JMP 92650D1A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    PAGE ntkrnlpa.exe!ObInsertObject + 27 83032380 5 Bytes JMP 9265284C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830474DF 4 Bytes CALL 91837FDF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83061333 4 Bytes CALL 91837FF5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    PAGE ntkrnlpa.exe!ZwCreateProcessEx 830EB224 7 Bytes JMP 92653E84 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

    .text win32k.sys!EngFntCacheLookUp + 8B22 99330A2B 5 Bytes JMP 9183B5C6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCreateRectRgn + 3819 99344B04 5 Bytes JMP 9183B712 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCreateRectRgn + 47FC 99345AE7 5 Bytes JMP 9183B3DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCTGetGammaTable + 310 9936146D 5 Bytes JMP 9183C29C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCTGetGammaTable + 4CE9 99365E46 5 Bytes JMP 9183AE3E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCTGetGammaTable + 6136 99367293 5 Bytes JMP 9183C4E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCTGetGammaTable + BE91 9936CFEE 5 Bytes JMP 9183B7B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngCTGetGammaTable + C0E0 9936D23D 5 Bytes JMP 9183B8CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngMapFontFileFD + 650 99386D27 5 Bytes JMP 9183AAAC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngMapFontFileFD + 70E 99386DE5 5 Bytes JMP 9183B7D6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngMapFontFileFD + 38FE 99389FD5 5 Bytes JMP 9183ABC2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngMapFontFileFD + 39BC 9938A093 5 Bytes JMP 9183ACDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EE8 9938E715 5 Bytes JMP 9183B5F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnmapFontFileFD + 2B22 99398165 5 Bytes JMP 9183B316 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnmapFontFileFD + ACE0 993A0323 5 Bytes JMP 9183AEDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnmapFontFileFD + 14FA1 993AA5E4 5 Bytes JMP 9183C14A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngAlphaBlend + 5088 993C1DDE 5 Bytes JMP 9183C200 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngBitBlt + 42AE 993CF7B5 5 Bytes JMP 9183C6FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnlockSurface + B25C 993E507B 5 Bytes JMP 9183C24C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngUnlockSurface + CC1B 993E6A3A 5 Bytes JMP 9183E050 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngDeleteClip + 480C 993F78FA 5 Bytes JMP 9183ADC6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngEqualRgn + 41E2 994058F2 5 Bytes JMP 9183B23A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngEqualRgn + B479 9940CB89 5 Bytes JMP 9183C5A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngDeleteRgn + 2198 99423977 5 Bytes JMP 9183B0F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!EngFillPath + 861D 99444A78 5 Bytes JMP 9183C656 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!PATHOBJ_vGetBounds + 2EC7 9945C9F8 5 Bytes JMP 9183C426 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!PATHOBJ_vGetBounds + 3458 9945CF89 5 Bytes JMP 9183AFA6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!PATHOBJ_vGetBounds + 6547 99460078 5 Bytes JMP 9183B7F4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!PATHOBJ_vGetBounds + 9687 994631B8 5 Bytes JMP 9183B00E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text win32k.sys!PATHOBJ_vGetBounds + BF6E 99465A9F 5 Bytes JMP 9183B8AE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    .text ...

    .text win32k.sys!EngCTGetCurrentGamma + 6414 99471C74 5 Bytes JMP 9183B196 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

    ? C:\Users\Bernardo\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

    ---- User code sections - GMER 2.1 ----

    .text C:\Program Files\Google\Drive\googledrivesync.exe[324] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001703FC

    .text C:\Program Files\Google\Drive\googledrivesync.exe[324] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001701F8

    .text C:\Program Files\Google\Drive\googledrivesync.exe[324] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\Google\Drive\googledrivesync.exe[324] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00180A08

    .text C:\Program Files\Google\Drive\googledrivesync.exe[324] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001803FC

    .text C:\Program Files\Google\Drive\googledrivesync.exe[324] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00180804

    .text C:\Program Files\Google\Drive\googledrivesync.exe[324] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001801F8

