Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Samuelsen

Malware bloqueando meu notebook

Recommended Posts

Inicialmente era um processo com o nome Wscript.exe estava bloqueando tudo inclusive meu antivírus. Porém, parece que consegui remover esse processo. O que posso garantir é que adquiri este malware por pendrive, como o autorun.exe do mesmo (por isso não coloco mais o pendrives infectados no notebook).

No momento não consigo acessar o painel de controle, nem ativar a central de ações e o firewall do meu notebook ...

Aguardo a ajuda, muito obrigado e parabéns ao fórum...

Compartilhar este post


Link para o post
Compartilhar em outros sites

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 10.0.9200.16618 BrowserJavaVersion: 10.25.2

Run by ivana at 1:28:40 on 2013-07-11

Microsoft Windows 7 Starter 6.1.7601.1.1252.55.1046.18.1641.545 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\atiesrxx.exe

C:\Program Files\IDT\WDM\STacSV.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

C:\Windows\system32\PnkBstrA.exe

C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe

C:\Users\ivana\Desktop\D3DOverrider\D3DOverrider.exe

C:\Windows\system32\wbem\WmiPrvSE.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\uTorrent\uTorrent.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\CyberLink\YouCam\YCMMirage.exe

C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe

C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\wbem\WmiPrvSE.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe

C:\Users\ivana\AppData\Local\Temp\nsdE013.tmp\nsF3D3.tmp

C:\Windows\system32\conhost.exe

C:\Users\ivana\AppData\Local\Temp\nsdE013.tmp\PEV.DAT

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\System32\svchost.exe -k secsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.b1.org/?bsrc=hmior&chid=c167991

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://search.b1.org/?bsrc=hmior&chid=c167991

mStart Page = hxxp://brasil-pesquisa.pw/r.asp#

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\HPNetworkCheckPlugin.dll

BHO: {FE6FE30D-D976-4DB5-BF4E-F031C12D0F48} - <orphaned>

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED

mRun: [D3DOverrider] "c:\users\ivana\desktop\d3doverrider\D3DOverriderWrapper.exe" /s

mRun: [HPConnectionManager] c:\program files\hewlett-packard\hp connection manager\HPCMDelayStart.exe

mRun: [HP Quick Launch] c:\program files\hewlett-packard\hp quick launch\HPMSGSVC.exe

mRun: [HPOSD] c:\program files\hewlett-packard\hp on screen display\HPOSD.exe

mRun: [sysTrayApp] c:\program files\idt\wdm\sttray.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe

uPolicies-Explorer: NoWindowsUpdate = 1

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDriveTypeAutoRun = dword:189

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - c:\program files\hewlett-packard\hp support framework\resources\hpnetworkcheck\NCLauncherFromIE.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\EvernoteIE.dll/204

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{5531F59C-9DD6-4424-9B29-FD4B7716E98E} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{7B43D862-D581-466F-8877-A668FFF82104} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{7B43D862-D581-466F-8877-A668FFF82104}\75C616E6D266576737030323 : DHCPNameServer = 192.168.0.9 192.168.16.2

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\ivana\appdata\roaming\mozilla\firefox\profiles\wjj5w7x1.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://brasil-pesquisa.pw/r.asp#

FF - prefs.js: network.proxy.type - 4

FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\ganymede\plugins\npganymedenet.dll

FF - plugin: c:\program files\google\picasa3\npPicasa3.dll

FF - plugin: c:\program files\google\update\1.3.21.149\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2013-06-08 01:00; leethax@leethax.net; c:\users\ivana\appdata\roaming\mozilla\firefox\profiles\wjj5w7x1.default\extensions\leethax@leethax.net.xpi

FF - ExtSQL: 2013-07-01 07:16; wrc@avast.com; c:\program files\avast software\avast\webrep\FF

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2011-1-28 66176]

R0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2011-1-28 32384]

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-7-1 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-7-1 175176]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-7-1 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-7-1 369584]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-2-28 176128]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ati technologies\ati.ace\fuel\Fuel.Service.exe [2011-2-28 284672]

R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ati technologies\ati.ace\reservation manager\AMD Reservation Manager.exe [2010-6-17 140224]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-7-1 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-7-1 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-7-1 46808]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\hewlett-packard\hp support framework\HPSA_Service.exe [2012-9-27 86528]

R2 HPClientSvc;HP Client Services;c:\program files\hewlett-packard\hp client services\HPClientServices.exe [2010-10-11 246840]

R2 HPWMISVC;HPWMISVC;c:\program files\hewlett-packard\hp quick launch\HPWMISVC.exe [2012-3-5 35200]

R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]

R3 amdiox86;AMD IO Driver;c:\windows\system32\drivers\amdiox86.sys [2012-4-9 37944]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2012-4-9 297000]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2012-4-9 33320]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\drivers\clwvd.sys [2010-7-28 27632]

R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files\hewlett-packard\hp connection manager\hpCMSrv.exe [2011-2-15 1071160]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2013-6-27 254568]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-6-27 337512]

R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]

R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]

R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]

R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]

R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2012-4-9 35968]

S2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2013-6-27 1799272]

S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-18 418376]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-18 701512]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-3 162408]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-18 22856]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-7-10 40776]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]

S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]

.

=============== Created Last 30 ================

.

