Ir ao conteúdo
  • Cadastre-se
jmtodos

ajuda para remoção de malware

Recommended Posts

Olá pessoal, estou com o seguinte problema, as pastas do pendrive foram transformadas em atalho e fica aparecendo a seguinte mensagem do avast:

objeto: http://etpsoprc.ru/a/

infecção: URL:Mal

processo: c:\windows\system32\wscript.exe

No pendrive segui um tutorial e consegui fazer as pastas voltarem ao normal mas não sei se o vírus foi removido.

Segui os passos 1, 2 e 3 para Remoção de Malware aqui do fórum e vou colocar os resultados aqui do DDS, attach e gmer.

Agradeço desde já qualquer ajuda.

dds.txt

attach.txt

gmer.txt.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.45.2

Run by jmtodos at 16:45:16 on 2013-12-04

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.6009.4017 [GMT -2:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe

C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe

C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe

C:\Windows\System32\WScript.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.orbitdownloader.com

BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

BHO: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

uRun: [Viber] "C:\Users\jmtodos\AppData\Local\Viber\Viber.exe" StartMinimized

uRun: [Facebook Update] "C:\Users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [8f7a] C:\Users\jmtodos\AppData\Roaming\99\8f7a.js

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\1c725855-43c1-4340-9cc7-e440ab5be634.exe /check

StartupFolder: C:\Users\jmtodos\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ARCGIS~1.LNK - C:\Cracked License Manager 10\start_lic_mgr_invisible.vbs

StartupFolder: C:\Users\jmtodos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dc38.js

StartupFolder: C:\Users\jmtodos\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &B&aixar &com o BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &B&aixar tudo usando o BitComet - C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm

IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206

TCP: NameServer = 10.0.0.1

TCP: Interfaces\{04FD13F6-6A72-4CD7-9DFC-07907076DDA7} : DHCPNameServer = 10.13.246.1

TCP: Interfaces\{E60B2F29-7881-4E5F-A372-87AF5F817B16} : DHCPNameServer = 10.0.0.1

TCP: Interfaces\{E60B2F29-7881-4E5F-A372-87AF5F817B16}\36C6162796373756 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{E60B2F29-7881-4E5F-A372-87AF5F817B16}\75942554C454353502341435140282D41435953592 : DHCPNameServer = 192.168.254.254

TCP: Interfaces\{E60B2F29-7881-4E5F-A372-87AF5F817B16}\C6162696D647F6D2D65647 : DHCPNameServer = 200.17.161.60 200.17.161.170

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll

SSODL: WebCheck - <orphaned>

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\jmtodos\AppData\Roaming\Mozilla\Firefox\Profiles\tkw5f32h.default-1382888034152\

FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dll

FF - plugin: C:\Users\jmtodos\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\jmtodos\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll

FF - ExtSQL: 2013-10-21 22:47; fmconverter@gmail.com; C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF - ExtSQL: 2013-10-24 14:46; {87F8774F-B485-47E2-A755-A40A8A5E8874}; C:\Users\jmtodos\AppData\Local\GAS Tecnologia\GBBD\abn\sf.xpi

.

============= SERVICES / DRIVERS ===============

.

R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-2 65336]

R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-9-2 189936]

R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-9-1 645952]

R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-9-1 27456]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2013-3-9 30496]

R0 rtcrfilt64;Realtek Turbo Mode Filter Driver;C:\Windows\System32\drivers\rtcrfilt64.sys [2013-9-2 19600]

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-9-2 1030952]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-9-2 378944]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2013-9-1 98208]

R2 ArcGIS License Manager;ArcGIS License Manager;C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [2008-11-6 1500424]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-9-2 33400]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-9-2 80816]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-10-16 219776]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-2 46808]

R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-11-12 196616]

R2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-9-1 7168]

R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-9-2 2464400]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-9-2 165760]

R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe [2013-9-3 1922600]

R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-9-1 201872]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2012-5-30 16168]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-9-2 364416]

R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-10-16 327296]

R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-9-1 81536]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-10-16 36480]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-10-16 341120]

R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-10-16 111232]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-10-16 30848]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-10-16 168064]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-10-16 68736]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-10-16 281728]

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-10-16 551040]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-9-2 283064]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2013-9-1 342528]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-9-1 726160]

R3 SmbDrvI;SmbDrvI;C:\Windows\System32\drivers\Smb_driver_Intel.sys [2013-9-1 31032]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]

S3 IDL DicomEx Storage SCP;IDL DicomEx Storage SCP;C:\RSI\IDL63\bin\bin.x86\idl_dicomexstorscp.exe [2006-3-27 49152]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-11-27 111616]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUVStor.sys [2013-9-2 317584]

S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]

S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-5-30 149544]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-2 1255736]

.

=============== Created Last 30 ================

.

2013-12-03 10:07:44 10285968 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9F475DF-3576-47CF-8F56-0556DE83D6EB}\mpengine.dll

2013-11-29 00:23:39 -------- d-----w- C:\Program Files\gs

2013-11-29 00:22:00 -------- d-----w- C:\Program Files\Ghostgum

2013-11-28 03:41:50 -------- d-sh--w- C:\$RECYCLE.BIN

2013-11-18 18:43:38 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery

2013-11-14 22:25:30 -------- d-----w- C:\Program Files (x86)\EatCam

2013-11-14 13:03:41 1474048 ----a-w- C:\Windows\System32\crypt32.dll

2013-11-14 13:03:41 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-11-14 13:03:08 497152 ----a-w- C:\Windows\System32\drivers\afd.sys

2013-11-14 13:00:44 404480 ----a-w- C:\Windows\System32\gdi32.dll

2013-11-14 13:00:44 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll

2013-11-14 12:59:35 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL

2013-11-14 12:59:35 830464 ----a-w- C:\Windows\System32\nshwfp.dll

2013-11-14 12:59:35 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll

2013-11-14 12:59:35 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL

2013-11-14 12:59:35 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL

2013-11-06 00:07:29 -------- d-----w- C:\Users\jmtodos\AppData\Roaming\ProgSense

2013-11-06 00:07:01 -------- d-----w- C:\Program Files (x86)\Orbitdownloader

2013-11-04 22:53:43 -------- d-----w- C:\ProgramData\Canneverbe Limited

2013-11-04 22:53:34 -------- d-----w- C:\Users\jmtodos\AppData\Roaming\Canneverbe Limited

.