    .text C:\Program Files\Google\Drive\googledrivesync.exe[324] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00180600

    .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000E03FC

    .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000E01F8

    .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00100A08

    .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001003FC

    .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00100804

    .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001001F8

    .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[344] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00100600

    .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000E03FC

    .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000E01F8

    .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 000F0A08

    .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000F03FC

    .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 000F0804

    .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000F01F8

    .text C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe[352] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 000F0600

    .text C:\Windows\system32\csrss.exe[400] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\PnkBstrA.exe[408] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001D03FC

    .text C:\Windows\system32\PnkBstrA.exe[408] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001D01F8

    .text C:\Windows\system32\PnkBstrA.exe[408] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\PnkBstrA.exe[408] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001E0A08

    .text C:\Windows\system32\PnkBstrA.exe[408] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001E03FC

    .text C:\Windows\system32\PnkBstrA.exe[408] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001E0804

    .text C:\Windows\system32\PnkBstrA.exe[408] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001E01F8

    .text C:\Windows\system32\PnkBstrA.exe[408] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001E0600

    .text C:\Windows\system32\wininit.exe[452] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\csrss.exe[476] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\services.exe[520] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\lsass.exe[552] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\lsm.exe[564] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text ...

    .text C:\Windows\system32\SearchIndexer.exe[856] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001203FC

    .text C:\Windows\system32\SearchIndexer.exe[856] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001201F8

    .text C:\Windows\system32\SearchIndexer.exe[856] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\SearchIndexer.exe[856] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00140A08

    .text C:\Windows\system32\SearchIndexer.exe[856] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001403FC

    .text C:\Windows\system32\SearchIndexer.exe[856] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00140804

    .text C:\Windows\system32\SearchIndexer.exe[856] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001401F8

    .text C:\Windows\system32\SearchIndexer.exe[856] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00140600

    .text C:\Windows\System32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\System32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\svchost.exe[996] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000E03FC

    .text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000E01F8

    .text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00200A08

    .text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002003FC

    .text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00200804

    .text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002001F8

    .text C:\Program Files\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[1016] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00200600

    .text C:\Windows\system32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000E03FC

    .text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000E01F8

    .text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00200A08

    .text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002003FC

    .text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00200804

    .text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002001F8

    .text C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe[1164] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00200600

    .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1372] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1464] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\nvvsvc.exe[1476] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\System32\spoolsv.exe[1552] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text ...

    .text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 003C03FC

    .text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 003C01F8

    .text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 003E0A08

    .text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 003E03FC

    .text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 003E0804

    .text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 003E01F8

    .text C:\Users\Bernardo\AppData\Roaming\uTorrent\uTorrent.exe[2096] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 003E0600

    .text C:\Windows\system32\viakaraokesrv.exe[2136] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000603FC

    .text C:\Windows\system32\viakaraokesrv.exe[2136] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000601F8

    .text C:\Windows\system32\viakaraokesrv.exe[2136] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\viakaraokesrv.exe[2136] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00130A08

    .text C:\Windows\system32\viakaraokesrv.exe[2136] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001303FC

    .text C:\Windows\system32\viakaraokesrv.exe[2136] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00130804

    .text C:\Windows\system32\viakaraokesrv.exe[2136] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001301F8

    .text C:\Windows\system32\viakaraokesrv.exe[2136] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00130600

    .text C:\Windows\System32\svchost.exe[2160] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000703FC

    .text C:\Windows\System32\svchost.exe[2160] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000701F8

    .text C:\Windows\System32\svchost.exe[2160] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\System32\svchost.exe[2160] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00090A08

    .text C:\Windows\System32\svchost.exe[2160] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000903FC

    .text C:\Windows\System32\svchost.exe[2160] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00090804

    .text C:\Windows\System32\svchost.exe[2160] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000901F8

    .text C:\Windows\System32\svchost.exe[2160] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00090600

    .text C:\Program Files\Nero\Update\NASvc.exe[2260] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001F03FC

    .text C:\Program Files\Nero\Update\NASvc.exe[2260] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001F01F8