2013-07-11 03:06:43 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{149971d8-3161-4751-a67e-f4040ba61340}\offreg.dll

2013-07-10 20:44:45 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-07-10 20:31:08 1077760 ----a-w- c:\windows\system32\DWrite.dll

2013-07-10 20:31:05 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-10 20:31:04 509440 ----a-w- c:\windows\system32\qedit.dll

2013-07-10 20:31:01 936448 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2013-07-10 20:30:55 2347520 ----a-w- c:\windows\system32\win32k.sys

2013-07-10 20:30:20 680960 ----a-w- c:\program files\windows defender\MpSvc.dll

2013-07-10 20:30:20 392704 ----a-w- c:\program files\windows defender\MpClient.dll

2013-07-10 20:30:19 224768 ----a-w- c:\program files\windows defender\MpCommu.dll

2013-07-09 15:23:52 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{149971d8-3161-4751-a67e-f4040ba61340}\mpengine.dll

2013-07-04 13:10:22 -------- d-----w- c:\users\ivana\appdata\local\B1E

2013-07-04 13:10:01 -------- d-----w- c:\users\ivana\appdata\roaming\B1Toolbar

2013-07-04 04:46:06 187456 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll

2013-07-04 04:46:05 121024 ----a-w- c:\program files\mozilla firefox\plugins\npganymedenet.dll

2013-07-01 17:49:03 867240 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-07-01 17:48:47 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-01 10:17:01 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-07-01 10:16:59 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-07-01 10:16:59 175176 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-07-01 10:16:58 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-07-01 10:16:58 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-07-01 10:16:21 41664 ----a-w- c:\windows\avastSS.scr

2013-07-01 10:15:54 -------- d-----w- c:\program files\AVAST Software

2013-06-28 02:44:28 -------- d-----w- c:\program files\ESET

2013-06-28 02:36:20 -------- d-----w- c:\windows\ERUNT

2013-06-28 02:33:02 -------- d-----w- C:\JRT

2013-06-28 02:15:10 -------- d-----w- c:\windows\system32\catroot2

2013-06-28 01:14:33 -------- d-----w- C:\RegBackup

2013-06-28 01:10:44 -------- d-----w- c:\program files\Tweaking.com

2013-06-28 00:54:05 -------- d-----w- C:\_OTL

2013-06-27 20:19:37 536576 ----a-w- c:\windows\system32\idtmini1.exe

2013-06-27 20:19:36 4452352 ----a-w- c:\windows\system32\stlang.dll

2013-06-27 20:19:36 1784320 ----a-w- c:\windows\system32\IDTNCPL.cpl

2013-06-27 20:19:36 1433692 ----a-w- c:\windows\sttray.exe

2013-06-27 20:19:22 208384 ----a-w- c:\windows\system32\staco.dll

2013-06-27 20:17:20 445952 ----a-w- c:\windows\system32\drivers\stwrt.sys

2013-06-27 20:17:18 419328 ----a-w- c:\windows\system32\stcplx.dll

2013-06-27 20:17:17 534016 ----a-w- c:\windows\system32\stapi32.dll

2013-06-27 20:17:17 1279488 ----a-w- c:\windows\system32\stapo.dll

2013-06-27 19:49:40 254568 ----a-w- c:\windows\system32\drivers\RtsPStor.sys

2013-06-27 19:49:36 9888360 ----a-w- c:\windows\system32\RtsPStorIcon.dll

2013-06-27 18:51:36 80416 ----a-w- c:\windows\system32\RtNicProp32.dll

2013-06-27 18:51:35 337512 ----a-w- c:\windows\system32\drivers\Rt86win7.sys

2013-06-27 17:32:49 -------- d-----w- c:\programdata\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}

2013-06-26 03:01:53 489048 ----a-w- c:\windows\system32\drivers\9953359drv.sys

2013-06-26 01:25:04 -------- d-----w- c:\users\ivana\appdata\local\Steppschuh

2013-06-25 03:42:29 -------- d-----w- c:\programdata\Kaspersky Lab

2013-06-24 20:08:01 -------- d-----w- c:\program files\CCleaner

2013-06-24 19:58:20 -------- d-----w- c:\windows\pss

2013-06-24 13:01:46 -------- d-sh--w- C:\$RECYCLE.BIN

2013-06-23 04:20:43 -------- d-sh--w- c:\program files\f4d

2013-06-23 01:06:04 -------- d-----w- c:\programdata\Baidu Security

2013-06-23 01:05:06 -------- d-----w- c:\program files\Baidu Security

2013-06-23 00:31:07 -------- d-----w- c:\users\ivana\appdata\roaming\Baidu Security

2013-06-22 23:07:43 -------- d-----w- c:\users\ivana\appdata\roaming\WindowsStart

2013-06-22 22:59:36 85 ----a-w- c:\users\ivana\appdata\roaming\Open.bat

2013-06-22 22:59:36 1491560 ----a-w- c:\users\ivana\appdata\roaming\Install.exe

2013-06-19 11:19:37 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-06-19 00:22:03 -------- d-----w- c:\users\ivana\appdata\local\LiveGBoost

2013-06-19 00:21:36 -------- d-----w- c:\users\ivana\appdata\local\GZero

2013-06-19 00:13:35 -------- d-----w- c:\users\ivana\appdata\roaming\Malwarebytes

2013-06-19 00:13:23 -------- d-----w- c:\programdata\Malwarebytes

2013-06-19 00:13:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-06-19 00:13:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-06-16 04:40:39 -------- d-----w- c:\users\ivana\appdata\local\SKIDROW

2013-06-16 04:38:17 -------- d-----w- c:\users\ivana\appdata\roaming\Trine2

2013-06-16 04:32:48 -------- d-----w- c:\program files\Frozenbyte

2013-06-15 04:48:47 -------- d-----w- c:\users\ivana\appdata\roaming\AVG2013

2013-06-15 04:47:28 -------- d-----w- c:\users\ivana\appdata\roaming\TuneUp Software