==================== Find3M ====================

.

2013-11-11 07:50:16 267936 ------w- C:\Windows\System32\MpSigStub.exe

2013-10-22 00:32:30 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-08 09:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll

2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll

2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll

2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll

2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll

2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll

2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll

2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll

2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll

2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll

2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe

2013-09-24 06:51:43 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll

2013-09-24 06:51:42 973736 ----a-w- C:\Windows\System32\deployJava1.dll

2013-09-24 06:51:42 1095080 ----a-w- C:\Windows\System32\npDeployJava1.dll

2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll

2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll

.

============= FINISH: 16:45:45,35 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 01/09/2013 16:10:50

System Uptime: 04/12/2013 16:37:24 (0 hours ago)

.

Motherboard: Dell Inc. | | 0W3XHM

Processor: Intel® Core i5-3337U CPU @ 1.80GHz | SOCKET 0 | 1801/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 150 GiB total, 92,194 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 684 GiB total, 587,873 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Controlador USB (Universal Serial Bus)

Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_05911028&REV_04\3&11583659&0&A0

Manufacturer:

Name: Controlador USB (Universal Serial Bus)

PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_05911028&REV_04\3&11583659&0&A0

Service:

.

==== System Restore Points ===================

.

RP47: 19/11/2013 08:17:41 - Windows Update

RP48: 22/11/2013 11:52:12 - Windows Update

RP49: 26/11/2013 18:27:10 - Windows Update

RP50: 27/11/2013 01:58:01 - Windows Update

RP51: 03/12/2013 08:07:22 - Windows Update

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader XI (11.0.05) - Português

ArcGIS Desktop 10

ArcGIS License Manager 10

Atheros Bluetooth Suite (64)

Atualizações da NVIDIA 1.11.3

avast! Free Antivirus

AVI ReComp 1.5.5

AviSynth 2.5

BitComet 1.36

CCleaner

CDBurnerXP

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

DAEMON Tools Lite

Dell Digital Delivery

Dell Touchpad

Dell WLAN and Bluetooth Client Installation

Dropbox

EatCam Webcam Recorder 5.0 for MSN

Facebook Video Calling 1.2.0.287

Freemake Video Converter versão 4.1.0

Google Chrome

Google Earth

Google Update Helper

GPL Ghostscript

GSview 5.0

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

Intel® SDK for OpenCL - CPU Only Runtime Package

Intel® Trusted Connect Service Client

Java 7 Update 40 (64-bit)

Java 7 Update 45

Java Auto Updater

KMP Service

LG PC Suite

LG United Mobile Drivers

Módulo de Proteção Santander 3.2.0.2

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft SQL Server 2008 Native Client

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Monitor da tecnologia Intel® Turbo Boost 2.6

Mozilla Firefox 25.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NVIDIA Driver de gráficos 311.00

NVIDIA Install Application

NVIDIA Optimus 1.11.3

NVIDIA Update Components

Orbit Downloader

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Painel de controle da NVIDIA 311.00

PokerStars

Quickset64

Realtek Ethernet Controller All-In-One Windows Driver

Realtek High Definition Audio Driver

Realtek USB 2.0 Card Reader

RSI ENVI 4.3

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Skype™ 6.10

The KMPlayer (remove only)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Viber

VobSub 2.23

Winamp

Winamp Detectar Aplicação

WinRAR 4.20 (32-bit)

WinRAR 5.00 (64-bit)

Xvid Video Codec

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não estou conseguindo colar o gmer aqui, quando clico em enviar a pagina começa a carregar e fica toda branca e nada é enviado.

Poderia ser porque possui muitas linhas?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro jmtodos

Poste o log do Gmer em vários posts ;)

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-12-04 17:12:29

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006f ATA_____ rev.0004 931,51GB

Running: g-mer.exe; Driver: C:\Users\jmtodos\AppData\Local\Temp\pwrdypod.sys

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\wininit.exe[588] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\services.exe[656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\winlogon.exe[692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[856] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\nvvsvc.exe[932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\System32\svchost.exe[128] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\System32\svchost.exe[408] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[536] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[620] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\AUDIODG.EXE[1036] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe[1180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1204] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1276] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\WLANExt.exe[1392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1484] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\nvvsvc.exe[1492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\System32\spoolsv.exe[1812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[1840] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001001501f8

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001001503fc

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100150804

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100150600

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100150a08

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 0000000100161014

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100160804

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100160a08

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100160c0c

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100160e10

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001001601f8

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001001603fc

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1916] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100160600

.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1712] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1712] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1712] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1712] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe[1712] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 0000000100241014

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100240804

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100240a08

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100240c0c

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100240e10

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001002401f8

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001002403fc

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100240600

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001002501f8

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001002503fc

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100250804

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100250600

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2060] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100250a08

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 00000001001d0600

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 00000001001d0804

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 00000001001d0c0c

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 00000001001d0a08

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 00000001001d0e10

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001001d01f8

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001001d03fc

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 0000000100261014

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100260804

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100260a08

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100260c0c

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100260e10

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001002601f8

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001002603fc

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100260600

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001003e01f8

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001003e03fc

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 00000001003e0804

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 00000001003e0600

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe[2136] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 00000001003e0a08

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 000000010031075c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001003103a4

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 0000000100310b14

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 0000000100310ecc

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 000000010031163c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 0000000100311284

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001003119f4

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe[2148] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 000000010044075c

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001004403a4

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 0000000100440b14

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 0000000100440ecc

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 000000010044163c

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 0000000100441284

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001004419f4

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Program Files\Intel\iCLS Client\HeciServer.exe[2188] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001001001f8

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001001003fc

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100100804

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100100600

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100100a08

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 0000000100111014

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100110804

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100110a08

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100110c0c

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100110e10

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001001101f8

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001001103fc

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe[2384] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100110600

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 00000001001d0600

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 00000001001d0804

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 00000001001d0c0c

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 00000001001d0a08

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 00000001001d0e10

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001001d01f8

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001001d03fc

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001001e01f8

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001001e03fc

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 00000001001e0804

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 00000001001e0600

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 00000001001e0a08

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 00000001001f1014

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 00000001001f0804

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 00000001001f0a08

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 00000001001f0c0c

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 00000001001f0e10

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001001f01f8

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001001f03fc

.text C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe[2540] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 00000001001f0600