    .text C:\Program Files\Nero\Update\NASvc.exe[2260] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\Nero\Update\NASvc.exe[2260] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00200A08

    .text C:\Program Files\Nero\Update\NASvc.exe[2260] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 002003FC

    .text C:\Program Files\Nero\Update\NASvc.exe[2260] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00200804

    .text C:\Program Files\Nero\Update\NASvc.exe[2260] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 002001F8

    .text C:\Program Files\Nero\Update\NASvc.exe[2260] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00200600

    .text C:\Windows\system32\taskhost.exe[2264] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000D03FC

    .text C:\Windows\system32\taskhost.exe[2264] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000D01F8

    .text C:\Windows\system32\taskhost.exe[2264] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\taskhost.exe[2264] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 000E0A08

    .text C:\Windows\system32\taskhost.exe[2264] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000E03FC

    .text C:\Windows\system32\taskhost.exe[2264] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 000E0804

    .text C:\Windows\system32\taskhost.exe[2264] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000E01F8

    .text C:\Windows\system32\taskhost.exe[2264] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 000E0600

    .text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001E03FC

    .text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001E01F8

    .text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] user32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001F0A08

    .text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] user32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001F03FC

    .text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] user32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001F0804

    .text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] user32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001F01F8

    .text C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe[2296] user32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001F0600

    .text C:\Windows\system32\svchost.exe[2680] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000703FC

    .text C:\Windows\system32\svchost.exe[2680] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000701F8

    .text C:\Windows\system32\svchost.exe[2680] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\svchost.exe[2680] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00090A08

    .text C:\Windows\system32\svchost.exe[2680] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000903FC

    .text C:\Windows\system32\svchost.exe[2680] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00090804

    .text C:\Windows\system32\svchost.exe[2680] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000901F8

    .text C:\Windows\system32\svchost.exe[2680] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00090600

    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001203FC

    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001201F8

    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00140A08

    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001403FC

    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00140804

    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001401F8

    .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2820] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00140600

    .text C:\Windows\system32\sppsvc.exe[3088] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000F03FC

    .text C:\Windows\system32\sppsvc.exe[3088] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000F01F8

    .text C:\Windows\system32\sppsvc.exe[3088] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\sppsvc.exe[3088] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00110A08

    .text C:\Windows\system32\sppsvc.exe[3088] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001103FC

    .text C:\Windows\system32\sppsvc.exe[3088] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00110804

    .text C:\Windows\system32\sppsvc.exe[3088] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001101F8

    .text C:\Windows\system32\sppsvc.exe[3088] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00110600

    .text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001E03FC

    .text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001E01F8

    .text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001F0A08

    .text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001F03FC

    .text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001F0804

    .text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001F01F8

    .text C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe[3164] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001F0600

    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3168] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000E03FC

    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000E01F8

    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00100A08

    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001003FC

    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00100804

    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001001F8

    .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3248] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00100600

    .text C:\Program Files\Google\Drive\googledrivesync.exe[3388] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 001E03FC

    .text C:\Program Files\Google\Drive\googledrivesync.exe[3388] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 001E01F8

    .text C:\Program Files\Google\Drive\googledrivesync.exe[3388] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\Google\Drive\googledrivesync.exe[3388] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 001F0A08

    .text C:\Program Files\Google\Drive\googledrivesync.exe[3388] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001F03FC

    .text C:\Program Files\Google\Drive\googledrivesync.exe[3388] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 001F0804

    .text C:\Program Files\Google\Drive\googledrivesync.exe[3388] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001F01F8

    .text C:\Program Files\Google\Drive\googledrivesync.exe[3388] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 001F0600

    .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000E03FC

    .text C:\Windows\system32\Dwm.exe[3688] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000E01F8

    .text C:\Windows\system32\Dwm.exe[3688] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\Dwm.exe[3688] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 000F0A08

    .text C:\Windows\system32\Dwm.exe[3688] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000F03FC

    .text C:\Windows\system32\Dwm.exe[3688] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 000F0804

    .text C:\Windows\system32\Dwm.exe[3688] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000F01F8

    .text C:\Windows\system32\Dwm.exe[3688] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 000F0600