2013-06-15 04:46:48 -------- d--h--w- C:\$AVG

2013-06-15 04:46:47 -------- d-----w- c:\programdata\AVG2013

2013-06-15 04:45:43 -------- d-----w- c:\program files\AVG

2013-06-15 04:20:58 4096000 ----a-w- c:\program files\GUTDBD.tmp

2013-06-15 04:20:58 -------- d-----w- c:\program files\GUMDBC.tmp

2013-06-14 00:33:26 -------- d-----w- c:\users\ivana\appdata\roaming\Doublefine

2013-06-14 00:32:47 -------- d-----w- c:\programdata\RELOADED

2013-06-14 00:32:33 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll

2013-06-14 00:03:58 -------- d-----w- c:\program files\The Cave

2013-06-12 22:02:08 1505280 ----a-w- c:\windows\system32\d3d11.dll

2013-06-12 22:01:59 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2013-06-12 22:01:41 492544 ----a-w- c:\windows\system32\win32spl.dll

2013-06-12 22:01:32 903168 ----a-w- c:\windows\system32\certutil.exe

2013-06-12 22:01:32 1160192 ----a-w- c:\windows\system32\crypt32.dll

2013-06-12 22:01:31 43008 ----a-w- c:\windows\system32\certenc.dll

2013-06-12 22:01:31 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2013-06-12 22:01:31 103936 ----a-w- c:\windows\system32\cryptnet.dll

2013-06-12 21:59:26 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-06-12 21:59:25 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-06-12 21:55:39 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-06-12 21:05:23 -------- d-----w- c:\program files\The Swapper

.

==================== Find3M ====================

.

2013-07-01 17:48:14 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-06-27 22:00:53 6656 ----a-w- c:\windows\system32\bcmwlrc.dll

2013-06-27 20:15:32 6344704 ----a-w- c:\windows\system32\IDTNGUI.exe

2013-06-27 20:15:32 5298688 ----a-w- c:\windows\system32\IDTNHP.dll

2013-06-27 20:15:32 249344 ----a-w- c:\windows\system32\IDTNJ.exe

2013-06-27 20:15:32 1085440 ----a-w- c:\windows\system32\IDTNX.dll

2013-06-27 19:17:06 4268096 ----a-w- c:\windows\system32\drivers\BCMWL6.SYS

2013-06-27 19:17:03 3616768 ----a-w- c:\windows\system32\bcmihvui.dll

2013-06-27 19:17:02 3928064 ----a-w- c:\windows\system32\bcmihvsrv.dll

2013-06-27 18:40:57 100896 ----a-w- c:\windows\system32\RTNUninst32.dll

2013-06-19 11:19:37 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-06-12 20:58:37 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-06-12 20:58:37 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-05-02 05:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys

.

============= FINISH: 1:29:26,97 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-07-11 03:33:12

Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\0000006a ST950042 rev.0003 465,76GB

Running: gmer.exe; Driver: C:\Users\ivana\AppData\Local\Temp\ugtirpog.sys

---- System - GMER 2.1 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8C43E610]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8DF8A5FA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8C43F0E6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8C44AF18]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8C44AF64]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8C44B0FE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8C44AE86]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8DF8A992]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8C44AECE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8C43F5E4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8C43F800]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8C44B0B8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8C43FE9C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8C43E676]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8C443596]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8DF8A6C2]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8DF88C12]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8C43E6DC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8C44398C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8C44092C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8C44AF42]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8C44AF86]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8C44B122]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8C44AEAC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8C442E78]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8C44B036]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8C44AEF6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8C44326E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8C44B0DC]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8DF8A822]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8C4407F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8C440506]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8C43E742]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8C43E7A8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8C43FD16]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8C43E2F8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8C43E4CE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8C43E45C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8C440066]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8C4401C8]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8C43E556]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8DF8A8EA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8C43FCF6]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8DF88C42]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8C43E80E]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8DF8A76E]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 2.1 ----

.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 836819F5 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 836BB1F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 836C2410 4 Bytes [10, E6, 43, 8C]

.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 836C2438 4 Bytes [FA, A5, F8, 8D]

.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 836C2498 4 Bytes [E6, F0, 43, 8C]

.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 836C24EC 8 Bytes [18, AF, 44, 8C, 64, AF, 44, ...]

.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 836C24F8 4 Bytes [FE, B0, 44, 8C]

.text ...

.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EA2C000, 0x37DC8E, 0xE8000020]

? C:\Users\ivana\AppData\Local\Temp\mbr.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\svchost.exe[236] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe[384] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\csrss.exe[448] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe[508] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\wininit.exe[516] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text ...

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1140] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 002F03FC

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1140] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 002F01F8

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1140] KERNEL32.dll!LoadLibraryA 765EDC65 5 Bytes JMP 100022E0 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1140] KERNEL32.dll!LoadLibraryW 765EEF42 5 Bytes JMP 10002360 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1140] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1140] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00310A08

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1140] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 003103FC

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1140] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00310804

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1140] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 003101F8

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1140] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00310600

.text C:\Windows\system32\svchost.exe[1332] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\PnkBstrA.exe[1340] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1504] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Users\ivana\Desktop\Gmer\gmer.exe[1608] kernel32.dll!LoadLibraryA 765EDC65 5 Bytes JMP 100022E0 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Users\ivana\Desktop\Gmer\gmer.exe[1608] kernel32.dll!LoadLibraryW 765EEF42 5 Bytes JMP 10002360 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Users\ivana\Desktop\Gmer\gmer.exe[1608] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\taskeng.exe[1624] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000703FC

.text C:\Windows\system32\taskeng.exe[1624] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000701F8

.text C:\Windows\system32\taskeng.exe[1624] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\taskeng.exe[1624] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00080A08

.text C:\Windows\system32\taskeng.exe[1624] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 000803FC

.text C:\Windows\system32\taskeng.exe[1624] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00080804

.text C:\Windows\system32\taskeng.exe[1624] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 000801F8

.text C:\Windows\system32\taskeng.exe[1624] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00080600

.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1632] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\WLANExt.exe[1644] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\conhost.exe[1652] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\System32\spoolsv.exe[1852] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1892] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text ...