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001002401f8

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001002403fc

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100240804

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100240600

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100240a08

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 3 bytes JMP 0000000100251014

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 4 0000000077545185 1 byte [88]

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100250804

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100250a08

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100250c0c

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100250e10

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001002501f8

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001002503fc

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPService.exe[2568] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100250600

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001001f075c

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001001f03a4

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001001f0b14

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001001f0ecc

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001001f163c

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001001f1284

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001001f19f4

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\system32\Dwm.exe[2772] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001001c075c

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001001c03a4

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001001c0b14

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001001c0ecc

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001001c163c

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001001c1284

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001001c19f4

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\system32\taskhost.exe[2816] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Windows\system32\svchost.exe[2952] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[2952] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\system32\svchost.exe[2952] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\system32\svchost.exe[2952] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\system32\svchost.exe[2952] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\system32\svchost.exe[2952] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\system32\svchost.exe[2952] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\system32\svchost.exe[2952] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\system32\svchost.exe[2952] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001003f075c

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001003f03a4

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001003f0b14

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001003f0ecc

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001003f163c

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001003f1284

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001003f19f4

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\System32\svchost.exe[3024] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100240600

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100240804

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100240c0c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100240a08

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100240e10

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001002401f8

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001002403fc

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001002501f8

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001002503fc

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100250804

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100250600

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100250a08

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 0000000100261014

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100260804

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100260a08

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100260c0c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100260e10

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001002601f8

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001002603fc

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe[2620] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100260600

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001002401f8

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001002403fc

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100240804

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100240600

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100240a08

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 00000001002d1014

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 00000001002d0804

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 00000001002d0a08

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 00000001002d0c0c

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 00000001002d0e10

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001002d01f8

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001002d03fc

.text C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe[2980] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 00000001002d0600

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 000000010018075c

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001001803a4

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 0000000100180b14

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 0000000100180ecc

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 000000010018163c

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 0000000100181284

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001001819f4

.text C:\Windows\Explorer.EXE[3300] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\Explorer.EXE[3300] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\system32\svchost.exe[3476] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001002401f8

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001002403fc

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100240804

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100240600

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100240a08

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 3 bytes JMP 0000000100251014

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 4 0000000077545185 1 byte [88]

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100250804

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100250a08

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100250c0c

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100250e10

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001002501f8

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001002503fc

.text C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3608] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100250600

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001001b075c

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001001b03a4

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001001b0b14

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001001b0ecc

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001001b163c

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001001b1284

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001001b19f4

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\system32\svchost.exe[3664] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Windows\system32\svchost.exe[3876] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\system32\svchost.exe[3876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\system32\svchost.exe[3876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\system32\svchost.exe[3876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\system32\svchost.exe[3876] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\system32\svchost.exe[3876] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\system32\svchost.exe[3876] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\system32\svchost.exe[3876] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001003b075c

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001003b03a4

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001003b0b14

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001003b0ecc

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001003b163c

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001003b1284

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001003b19f4

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\system32\wbem\wmiprvse.exe[3968] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 000000010036075c

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001003603a4

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 0000000100360b14

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 0000000100360ecc

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 000000010036163c

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 0000000100361284

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001003619f4

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\System32\rundll32.exe[4040] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001002e075c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001002e03a4

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001002e0b14

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001002e0ecc

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001002e163c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001002e1284

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001002e19f4

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe[4020] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001004f075c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001004f03a4

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001004f0b14

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001004f0ecc

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001004f163c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001004f1284

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001004f19f4

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe[3892] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 000000010030075c

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001003003a4

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 0000000100300b14

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 0000000100300ecc

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 000000010030163c

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 0000000100301284

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001003019f4

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\system32\SearchIndexer.exe[980] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 000000010043075c

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001004303a4

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 0000000100430b14

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 0000000100430ecc

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 000000010043163c

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 0000000100431284

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001004319f4

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe[3264] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001003f075c

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001003f03a4

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001003f0b14

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001003f0ecc

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001003f163c

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001003f1284

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001003f19f4

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[1360] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001002e075c

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001002e03a4

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001002e0b14

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001002e0ecc

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001002e163c

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001002e1284

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001002e19f4

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\System32\igfxtray.exe[3856] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001002e075c

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001002e03a4

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001002e0b14

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001002e0ecc

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001002e163c

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001002e1284

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001002e19f4

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\System32\hkcmd.exe[4084] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 000000010040075c

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001004003a4

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 0000000100400b14

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 0000000100400ecc

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 000000010040163c

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 0000000100401284

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001004019f4

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\System32\igfxpers.exe[3900] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001001e075c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001001e03a4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001001e0b14

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001001e0ecc

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001001e163c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001001e1284

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001001e19f4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[4112] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

Compartilhar este post


Link para o post
Compartilhar em outros sites

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001007f075c

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001007f03a4

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001007f0b14

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001007f0ecc

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001007f163c

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001007f1284

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001007f19f4

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[4400] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4408] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001002401f8

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001002403fc

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100240804

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100240600

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100240a08

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 00000001002d1014

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 00000001002d0804

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 00000001002d0a08

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 00000001002d0c0c

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 00000001002d0e10

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001002d01f8

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001002d03fc

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 00000001002d0600

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_http_auth_create_response + 294 000000006ab32c36 4 bytes [24, D9, B9, 68]

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_mp4_read_dec_config_descr + 435 000000006ab37e43 4 bytes [74, 4C, 09, 66]

.text C:\Program Files (x86)\PANDORA.TV\PanService\KMPProcess.exe[4524] C:\Program Files (x86)\PANDORA.TV\PanService\avformat-53.dll!ff_nut_add_sp + 70 000000006ab75de6 4 bytes [20, EF, B9, 68]

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001003e075c

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001003e03a4

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001003e0b14

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001003e0ecc

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001003e163c

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001003e1284

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001003e19f4

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\System32\WScript.exe[4744] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[4848] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 3 bytes JMP 0000000100251014

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 4 0000000077545185 1 byte [88]

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100250804

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100250a08

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100250c0c

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100250e10

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001002501f8

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001002503fc

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100250600

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001002601f8

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001002603fc

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100260804

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100260600

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4512] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100260a08