    .text C:\Windows\Explorer.EXE[3696] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000703FC

    .text C:\Windows\Explorer.EXE[3696] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000701F8

    .text C:\Windows\Explorer.EXE[3696] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\Explorer.EXE[3696] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00140A08

    .text C:\Windows\Explorer.EXE[3696] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001403FC

    .text C:\Windows\Explorer.EXE[3696] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00140804

    .text C:\Windows\Explorer.EXE[3696] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001401F8

    .text C:\Windows\Explorer.EXE[3696] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00140600

    .text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000703FC

    .text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000701F8

    .text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00090A08

    .text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 000903FC

    .text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00090804

    .text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 000901F8

    .text C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe[4324] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00090600

    .text C:\Users\Bernardo\Downloads\ih25098y.exe[4488] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\wuauclt.exe[4776] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000F03FC

    .text C:\Windows\system32\wuauclt.exe[4776] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000F01F8

    .text C:\Windows\system32\wuauclt.exe[4776] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\wuauclt.exe[4776] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00100A08

    .text C:\Windows\system32\wuauclt.exe[4776] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001003FC

    .text C:\Windows\system32\wuauclt.exe[4776] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00100804

    .text C:\Windows\system32\wuauclt.exe[4776] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001001F8

    .text C:\Windows\system32\wuauclt.exe[4776] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00100600

    .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!LdrUnloadDll 7707C86E 5 Bytes JMP 000703FC

    .text C:\Windows\system32\svchost.exe[4908] ntdll.dll!LdrLoadDll 7708223E 5 Bytes JMP 000701F8

    .text C:\Windows\system32\svchost.exe[4908] KERNEL32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    .text C:\Windows\system32\svchost.exe[4908] USER32.dll!UnhookWindowsHookEx 76ACADF9 5 Bytes JMP 00160A08

    .text C:\Windows\system32\svchost.exe[4908] USER32.dll!UnhookWinEvent 76ACB750 5 Bytes JMP 001603FC

    .text C:\Windows\system32\svchost.exe[4908] USER32.dll!SetWindowsHookExW 76ACE30C 5 Bytes JMP 00160804

    .text C:\Windows\system32\svchost.exe[4908] USER32.dll!SetWinEventHook 76AD24DC 5 Bytes JMP 001601F8

    .text C:\Windows\system32\svchost.exe[4908] USER32.dll!SetWindowsHookExA 76AF6D0C 5 Bytes JMP 00160600

    .text C:\Windows\system32\AUDIODG.EXE[5668] kernel32.dll!GetBinaryTypeW + 70 76EA69F4 1 Byte [62]

    ---- User IAT/EAT - GMER 2.1 ----

    IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1372] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73040790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

    IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3168] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73040790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

    ---- Devices - GMER 2.1 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- Files - GMER 2.1 ----

    File C:\avast! sandbox 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo\AppData 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo\AppData\Local 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo\AppData\Local\Microsoft 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo\AppData\Local\Microsoft\Windows 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo\AppData\Local\Microsoft\Windows\Explorer 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Users\Bernardo\AppData\Local\Microsoft\Windows\Explorer\ExplorerStartupLog_RunOnce.etl 16384 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Windows 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Windows\INF 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Windows\INF\setupapi.app.log 463033 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Windows\System32 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\C\Windows\System32\DriverStore 0 bytes

    File C:\avast! sandbox\S-1-5-21-2798079315-3462768855-1190625631-1000\webStorage\snx_fs.dat 1676 bytes

    File C:\avast! sandbox\snx_rhive 262144 bytes

    File C:\avast! sandbox\snx_rhive.LOG1 13312 bytes

    File C:\avast! sandbox\snx_rhive.LOG2 0 bytes

    File C:\avast! sandbox\snx_rhive{830136a1-c858-11e2-8686-b8975a19d6fe}.TM.blf 65536 bytes

    File C:\avast! sandbox\snx_rhive{830136a1-c858-11e2-8686-b8975a19d6fe}.TMContainer00000000000000000001.regtrans-ms 524288 bytes