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2028] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 001E03FC

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2028] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 001E01F8

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2028] KERNEL32.dll!LoadLibraryA 765EDC65 5 Bytes JMP 015222E0 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2028] KERNEL32.dll!LoadLibraryW 765EEF42 5 Bytes JMP 01522360 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2028] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2028] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00310A08

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2028] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 003103FC

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2028] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00310804

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2028] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 003101F8

.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[2028] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00310600

.text C:\Windows\system32\svchost.exe[2124] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\wuauclt.exe[2140] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000F03FC

.text C:\Windows\system32\wuauclt.exe[2140] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000F01F8

.text C:\Windows\system32\wuauclt.exe[2140] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\wuauclt.exe[2140] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00100A08

.text C:\Windows\system32\wuauclt.exe[2140] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 001003FC

.text C:\Windows\system32\wuauclt.exe[2140] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00100804

.text C:\Windows\system32\wuauclt.exe[2140] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 001001F8

.text C:\Windows\system32\wuauclt.exe[2140] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00100600

.text C:\Windows\system32\SearchIndexer.exe[2200] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2256] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe[2288] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Users\ivana\Desktop\D3DOverrider\D3DOverrider.exe[2488] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 001703FC

.text C:\Users\ivana\Desktop\D3DOverrider\D3DOverrider.exe[2488] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 001701F8

.text C:\Users\ivana\Desktop\D3DOverrider\D3DOverrider.exe[2488] KERNEL32.dll!LoadLibraryA 765EDC65 5 Bytes JMP 003E22E0 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Users\ivana\Desktop\D3DOverrider\D3DOverrider.exe[2488] KERNEL32.dll!LoadLibraryW 765EEF42 5 Bytes JMP 003E2360 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Users\ivana\Desktop\D3DOverrider\D3DOverrider.exe[2488] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Users\ivana\Desktop\D3DOverrider\D3DOverrider.exe[2488] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00180A08

.text C:\Users\ivana\Desktop\D3DOverrider\D3DOverrider.exe[2488] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 001803FC

.text C:\Users\ivana\Desktop\D3DOverrider\D3DOverrider.exe[2488] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00180804

.text C:\Users\ivana\Desktop\D3DOverrider\D3DOverrider.exe[2488] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 001801F8

.text C:\Users\ivana\Desktop\D3DOverrider\D3DOverrider.exe[2488] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00180600

.text C:\Windows\system32\svchost.exe[2748] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 001203FC

.text C:\Windows\system32\svchost.exe[2748] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 001201F8

.text C:\Windows\system32\svchost.exe[2748] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\svchost.exe[2748] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00140A08

.text C:\Windows\system32\svchost.exe[2748] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 001403FC

.text C:\Windows\system32\svchost.exe[2748] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00140804

.text C:\Windows\system32\svchost.exe[2748] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 001401F8

.text C:\Windows\system32\svchost.exe[2748] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00140600

.text C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe[2908] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000703FC

.text C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe[2908] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000701F8

.text C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe[2908] KERNEL32.dll!LoadLibraryA 765EDC65 5 Bytes JMP 100022E0 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe[2908] KERNEL32.dll!LoadLibraryW 765EEF42 5 Bytes JMP 10002360 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe[2908] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe[2908] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00080A08

.text C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe[2908] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 000803FC

.text C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe[2908] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00080804

.text C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe[2908] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 000801F8

.text C:\Program Files\Hewlett-Packard\HP On Screen Display\HPOSD.exe[2908] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00080600

.text C:\Program Files\IDT\WDM\sttray.exe[2972] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 001703FC

.text C:\Program Files\IDT\WDM\sttray.exe[2972] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 001701F8

.text C:\Program Files\IDT\WDM\sttray.exe[2972] KERNEL32.dll!LoadLibraryA 765EDC65 5 Bytes JMP 003A22E0 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\IDT\WDM\sttray.exe[2972] KERNEL32.dll!LoadLibraryW 765EEF42 5 Bytes JMP 003A2360 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\IDT\WDM\sttray.exe[2972] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\IDT\WDM\sttray.exe[2972] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 002F0A08

.text C:\Program Files\IDT\WDM\sttray.exe[2972] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 002F03FC

.text C:\Program Files\IDT\WDM\sttray.exe[2972] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 002F0804

.text C:\Program Files\IDT\WDM\sttray.exe[2972] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 002F01F8

.text C:\Program Files\IDT\WDM\sttray.exe[2972] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 002F0600

.text C:\Windows\system32\Dwm.exe[3032] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000E03FC

.text C:\Windows\system32\Dwm.exe[3032] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000E01F8

.text C:\Windows\system32\Dwm.exe[3032] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\Dwm.exe[3032] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 000F0A08

.text C:\Windows\system32\Dwm.exe[3032] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 000F03FC

.text C:\Windows\system32\Dwm.exe[3032] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 000F0804

.text C:\Windows\system32\Dwm.exe[3032] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 000F01F8

.text C:\Windows\system32\Dwm.exe[3032] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 000F0600

.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3036] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000D03FC

.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3036] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000D01F8

.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3036] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3036] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 000F0A08

.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3036] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 000F03FC

.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3036] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 000F0804

.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3036] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 000F01F8

.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[3036] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 000F0600