.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4456] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4456] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4456] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4456] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4456] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001001d01f8

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001001d03fc

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 00000001001d0804

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 00000001001d0600

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 00000001001d0a08

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 0000000100261014

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100260804

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100260a08

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100260c0c

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100260e10

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001002601f8

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001002603fc

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100260600

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076091465 2 bytes [09, 76]

.text C:\Users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe[1236] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000760914bb 2 bytes [09, 76]

.text ... * 2

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 0000000100101014

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100100804

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100100a08

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100100c0c

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100100e10

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001001001f8

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001001003fc

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100100600

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001001101f8

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001001103fc

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100110804

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100110600

.text C:\Windows\sysWOW64\wbem\wmiprvse.exe[5380] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100110a08

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 000000010026075c

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001002603a4

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 0000000100260b14

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 0000000100260ecc

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 000000010026163c

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 0000000100261284

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001002619f4

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Windows\System32\svchost.exe[5960] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 00000001000a1014

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 00000001000a0804

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 00000001000a0a08

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 00000001000a0c0c

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 00000001000a0e10

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001000a01f8

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001000a03fc

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 00000001000a0600

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001000f01f8

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001000f03fc

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 00000001000f0804

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 00000001000f0600

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe[5260] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 00000001000f0a08

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 0000000100101014

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100100804

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100100a08

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100100c0c

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100100e10

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001001001f8

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001001003fc

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100100600

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001002501f8

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001002503fc

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100250804

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100250600

.text c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe[5136] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100250a08

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 0000000100141014

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100140804

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100140a08

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100140c0c

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100140e10

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001001401f8

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001001403fc

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100140600

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001001501f8

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001001503fc

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100150804

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100150600

.text C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe[3396] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100150a08

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077a23b10 5 bytes JMP 00000001002f075c

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077a27ac0 5 bytes JMP 00000001002f03a4

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077a51430 5 bytes JMP 00000001002f0b14

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077a51490 5 bytes JMP 00000001002f0ecc

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077a51570 5 bytes JMP 00000001002f163c

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 0000000077a517b0 5 bytes JMP 00000001002f1284

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077a527e0 5 bytes JMP 00000001002f19f4

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007793eecd 1 byte [62]

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefe146e00 5 bytes JMP 000007ff7e161dac

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefe146f2c 5 bytes JMP 000007ff7e160ecc

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefe147220 5 bytes JMP 000007ff7e161284

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefe14739c 5 bytes JMP 000007ff7e16163c

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefe147538 5 bytes JMP 000007ff7e1619f4

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefe1475e8 5 bytes JMP 000007ff7e1603a4

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefe14790c 5 bytes JMP 000007ff7e16075c

.text C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe[3348] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefe147ab4 5 bytes JMP 000007ff7e160b14

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 0000000100101014

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100100804

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100100a08

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100100c0c

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100100e10

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001001001f8

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001001003fc

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100100600

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001001901f8

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001001903fc

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100190804

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100190600

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe[5716] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100190a08

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 0000000077bffac0 5 bytes JMP 0000000100030600

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 0000000077bffb58 5 bytes JMP 0000000100030804

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000077bffcb0 5 bytes JMP 0000000100030c0c

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077c00038 5 bytes JMP 0000000100030a08

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077c01920 5 bytes JMP 0000000100030e10

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 0000000077c1c4dd 5 bytes JMP 00000001000301f8

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077c21287 5 bytes JMP 00000001000303fc

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000077545181 5 bytes JMP 0000000100181014

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000077545254 5 bytes JMP 0000000100180804

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000775453d5 5 bytes JMP 0000000100180a08

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000775454c2 5 bytes JMP 0000000100180c0c

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000775455e2 5 bytes JMP 0000000100180e10

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007754567c 5 bytes JMP 00000001001801f8

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007754589f 5 bytes JMP 00000001001803fc

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000077545a22 5 bytes JMP 0000000100180600

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\USER32.dll!SetWinEventHook 0000000075b6ee09 5 bytes JMP 00000001001901f8

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000075b73982 5 bytes JMP 00000001001903fc

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075b77603 5 bytes JMP 0000000100190804

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 0000000075b7835c 5 bytes JMP 0000000100190600

.text C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe[6016] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075b8f52b 5 bytes JMP 0000000100190a08

.text C:\Users\jmtodos\Desktop\gmer\g-mer.exe[6484] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007734a2ba 1 byte [62]

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk@Tag 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswFsBlk

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswMonFlt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRdr

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@DisplayName aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt@Description avast! Revert

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@BootCounter 173

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@TickCounter 4089798

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt\Parameters@ImproperShutdown 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswRvrt

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Type 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx@Tag 2

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSnx

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@BehavShield 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP\Parameters@NoWelcomeScreen 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswSP

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Start 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DisplayName avast! Network Shield Support

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Description avast! Network Shield TDI driver

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi@Tag 10

Reg HKLM\SYSTEM\CurrentControlSet\services\aswTdi

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Type 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Start 0

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@DisplayName aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm\Parameters

Reg HKLM\SYSTEM\CurrentControlSet\services\aswVmm

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Type 32

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

Reg HKLM\SYSTEM\CurrentControlSet\services\avast! Antivirus

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c84dcd548f6

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DisplayName aswFsBlk

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Group FSFilter Activity Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Description avast! mini-filter driver (aswFsBlk)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk@Tag 2

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances@DefaultInstance aswFsBlk Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Altitude 388400

Reg HKLM\SYSTEM\ControlSet002\services\aswFsBlk\Instances\aswFsBlk Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@ImagePath \??\C:\Windows\system32\drivers\aswMonFlt.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DisplayName aswMonFlt

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Group FSFilter Anti-Virus

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt@Description avast! mini-filter driver (aswMonFlt)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances@DefaultInstance aswMonFlt Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Altitude 320700

Reg HKLM\SYSTEM\ControlSet002\services\aswMonFlt\Instances\aswMonFlt Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ImagePath \SystemRoot\System32\Drivers\aswrdr2.sys

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DisplayName aswRdr

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Group PNP_TDI

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@DependOnService tcpip?