    File C:\avast! sandbox\snx_rhive{830136a1-c858-11e2-8686-b8975a19d6fe}.TMContainer00000000000000000002.regtrans-ms 524288 bytes

    ---- EOF - GMER 2.1 ----

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Trevomader

    Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

    Por favor, atente para o seguinte:

    • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
    • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
    • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
    • Sempre coloque suas respostas neste tópico... Não abra outro!
    • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
    • Respeite a ordem das instruções passadas.
    • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

    # Etapa nº 1 #

    Não é aconselhável usar o ComboFix sem auxilio de uma pessoa especializada... A referiada pasta não aparece nos logs.

    Faça o download do Malwarebytes Anti-Malware:

    • Link1
    • Link alternativo
      • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
      • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
      • Se existirem atualizações, elas serão baixadas e instaladas.
      • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
      • O scan iniciará e poderá ser demorado. Por favor seja paciente.
      • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
      • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
      • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
      • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
      • Copie e cole o conteúdo desse log na sua próxima resposta.

    Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Malwarebytes Anti-Malware (Trial) 1.75.0.1300

    www.malwarebytes.org

    Versão da Base de Dados: v2013.06.09.07

    Windows 7 Service Pack 1 x86 NTFS

    Internet Explorer 10.0.9200.16576

    Bernardo :: BERNARDO-PC [administrador]

    Proteção: Permitir

    09/06/2013 21:30:10

    mbam-log-2013-06-09 (21-30-10).txt

    Tipo de Verificação: Verificação Rápida

    Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

    Opções de verificação desativadas: P2P

    Objetos escaneados: 228638

    Tempo decorrido: 3 minuto(s), 50 segundo(s)

    Processos de Memória Detectados: 0

    (Não foram detectados ítens maliciosos)

    Módulos de Memória Detectados: 0

    (Não foram detectados ítens maliciosos)

    Chaves de Registro Detectadas: 0

    (Não foram detectados ítens maliciosos)

    Valores de Registro Detectadas: 0

    (Não foram detectados ítens maliciosos)

    Itens de Dados no Registro Detectadas: 0

    (Não foram detectados ítens maliciosos)

    Pastas Detectadas: 0

    (Não foram detectados ítens maliciosos)

    Arquivos Detectados: 0

    (Não foram detectados ítens maliciosos)

    (fim)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Trevomader

    Faça o download do Kaspersky AVP Tool de um desses links:

    Alternativa 1

    Alternativa 2

    • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
    • Somente o campo "email" é obrigatório.
    • Informe seu email depois clique no botão Submit Form.
    • A página será recarregada. Clique no botão Download
    • Salve-o em sua área de trabalho (Desktop).
    • Execute o arquivo e aguarde a instalação.
      • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

    • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
    • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

    KRT_settings.png

    Nesta tela, marque a caixa ao lado de:

    • Meu Computador;
    • Disco local (C:);
    • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
    • Depois clique na aba Automatic Scan.

    KRT_install2_.png

    • De volta à tela inicial do programa, clique no botão Start scanning;
    • Tenha paciência, é um pouco demorado;
    • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
    • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

    KRT_detection_.png

    Uma vez finalizado o scan, proceda da seguinte forma:

    1. Na tela principal, caso tenha sido detectado algo, então salve o log.
    2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
    3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
    4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
    5. Escolha um local de fácil acesso e salve como log.txt
    6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
    7. Se nada for detectado, então não precisa salvar o log, apenas avise.
    8. Para sair do programa, basta clicar no X no canto superior direito.

    Observações:
    Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
    laranja
    , caso nada tenha sido detectado; e na cor
    vermelha
    , caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
    No, thanks
    .

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Diego, na hora em que fui instalar o programa o mesmo bugou meu computador e fez com que eu tivesse que fazer uma restauração do sistema. Será que existe outro programa para fazer o scan?

    Editado por diego_moicano
    remover CITAR

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro Trevomader

    Não use o botão CITAR a não ser se for realmente necessário. ;)

    Atualize seu antivírus e faça um scan com ele, poste o resultado.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    Entre para seguir isso  





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×