.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3052] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000E03FC

.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3052] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000E01F8

.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3052] KERNEL32.dll!LoadLibraryA 765EDC65 5 Bytes JMP 001E22E0 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3052] KERNEL32.dll!LoadLibraryW 765EEF42 5 Bytes JMP 001E2360 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3052] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3052] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 000F0A08

.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3052] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 000F03FC

.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3052] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 000F0804

.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3052] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 000F01F8

.text C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe[3052] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 000F0600

.text C:\Windows\Explorer.EXE[3056] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000E03FC

.text C:\Windows\Explorer.EXE[3056] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000E01F8

.text C:\Windows\Explorer.EXE[3056] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\Explorer.EXE[3056] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00140A08

.text C:\Windows\Explorer.EXE[3056] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 001403FC

.text C:\Windows\Explorer.EXE[3056] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00140804

.text C:\Windows\Explorer.EXE[3056] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 001401F8

.text C:\Windows\Explorer.EXE[3056] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00140600

.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000703FC

.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000701F8

.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00090A08

.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 000903FC

.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00090804

.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 000901F8

.text C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3180] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00090600

.text C:\Program Files\uTorrent\uTorrent.exe[3236] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 003C03FC

.text C:\Program Files\uTorrent\uTorrent.exe[3236] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 003C01F8

.text C:\Program Files\uTorrent\uTorrent.exe[3236] KERNEL32.dll!LoadLibraryA 765EDC65 5 Bytes JMP 100022E0 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\uTorrent\uTorrent.exe[3236] KERNEL32.dll!LoadLibraryW 765EEF42 5 Bytes JMP 10002360 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\uTorrent\uTorrent.exe[3236] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\uTorrent\uTorrent.exe[3236] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 003E0A08

.text C:\Program Files\uTorrent\uTorrent.exe[3236] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 003E03FC

.text C:\Program Files\uTorrent\uTorrent.exe[3236] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 003E0804

.text C:\Program Files\uTorrent\uTorrent.exe[3236] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 003E01F8

.text C:\Program Files\uTorrent\uTorrent.exe[3236] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 003E0600

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3460] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000D03FC

.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3460] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000D01F8

.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3460] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3460] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 000F0A08

.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3460] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 000F03FC

.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3460] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 000F0804

.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3460] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 000F01F8

.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[3460] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 000F0600

.text C:\Windows\system32\atieclxx.exe[3532] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 001703FC

.text C:\Windows\system32\atieclxx.exe[3532] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 001701F8

.text C:\Windows\system32\atieclxx.exe[3532] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\atieclxx.exe[3532] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00180A08

.text C:\Windows\system32\atieclxx.exe[3532] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 001803FC

.text C:\Windows\system32\atieclxx.exe[3532] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00180804

.text C:\Windows\system32\atieclxx.exe[3532] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 001801F8

.text C:\Windows\system32\atieclxx.exe[3532] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00180600

.text C:\Windows\system32\taskhost.exe[3628] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000D03FC

.text C:\Windows\system32\taskhost.exe[3628] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000D01F8

.text C:\Windows\system32\taskhost.exe[3628] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\taskhost.exe[3628] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00220A08

.text C:\Windows\system32\taskhost.exe[3628] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 002203FC

.text C:\Windows\system32\taskhost.exe[3628] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00220804

.text C:\Windows\system32\taskhost.exe[3628] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 002201F8

.text C:\Windows\system32\taskhost.exe[3628] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00220600

.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3992] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 001F03FC

.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3992] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 001F01F8

.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3992] KERNEL32.dll!LoadLibraryA 765EDC65 5 Bytes JMP 01A122E0 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3992] KERNEL32.dll!LoadLibraryW 765EEF42 5 Bytes JMP 01A12360 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3992] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3992] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00210A08

.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3992] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 002103FC

.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3992] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00210804

.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3992] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 002101F8

.text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[3992] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00210600

.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 001E03FC

.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 001E01F8

.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00210A08

.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 002103FC

.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00210804

.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 002101F8

.text C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe[4016] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00210600

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4020] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000E03FC

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4020] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000E01F8

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4020] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4020] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00100A08

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4020] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 001003FC

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4020] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00100804

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4020] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 001001F8

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4020] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00100600

.text C:\Program Files\CyberLink\YouCam\YCMMirage.exe[4152] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 001E03FC

.text C:\Program Files\CyberLink\YouCam\YCMMirage.exe[4152] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 001E01F8

.text C:\Program Files\CyberLink\YouCam\YCMMirage.exe[4152] KERNEL32.dll!LoadLibraryA 765EDC65 5 Bytes JMP 100022E0 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\CyberLink\YouCam\YCMMirage.exe[4152] KERNEL32.dll!LoadLibraryW 765EEF42 5 Bytes JMP 10002360 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\CyberLink\YouCam\YCMMirage.exe[4152] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\CyberLink\YouCam\YCMMirage.exe[4152] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 001F0A08

.text C:\Program Files\CyberLink\YouCam\YCMMirage.exe[4152] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 001F03FC

.text C:\Program Files\CyberLink\YouCam\YCMMirage.exe[4152] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 001F0804

.text C:\Program Files\CyberLink\YouCam\YCMMirage.exe[4152] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 001F01F8

.text C:\Program Files\CyberLink\YouCam\YCMMirage.exe[4152] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 001F0600

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4184] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000E03FC

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4184] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000E01F8

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4184] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4184] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00100A08

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4184] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 001003FC

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4184] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00100804

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4184] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 001001F8

.text C:\Windows\system32\wbem\WmiPrvSE.exe[4184] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00100600

.text C:\Windows\system32\AUDIODG.EXE[4768] kernel32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5448] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 001703FC