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr@Description avast! WFP Redirect driver

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@MSIgnoreLSPDefault

Reg HKLM\SYSTEM\ControlSet002\services\aswRdr\Parameters@WSIgnoreLSPDefault nl_lsp.dll,imon.dll,xfire_lsp.dll,mslsp.dll,mssplsp.dll,cwhook.dll,spi.dll,bmnet.dll,winsflt.dll

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Start 0

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@DisplayName aswRvrt

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt@Description avast! Revert

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@BootCounter 173

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@TickCounter 4089798

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@SystemRoot \Device\Harddisk0\Partition2\Windows

Reg HKLM\SYSTEM\ControlSet002\services\aswRvrt\Parameters@ImproperShutdown 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Type 2

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DisplayName aswSnx

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Group FSFilter Virtualization

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@DependOnService FltMgr?

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Description avast! virtualization driver (aswSnx)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx@Tag 2

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances@DefaultInstance aswSnx Instance

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Altitude 137600

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Instances\aswSnx Instance@Flags 0

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSnx\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@DisplayName aswSP

Reg HKLM\SYSTEM\ControlSet002\services\aswSP@Description avast! Self Protection

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@BehavShield 1

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFolder \DosDevices\C:\Program Files\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@DataFolder \DosDevices\C:\ProgramData\AVAST Software\Avast

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@ProgramFilesFolder \DosDevices\C:\Program Files

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@GadgetFolder \DosDevices\C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget

Reg HKLM\SYSTEM\ControlSet002\services\aswSP\Parameters@NoWelcomeScreen 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Start 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DisplayName avast! Network Shield Support

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Group PNP_TDI

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@DependOnService tcpip?

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Description avast! Network Shield TDI driver

Reg HKLM\SYSTEM\ControlSet002\services\aswTdi@Tag 10

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Type 1

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Start 0

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@DisplayName aswVmm

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm@Description avast! VM Monitor

Reg HKLM\SYSTEM\ControlSet002\services\aswVmm\Parameters (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Type 32

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Start 2

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ErrorControl 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ImagePath "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DisplayName avast! Antivirus

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Group ShellSvcGroup

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@DependOnService aswMonFlt?RpcSS?

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@WOW64 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ObjectName LocalSystem

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@ServiceSidType 1

Reg HKLM\SYSTEM\ControlSet002\services\avast! Antivirus@Description Gerencia e executa os servi?os do antiv?rus avast! neste computador. Isto inclui os M?dulos residentes, a Quarentena e o Agendador.

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c84dcd548f6 (not active ControlSet)

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.0.8 (11.05.2013:1)

OS: Windows 7 Ultimate x64

Ran by jmtodos on 05/12/2013 at 17:39:16,59

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\orbit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&download by orbit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&grab video by orbit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\do&wnload selected by orbit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\down&load all by orbit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminent

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\orbit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iminent_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\orbit_is1

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\jmtodos\AppData\Roaming\baidu"

Successfully deleted: [Folder] "C:\Program Files (x86)\orbitdownloader"

~~~ FireFox

Emptied folder: C:\Users\jmtodos\AppData\Roaming\mozilla\firefox\profiles\tkw5f32h.default-1382888034152\minidumps [16 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 05/12/2013 at 17:46:53,48

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

O adwcleaner não está executando, nem como administrador.

Quando clico duas vezes ele só pisca.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Agora sim consegui executar.

# AdwCleaner v3.014 - Relatório criado 06/12/2013 às 14:17:08

# Atualizado 01/12/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)

# Usuário : jmtodos - JMBIZET

# Executando de : C:\Users\jmtodos\Downloads\adwc-leaner.exe

# Opção : Examinar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Users\jmtodos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Chave Encontrada : HKCU\Software\SIEN SA

Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Chave Encontrada : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]

Valor Encontrada : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v25.0.1 (pt-BR)

[ Arquivo : C:\Users\jmtodos\AppData\Roaming\Mozilla\Firefox\Profiles\tkw5f32h.default-1382888034152\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ Arquivo : C:\Users\jmtodos\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Encontrada : icon_url

Encontrada : search_url

Encontrada : suggest_url

Encontrada : keyword

*************************

AdwCleaner[R0].txt - [10600 octets] - [06/12/2013 14:17:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10661 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v3.014 - Relatório criado 06/12/2013 às 14:18:58

# Atualizado 01/12/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)

# Usuário : jmtodos - JMBIZET

# Executando de : C:\Users\jmtodos\Downloads\adwc-leaner.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Arquivo Deletada : C:\Users\jmtodos\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKCU\Software\SIEN SA

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]

Valor Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitnet.exe]

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16428

-\\ Mozilla Firefox v25.0.1 (pt-BR)

[ Arquivo : C:\Users\jmtodos\AppData\Roaming\Mozilla\Firefox\Profiles\tkw5f32h.default-1382888034152\prefs.js ]

-\\ Google Chrome v31.0.1650.63

[ Arquivo : C:\Users\jmtodos\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo : icon_url

Deletedo : search_url

Deletedo : suggest_url

Deletedo : keyword

*************************

AdwCleaner[R0].txt - [10922 octets] - [06/12/2013 14:17:08]

AdwCleaner[s0].txt - [10447 octets] - [06/12/2013 14:18:58]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10508 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-11-27.01 - jmtodos 06/12/2013 14:44:28.3.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.6009.4382 [GMT -2:00]

Executando de: c:\users\jmtodos\Downloads\Combo-Fix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-06 to 2013-12-06 ))))))))))))))))))))))))))))

.

.

2013-12-06 16:52 . 2013-12-06 16:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-12-06 16:52 . 2013-12-06 16:52 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-12-06 16:52 . 2013-12-06 16:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-06 16:52 . 2013-12-06 16:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-12-06 16:21 . 2013-12-06 16:54 47108 ----a-w- c:\users\jmtodos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\de38d.js

2013-12-05 19:53 . 2013-12-06 16:19 -------- d-----w- C:\AdwCleaner

2013-12-05 19:39 . 2013-12-05 19:39 -------- d-----w- c:\windows\ERUNT

2013-12-04 22:22 . 2013-12-04 22:22 -------- d-----w- c:\users\jmtodos\AppData\Local\ElevatedDiagnostics

2013-12-03 10:07 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9F475DF-3576-47CF-8F56-0556DE83D6EB}\mpengine.dll

2013-11-29 00:23 . 2013-11-29 00:23 -------- d-----w- c:\program files\gs

2013-11-29 00:22 . 2013-11-29 00:22 -------- d-----w- c:\program files\Ghostgum

2013-11-27 04:03 . 2013-10-14 20:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-11-18 18:43 . 2013-11-18 18:43 -------- d-----w- c:\program files (x86)\Dell Digital Delivery

2013-11-14 22:25 . 2013-11-14 22:25 -------- d-----w- c:\program files (x86)\EatCam

2013-11-14 13:03 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-11-14 13:03 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-11-14 13:03 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-11-14 13:00 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-11-14 13:00 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-11-14 12:59 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-11-14 12:59 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-11-14 12:59 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-11-14 12:59 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-11-14 12:59 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-15 05:00 . 2013-09-02 17:31 82896128 ----a-w- c:\windows\system32\MRT.exe

2013-11-11 07:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-10-22 00:32 . 2013-09-02 02:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-08 09:50 . 2013-11-01 15:20 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-09-24 06:51 . 2013-09-24 06:51 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-09-24 06:51 . 2013-09-24 06:51 973736 ----a-w- c:\windows\system32\deployJava1.dll

2013-09-24 06:51 . 2013-09-24 06:51 312744 ----a-w- c:\windows\system32\javaws.exe

2013-09-24 06:51 . 2013-09-24 06:51 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-09-24 06:51 . 2013-09-24 06:51 189352 ----a-w- c:\windows\system32\javaw.exe

2013-09-24 06:51 . 2013-09-24 06:51 189352 ----a-w- c:\windows\system32\java.exe

2013-09-08 02:30 . 2013-10-10 00:49 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:27 . 2013-10-10 00:49 327168 ----a-w- c:\windows\system32\mswsock.dll

2013-09-08 02:03 . 2013-10-10 00:49 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"8f7a"="c:\users\jmtodos\AppData\Roaming\99\8f7a.js" [X]

"Viber"="c:\users\jmtodos\AppData\Local\Viber\Viber.exe" [2013-07-31 912904]

"Facebook Update"="c:\users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-09-21 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-16 56128]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\1c725855-43c1-4340-9cc7-e440ab5be634.exe" [2013-11-23 180184]

.

c:\users\jmtodos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ArcGIS License Manager 10 CRACKED.lnk - c:\cracked license manager 10\start_lic_mgr_invisible.vbs [2013-9-30 174]

df.js [2013-12-6 47108]

Dropbox.lnk - c:\users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x]

R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IDL DicomEx Storage SCP;IDL DicomEx Storage SCP;c:\rsi\IDL63\bin\bin.x86\idl_dicomexstorscp.exe;c:\rsi\IDL63\bin\bin.x86\idl_dicomexstorscp.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 rtcrfilt64;Realtek Turbo Mode Filter Driver;c:\windows\system32\DRIVERS\rtcrfilt64.sys;c:\windows\SYSNATIVE\DRIVERS\rtcrfilt64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

S2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 10:51 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02 00:32]

.

2013-12-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163358809-1814848239-1213952711-1000Core.job

- c:\users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-21 03:04]

.

2013-12-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163358809-1814848239-1213952711-1000UA.job

- c:\users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-21 03:04]

.

2013-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25 18:19]

.

2013-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25 18:19]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe" [2012-10-16 1023104]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe" [2012-10-16 801920]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-19 1253520]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-05 170304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-05 398656]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-05 441152]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.orbitdownloader.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &B&aixar &com o BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &B&aixar tudo usando o BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\jmtodos\AppData\Roaming\Mozilla\Firefox\Profiles\tkw5f32h.default-1382888034152\

FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-10-21 22:47; fmconverter@gmail.com; c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF - ExtSQL: 2013-10-24 14:46; {87F8774F-B485-47E2-A755-A40A8A5E8874}; c:\users\jmtodos\AppData\Local\GAS Tecnologia\GBBD\abn\sf.xpi

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-06 15:04:14

ComboFix-quarantined-files.txt 2013-12-06 17:04

ComboFix2.txt 2013-11-28 03:41

.

Pré-execução: 98.908.786.688 bytes disponíveis

Pós execução: 101.922.574.336 bytes disponíveis

.

- - End Of File - - C0491D24CFFF8D079B44045B63425D57

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro jmtodos

De acordo com as instruções que lhe passei o ComboFix deve ser executado diretamente no Desktop. No entanto, veja de onde executou:

c:\users\jmtodos\Downloads\Combo-Fix.exe
E por que o arquivo está desta forma: Combo-Fix.exe?

Delete o ComboFix.exe dessa pasta, salve outro para o Desktop e siga os procedimentos abaixo:

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
c:\users\jmtodos\AppData\Roaming\99\8f7a.js
c:\users\jmtodos\AppData\Local\Viber\Viber.exe
c:\windows\SYSNATIVE\drivers\BprotectEx.sys
c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys

Folder::
c:\users\jmtodos\AppData\Local\Viber
c:\users\jmtodos\AppData\Roaming\99
c:\program files (x86)\Baidu Security

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8f7a"=-
"Viber"=-

Driver::
BprotectEx
PCFApiUtil


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-12-07.01 - jmtodos 07/12/2013 18:56:27.4.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.6009.3631 [GMT -2:00]

Executando de: c:\users\jmtodos\Desktop\Combo-Fix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-07 to 2013-12-07 ))))))))))))))))))))))))))))

.

.

2013-12-07 21:01 . 2013-12-07 21:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-12-07 21:01 . 2013-12-07 21:01 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-12-07 21:01 . 2013-12-07 21:01 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-07 21:01 . 2013-12-07 21:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-12-07 21:00 . 2013-12-07 21:01 47108 ----a-w- c:\users\jmtodos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d338.js

2013-12-07 14:22 . 2013-12-07 14:22 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDB36300-0208-4ED5-8294-4AE2D8BA97E0}\offreg.dll

2013-12-06 19:57 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDB36300-0208-4ED5-8294-4AE2D8BA97E0}\mpengine.dll

2013-12-05 19:53 . 2013-12-06 16:19 -------- d-----w- C:\AdwCleaner

2013-12-05 19:39 . 2013-12-05 19:39 -------- d-----w- c:\windows\ERUNT

2013-12-04 22:22 . 2013-12-04 22:22 -------- d-----w- c:\users\jmtodos\AppData\Local\ElevatedDiagnostics

2013-11-29 00:23 . 2013-11-29 00:23 -------- d-----w- c:\program files\gs

2013-11-29 00:22 . 2013-11-29 00:22 -------- d-----w- c:\program files\Ghostgum

2013-11-27 04:03 . 2013-10-14 20:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-11-18 18:43 . 2013-11-18 18:43 -------- d-----w- c:\program files (x86)\Dell Digital Delivery

2013-11-14 22:25 . 2013-11-14 22:25 -------- d-----w- c:\program files (x86)\EatCam

2013-11-14 13:03 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-11-14 13:03 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-11-14 13:03 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-11-14 13:00 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-11-14 13:00 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-11-14 12:59 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-11-14 12:59 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-11-14 12:59 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-11-14 12:59 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-11-14 12:59 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-15 05:00 . 2013-09-02 17:31 82896128 ----a-w- c:\windows\system32\MRT.exe

2013-11-11 07:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-10-22 00:32 . 2013-09-02 02:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-08 09:50 . 2013-11-01 15:20 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-09-24 06:51 . 2013-09-24 06:51 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-09-24 06:51 . 2013-09-24 06:51 973736 ----a-w- c:\windows\system32\deployJava1.dll

2013-09-24 06:51 . 2013-09-24 06:51 312744 ----a-w- c:\windows\system32\javaws.exe

2013-09-24 06:51 . 2013-09-24 06:51 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-09-24 06:51 . 2013-09-24 06:51 189352 ----a-w- c:\windows\system32\javaw.exe

2013-09-24 06:51 . 2013-09-24 06:51 189352 ----a-w- c:\windows\system32\java.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"8f7a"="c:\users\jmtodos\AppData\Roaming\99\8f7a.js" [X]

"Viber"="c:\users\jmtodos\AppData\Local\Viber\Viber.exe" [2013-07-31 912904]

"Facebook Update"="c:\users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-09-21 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-16 56128]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\1c725855-43c1-4340-9cc7-e440ab5be634.exe" [2013-11-23 180184]

.

c:\users\jmtodos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ArcGIS License Manager 10 CRACKED.lnk - c:\cracked license manager 10\start_lic_mgr_invisible.vbs [2013-9-30 174]

d338.js [2013-12-7 47108]

Dropbox.lnk - c:\users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x]

R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IDL DicomEx Storage SCP;IDL DicomEx Storage SCP;c:\rsi\IDL63\bin\bin.x86\idl_dicomexstorscp.exe;c:\rsi\IDL63\bin\bin.x86\idl_dicomexstorscp.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 rtcrfilt64;Realtek Turbo Mode Filter Driver;c:\windows\system32\DRIVERS\rtcrfilt64.sys;c:\windows\SYSNATIVE\DRIVERS\rtcrfilt64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

S2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 10:51 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02 00:32]

.

2013-12-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163358809-1814848239-1213952711-1000Core.job

- c:\users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-21 03:04]

.

2013-12-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163358809-1814848239-1213952711-1000UA.job

- c:\users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-21 03:04]

.

2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25 18:19]

.

2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25 18:19]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe" [2012-10-16 1023104]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe" [2012-10-16 801920]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-19 1253520]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-05 170304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-05 398656]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-05 441152]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.orbitdownloader.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &B&aixar &com o BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &B&aixar tudo usando o BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\jmtodos\AppData\Roaming\Mozilla\Firefox\Profiles\tkw5f32h.default-1382888034152\

FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-10-21 22:47; fmconverter@gmail.com; c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF - ExtSQL: 2013-10-24 14:46; {87F8774F-B485-47E2-A755-A40A8A5E8874}; c:\users\jmtodos\AppData\Local\GAS Tecnologia\GBBD\abn\sf.xpi

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-07 19:03:09

ComboFix-quarantined-files.txt 2013-12-07 21:03

ComboFix2.txt 2013-12-06 17:04

ComboFix3.txt 2013-11-28 03:41

.

Pré-execução: 100.696.969.216 bytes disponíveis

Pós execução: 100.625.649.664 bytes disponíveis

.

- - End Of File - - 003734EA6959605801E295EA05E82279

Compartilhar este post


Link para o post
Compartilhar em outros sites

Acho que sei o que aconteceu, quando executei o combofix ele atualizou para uma versão mais nova o que deve ter tirado o script que tinha arrastado pra dentro dele, vou refazer aqui.

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-12-07.01 - jmtodos 07/12/2013 20:11:04.5.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.6009.4145 [GMT -2:00]

Executando de: c:\users\jmtodos\Desktop\Combo-Fix.exe

Comandos utilizados :: c:\users\jmtodos\Desktop\CFScript.txt

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys"

"c:\users\jmtodos\AppData\Local\Viber\Viber.exe"

"c:\users\jmtodos\AppData\Roaming\99\8f7a.js"

"c:\windows\system32\drivers\BprotectEx.sys"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\jmtodos\AppData\Local\Viber

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\D3DCompiler_43.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\iconengines\qsvgicon.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\icudt50.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\icuin50.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\icuuc50.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\imageformats\qgif.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\imageformats\qico.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\imageformats\qjpeg.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\imageformats\qmng.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\imageformats\qsvg.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\imageformats\qtga.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\imageformats\qtiff.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\imageformats\qwbmp.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\libEGL.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\libGLESv2.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\libViber.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\msvcp100.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\msvcr100.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\platforms\qminimal.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\platforms\qwindows.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5Core.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5Gui.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5Multimedia.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5MultimediaWidgets.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5Network.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5OpenGL.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5PrintSupport.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5Qml.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5Quick.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5Sql.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5Svg.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5V8.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5WebKit.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5WebKitWidgets.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Qt5Widgets.dll