.text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5448] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 001701F8

.text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5448] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5448] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00300A08

.text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5448] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 003003FC

.text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5448] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00300804

.text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5448] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 003001F8

.text C:\Program Files\Hewlett-Packard\HP Support Framework\hpsa_service.exe[5448] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00300600

.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 001E03FC

.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 5E4BEEB0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 765E941E 7 Bytes JMP 5EAC9778 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] KERNEL32.dll!QueryPerformanceCounter + 13 765EC435 7 Bytes JMP 5EAC979B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] KERNEL32.dll!LoadAppInitDlls + 355 765EF4F6 7 Bytes JMP 5E4C4CE9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 001F0A08

.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 001F03FC

.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 001F0804

.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 001F01F8

.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 001F0600

.text C:\Program Files\Mozilla Firefox\firefox.exe[5504] GDI32.dll!GetViewportOrgEx + 26C 77AA884B 7 Bytes JMP 5EAC96F9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000703FC

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000701F8

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] KERNEL32.dll!LoadLibraryA 765EDC65 5 Bytes JMP 100022E0 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] KERNEL32.dll!LoadLibraryW 765EEF42 5 Bytes JMP 10002360 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!RegisterMessagePumpHook + 2F1 77528B9E 7 Bytes JMP 5EB9D8D4 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00080A08

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 000803FC

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00080804

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 000801F8

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!IsDialogMessageW + 340 77534444 7 Bytes JMP 5EB9D863 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!GetWindowInfo 77534B5E 5 Bytes JMP 5E9F2A67 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!ToUnicodeEx + 71 77542223 7 Bytes JMP 5E9F306A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5548] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00080600

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[5632] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 001E03FC

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[5632] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 001E01F8

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[5632] KERNEL32.dll!LoadLibraryA 765EDC65 5 Bytes JMP 100022E0 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[5632] KERNEL32.dll!LoadLibraryW 765EEF42 5 Bytes JMP 10002360 C:\Users\ivana\Desktop\D3DOverrider\D3DOverriderHooks.dll

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[5632] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[5632] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00200A08

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[5632] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 002003FC

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[5632] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00200804

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[5632] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 002001F8

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe[5632] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00200600

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5800] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000E03FC

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5800] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000E01F8

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5800] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5800] user32.DLL!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 000F0A08

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5800] user32.DLL!UnhookWinEvent 7752B750 5 Bytes JMP 000F03FC

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5800] user32.DLL!SetWindowsHookExW 7752E30C 5 Bytes JMP 000F0804

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5800] user32.DLL!SetWinEventHook 775324DC 5 Bytes JMP 000F01F8

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5800] user32.DLL!SetWindowsHookExA 77556D0C 5 Bytes JMP 000F0600

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtCreateFile + 6 779955CE 4 Bytes [28, B8, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtCreateFile + B 779955D3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtCreateKey + 6 7799560E 4 Bytes [68, B9, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtCreateKey + B 77995613 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtCreateMutant + 6 7799564E 4 Bytes [68, BA, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtCreateMutant + B 77995653 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtCreateSection + 6 779956EE 4 Bytes [A8, BA, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtCreateSection + B 779956F3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtMapViewOfSection + 6 77995C2E 4 Bytes CALL 769963EF C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtMapViewOfSection + B 77995C33 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenFile + 6 77995CDE 4 Bytes [68, B8, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenFile + B 77995CE3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenKey + 6 77995D0E 4 Bytes [A8, B9, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenKey + B 77995D13 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenKeyEx + 6 77995D1E 4 Bytes CALL 769964DC C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenKeyEx + B 77995D23 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenMutant + 6 77995D5E 4 Bytes [28, BA, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenMutant + B 77995D63 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenProcess + 6 77995D8E 4 Bytes [68, BB, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenProcess + B 77995D93 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenProcessToken + 6 77995D9E 4 Bytes [A8, BB, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenProcessToken + B 77995DA3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenProcessTokenEx + 6 77995DAE 4 Bytes [68, BC, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenProcessTokenEx + B 77995DB3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenSection + 6 77995DCE 4 Bytes CALL 7699658D C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenSection + B 77995DD3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenThread + 6 77995E0E 4 Bytes [28, BB, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenThread + B 77995E13 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenThreadToken + 6 77995E1E 4 Bytes [28, BC, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenThreadToken + B 77995E23 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenThreadTokenEx + 6 77995E2E 4 Bytes [A8, BC, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtOpenThreadTokenEx + B 77995E33 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtQueryAttributesFile + 6 77995F3E 4 Bytes [A8, B8, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtQueryAttributesFile + B 77995F43 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtQueryFullAttributesFile + 6 77995FEE 4 Bytes CALL 769967AB C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtQueryFullAttributesFile + B 77995FF3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtSetInformationFile + 6 7799663E 4 Bytes [28, B9, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtSetInformationFile + B 77996643 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtSetInformationThread + 6 7799669E 4 Bytes CALL 76996E5E C:\Windows\system32\SHELL32.dll (DLL comum do Shell do Windows/Microsoft Corporation)

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtSetInformationThread + B 779966A3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtUnmapViewOfSection + 6 779969BE 4 Bytes [28, BD, 07, 00]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!NtUnmapViewOfSection + B 779969C3 1 Byte [E2]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 001D03FC

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 001D01F8

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] KERNEL32.dll!CreateProcessW 765A204D 5 Bytes JMP 00190030

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] KERNEL32.dll!CreateProcessA 765A2082 5 Bytes JMP 00190070

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!ActivateKeyboardLayout 77528203 5 Bytes JMP 002F04F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!ScreenToClient 7752A506 7 Bytes JMP 002F0670

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00300A08

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!UnhookWinEvent 7752B750 5 Bytes JMP 003003FC

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!RegisterClipboardFormatA 7752C091 5 Bytes JMP 002F02F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!RegisterClipboardFormatW 7752DF8D 5 Bytes JMP 002F02B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!SetWindowsHookExW 7752E30C 5 Bytes JMP 00300804

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!SetWinEventHook 775324DC 5 Bytes JMP 003001F8

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!SetCursor 77533075 5 Bytes JMP 002F0530

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!MonitorFromWindow 77533622 7 Bytes JMP 002F0630

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!PostMessageW 7753447B 5 Bytes JMP 002F05F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!IsWindowVisible 77534D69 7 Bytes JMP 002F06B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!GetClientRect 775354DD 7 Bytes JMP 002F05B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!MapWindowPoints 77535CAA 5 Bytes JMP 002F0570

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!GetParent 77536029 7 Bytes JMP 002F06F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!EmptyClipboard 7754290C 5 Bytes JMP 002F0130

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!SetClipboardData 77542962 5 Bytes JMP 002F0170

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!GetClipboardData 77542BA7 5 Bytes JMP 002F0030

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!GetClipboardFormatNameW 77545FD2 5 Bytes JMP 002F0230

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!SetClipboardViewer 77546FF6 5 Bytes JMP 002F04B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!GetClipboardFormatNameA 7754700A 5 Bytes JMP 002F0270

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!ChangeClipboardChain 7755147C 5 Bytes JMP 002F0430

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!GetTopWindow 775524D9 7 Bytes JMP 002F0730

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!CloseClipboard 7755446C 5 Bytes JMP 002F00B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!OpenClipboard 7755447E 5 Bytes JMP 002F0070

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!IsClipboardFormatAvailable 775544FF 5 Bytes JMP 002F00F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!GetClipboardSequenceNumber 77554513 5 Bytes JMP 002F0330

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!GetClipboardOwner 77554525 5 Bytes JMP 002F0370

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!CountClipboardFormats 7755470A 5 Bytes JMP 002F01F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!EnumClipboardFormats 775547EC 5 Bytes JMP 002F01B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!GetOpenClipboardWindow 7755480B 5 Bytes JMP 002F03F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!SetWindowsHookExA 77556D0C 5 Bytes JMP 00300600

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!SetCursorPos 7756C1B0 5 Bytes JMP 002F0770

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!GetClipboardViewer 77584AF7 5 Bytes JMP 002F0470

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] user32.DLL!GetPriorityClipboardFormat 77584BF9 5 Bytes JMP 002F03B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!DeleteObject 77AA5F14 5 Bytes JMP 003101B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!SelectObject 77AA6640 5 Bytes JMP 003105F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!SetTextColor 77AA6906 5 Bytes JMP 00310A30

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!SetBkMode 77AA69B1 5 Bytes JMP 003108F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!DeleteDC 77AA6EAA 5 Bytes JMP 00310170

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetDeviceCaps 77AA6F7F 5 Bytes JMP 003103B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!ExtSelectClipRgn 77AA7114 5 Bytes JMP 003102F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!SelectClipRgn 77AA7242 5 Bytes JMP 003105B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!SetStretchBltMode 77AA7705 5 Bytes JMP 003106B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetCurrentObject 77AA7917 5 Bytes JMP 00310370

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetTextMetricsW 77AA7B8F 5 Bytes JMP 00310E30

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetTextAlign 77AA7DAF 5 Bytes JMP 00310D70

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!IntersectClipRect 77AA7DFE 5 Bytes JMP 003103F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!ExtTextOutW 77AA8192 5 Bytes JMP 00310970

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!SetTextAlign 77AA828E 5 Bytes JMP 003109F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetClipBox 77AA8525 5 Bytes JMP 00310330

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!MoveToEx 77AA8C21 5 Bytes JMP 00310470

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!StretchDIBits 77AAA53E 5 Bytes JMP 00310770

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!RestoreDC 77AAA67B 5 Bytes JMP 00310530

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!SaveDC 77AAA74B 5 Bytes JMP 00310570

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetTextExtentPoint32W 77AAB4B5 5 Bytes JMP 00310670

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetTextFaceW 77AAB73A 2 Bytes JMP 00310D30

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetTextFaceW + 3 77AAB73D 2 Bytes [86, 88]

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetFontData 77AABCC4 5 Bytes JMP 00310C70

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!SetWorldTransform 77AAC90A 5 Bytes JMP 003106F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!CreateDCA 77AACCA9 5 Bytes JMP 003100B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!CreateDCW 77AACF79 5 Bytes JMP 003100F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!CreateICW 77AACFD0 5 Bytes JMP 00310130

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetTextMetricsA 77AAD0F2 5 Bytes JMP 00310DF0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!Rectangle 77AAF1FF 5 Bytes JMP 003109B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!LineTo 77AAF59B 5 Bytes JMP 00310430

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!SetICMMode 77AAFAA4 5 Bytes JMP 00310DB0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!ExtTextOutA 77AB03F9 5 Bytes JMP 00310930

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetTextExtentPoint32A 77AB07B0 5 Bytes JMP 00310630

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!ExtEscape 77AB2949 5 Bytes JMP 003102B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!Escape 77AB3939 5 Bytes JMP 00310270

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetTextFaceA 77AB3E6A 5 Bytes JMP 00310CF0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!SetPolyFillMode 77ABD851 5 Bytes JMP 00310B30

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!SetMiterLimit 77ABDA0D 5 Bytes JMP 00310B70

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!EndPage 77AC00D7 5 Bytes JMP 00310230

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!ResetDCW 77AC050D 5 Bytes JMP 00310AB0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!GetGlyphOutlineW 77ACC1BA 5 Bytes JMP 00310CB0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!CreateScalableFontResourceW 77ACE817 5 Bytes JMP 00310BB0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!AddFontResourceW 77ACEC13 5 Bytes JMP 00310BF0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!RemoveFontResourceW 77ACF109 5 Bytes JMP 00310C30

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!AbortDoc 77AD4C63 5 Bytes JMP 00310030

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!EndDoc 77AD50AA 5 Bytes JMP 003101F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!StartPage 77AD5195 5 Bytes JMP 00310730

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!StartDocW 77AD5BB0 5 Bytes JMP 003107F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!BeginPath 77AD635D 5 Bytes JMP 00310830

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!SelectClipPath 77AD63B4 5 Bytes JMP 00310AF0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!CloseFigure 77AD640F 5 Bytes JMP 00310070

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!EndPath 77AD6466 5 Bytes JMP 00310A70

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!StrokePath 77AD6699 5 Bytes JMP 003107B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!FillPath 77AD6726 5 Bytes JMP 00310870

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!PolylineTo 77AD6B94 5 Bytes JMP 003104F0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!PolyBezierTo 77AD6C25 5 Bytes JMP 003104B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] GDI32.dll!PolyDraw 77AD6CD7 5 Bytes JMP 003108B0

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ole32.dll!OleSetClipboard 762A0045 5 Bytes JMP 003F0030

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ole32.dll!OleIsCurrentClipboard 762A36B2 5 Bytes JMP 003F0070

.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] ole32.dll!OleGetClipboard 762CFDCD 5 Bytes JMP 003F00B0

.text C:\Windows\System32\svchost.exe[5848] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000703FC

.text C:\Windows\System32\svchost.exe[5848] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000701F8

.text C:\Windows\System32\svchost.exe[5848] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Windows\System32\svchost.exe[5848] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 00090A08

.text C:\Windows\System32\svchost.exe[5848] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 000903FC

.text C:\Windows\System32\svchost.exe[5848] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 00090804

.text C:\Windows\System32\svchost.exe[5848] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 000901F8

.text C:\Windows\System32\svchost.exe[5848] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 00090600

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe[6116] ntdll.dll!LdrUnloadDll 779AC86E 5 Bytes JMP 000E03FC

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe[6116] ntdll.dll!LdrLoadDll 779B223E 5 Bytes JMP 000E01F8

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe[6116] KERNEL32.dll!GetBinaryTypeW + 70 766069F4 1 Byte [62]

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe[6116] USER32.dll!UnhookWindowsHookEx 7752ADF9 5 Bytes JMP 000F0A08

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe[6116] USER32.dll!UnhookWinEvent 7752B750 5 Bytes JMP 000F03FC

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe[6116] USER32.dll!SetWindowsHookExW 7752E30C 5 Bytes JMP 000F0804

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe[6116] USER32.dll!SetWinEventHook 775324DC 5 Bytes JMP 000F01F8

.text C:\Program Files\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe[6116] USER32.dll!SetWindowsHookExA 77556D0C 5 Bytes JMP 000F0600

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1632] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72A10790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3276] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [72A10790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00190090

IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetFocus] 002F0790

IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] @ C:\Windows\system32\SHELL32.dll [uSER32.dll!GetKeyState] 002F07D0

IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00190090

IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5844] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00190090

---- Devices - GMER 2.1 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Tempo de Execução da Estrutura de Driver em Modo Kernel/Microsoft Corporation)

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5531F59C-9DD6-4424-9B29-FD4B7716E98E}@LeaseObtainedTime 1373515464

Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5531F59C-9DD6-4424-9B29-FD4B7716E98E}@T1 1373558664

Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5531F59C-9DD6-4424-9B29-FD4B7716E98E}@T2 1373591064

Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5531F59C-9DD6-4424-9B29-FD4B7716E98E}@LeaseTerminatesTime 1373601864

Reg HKLM\SYSTEM\CurrentControlSet\services\{5531F59C-9DD6-4424-9B29-FD4B7716E98E}\Parameters\Tcpip@LeaseObtainedTime 1373515464

Reg HKLM\SYSTEM\CurrentControlSet\services\{5531F59C-9DD6-4424-9B29-FD4B7716E98E}\Parameters\Tcpip@T1 1373558664

Reg HKLM\SYSTEM\CurrentControlSet\services\{5531F59C-9DD6-4424-9B29-FD4B7716E98E}\Parameters\Tcpip@T2 1373591064

Reg HKLM\SYSTEM\CurrentControlSet\services\{5531F59C-9DD6-4424-9B29-FD4B7716E98E}\Parameters\Tcpip@LeaseTerminatesTime 1373601864

Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{A3B609FC-E0BB-11E1-9511-806E6F6E6963} 1753434576

---- Files - GMER 2.1 ----

File C:\Users\ivana\Desktop\dds.scr 688992 bytes executable

File C:\Users\ivana\Desktop\dds.txt 22697 bytes

File C:\Users\ivana\Desktop\esetsmartinstaller_enu.exe 2347384 bytes executable

File C:\Windows\TEMP\_avast_\unp129047938.tmp 0 bytes

File C:\Windows\TEMP\_avast_\unp172250244.tmp 162318 bytes

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você leu o tópico "Leia Antes de Postar" ?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Basicamente esta parte:

Não responda ao seu próprio tópico mantendo-o com zero resposta, ou seja, ele deve conter incialmente um ÚNICO post. Caso passe disso fará com que os Analistas julguem que o mesmo já foi respondido por outro colega Analista, sendo que estes NÃO será analisado!

Poste um log do DDS atualizado.

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×