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\0.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\0_h.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\0_t.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\1.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\2.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\3.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\4.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\5.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\6.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\7.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\8.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\9.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\asterisk.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\busy.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\call_ended_1a.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\call_ended_1b.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\hold.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\number.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\DTMF\ringing.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\Dynamic Box Close-01.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\Dynamic Box Open-01.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\loading_ends.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\loading_starts.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\Messages\incoming_bg.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\Messages\incoming_fg.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\Messages\outgoing_fg.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\Ringtone\ringtone.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\silence.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\slide_close_short.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\slide_open_short.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\transfer_confirm.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\Sound\transfer_in.wav

c:\users\jmtodos\AppData\Local\Viber\3.1.1.60\sqldrivers\qsqlite.dll

c:\users\jmtodos\AppData\Local\Viber\Helper.dll

c:\users\jmtodos\AppData\Local\Viber\launcher.db

c:\users\jmtodos\AppData\Local\Viber\log.log

c:\users\jmtodos\AppData\Local\Viber\msvcp100.dll

c:\users\jmtodos\AppData\Local\Viber\msvcr100.dll

c:\users\jmtodos\AppData\Local\Viber\Uninstall.exe

c:\users\jmtodos\AppData\Local\Viber\Viber.exe

c:\users\jmtodos\AppData\Roaming\99

c:\users\jmtodos\AppData\Roaming\99\8f7a.js

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_BPROTECTEX

-------\Legacy_PCFAPIUTIL

-------\Service_BprotectEx

-------\Service_PCFApiUtil

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-07 to 2013-12-07 ))))))))))))))))))))))))))))

.

.

2013-12-07 22:17 . 2013-12-07 22:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-12-07 22:17 . 2013-12-07 22:17 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-12-07 22:17 . 2013-12-07 22:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-07 22:17 . 2013-12-07 22:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-12-07 22:17 . 2013-12-07 22:17 -------- d-sh--w- c:\users\jmtodos\AppData\Roaming\99

2013-12-07 22:00 . 2013-12-07 22:17 47108 ----a-w- c:\users\jmtodos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\da3bd.js

2013-12-06 19:57 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDB36300-0208-4ED5-8294-4AE2D8BA97E0}\mpengine.dll

2013-12-05 19:53 . 2013-12-06 16:19 -------- d-----w- C:\AdwCleaner

2013-12-05 19:39 . 2013-12-05 19:39 -------- d-----w- c:\windows\ERUNT

2013-12-04 22:22 . 2013-12-04 22:22 -------- d-----w- c:\users\jmtodos\AppData\Local\ElevatedDiagnostics

2013-11-29 00:23 . 2013-11-29 00:23 -------- d-----w- c:\program files\gs

2013-11-29 00:22 . 2013-11-29 00:22 -------- d-----w- c:\program files\Ghostgum

2013-11-27 04:03 . 2013-10-14 20:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-11-18 18:43 . 2013-11-18 18:43 -------- d-----w- c:\program files (x86)\Dell Digital Delivery

2013-11-14 22:25 . 2013-11-14 22:25 -------- d-----w- c:\program files (x86)\EatCam

2013-11-14 13:03 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-11-14 13:03 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-11-14 13:03 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-11-14 13:00 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-11-14 13:00 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-11-14 12:59 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-11-14 12:59 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-11-14 12:59 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-11-14 12:59 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-11-14 12:59 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-15 05:00 . 2013-09-02 17:31 82896128 ----a-w- c:\windows\system32\MRT.exe

2013-11-11 07:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-10-22 00:32 . 2013-09-02 02:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-08 09:50 . 2013-11-01 15:20 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-09-24 06:51 . 2013-09-24 06:51 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-09-24 06:51 . 2013-09-24 06:51 973736 ----a-w- c:\windows\system32\deployJava1.dll

2013-09-24 06:51 . 2013-09-24 06:51 312744 ----a-w- c:\windows\system32\javaws.exe

2013-09-24 06:51 . 2013-09-24 06:51 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-09-24 06:51 . 2013-09-24 06:51 189352 ----a-w- c:\windows\system32\javaw.exe

2013-09-24 06:51 . 2013-09-24 06:51 189352 ----a-w- c:\windows\system32\java.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Facebook Update"="c:\users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-09-21 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-16 56128]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\1c725855-43c1-4340-9cc7-e440ab5be634.exe" [2013-11-23 180184]

.

c:\users\jmtodos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ArcGIS License Manager 10 CRACKED.lnk - c:\cracked license manager 10\start_lic_mgr_invisible.vbs [2013-9-30 174]

da3bd.js [2013-12-7 47108]

Dropbox.lnk - c:\users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IDL DicomEx Storage SCP;IDL DicomEx Storage SCP;c:\rsi\IDL63\bin\bin.x86\idl_dicomexstorscp.exe;c:\rsi\IDL63\bin\bin.x86\idl_dicomexstorscp.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 rtcrfilt64;Realtek Turbo Mode Filter Driver;c:\windows\system32\DRIVERS\rtcrfilt64.sys;c:\windows\SYSNATIVE\DRIVERS\rtcrfilt64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

S2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 10:51 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02 00:32]

.

2013-12-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163358809-1814848239-1213952711-1000Core.job

- c:\users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-21 03:04]

.

2013-12-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163358809-1814848239-1213952711-1000UA.job

- c:\users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-21 03:04]

.

2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25 18:19]

.

2013-12-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25 18:19]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe" [2012-10-16 1023104]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe" [2012-10-16 801920]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-19 1253520]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-05 170304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-05 398656]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-05 441152]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.orbitdownloader.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &B&aixar &com o BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &B&aixar tudo usando o BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\jmtodos\AppData\Roaming\Mozilla\Firefox\Profiles\tkw5f32h.default-1382888034152\

FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-10-21 22:47; fmconverter@gmail.com; c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF - ExtSQL: 2013-10-24 14:46; {87F8774F-B485-47E2-A755-A40A8A5E8874}; c:\users\jmtodos\AppData\Local\GAS Tecnologia\GBBD\abn\sf.xpi

.

- - - - ORFÃOS REMOVIDOS - - - -

.

AddRemove-Viber - c:\users\jmtodos\AppData\Local\Viber\uninstall.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files\AVAST Software\Avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe

c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\PANDORA.TV\PanService\KMPProcess.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-12-07 20:26:51 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-12-07 22:26

ComboFix2.txt 2013-12-07 21:03

ComboFix3.txt 2013-12-06 17:04

ComboFix4.txt 2013-11-28 03:41

.

Pré-execução: 100.715.909.120 bytes disponíveis

Pós execução: 100.066.562.048 bytes disponíveis

.

- - End Of File - - ED93727C40086077BC3AED295CDBE231

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro jmtodos

# Etapa nº 1 #

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

File::
c:\users\jmtodos\AppData\Roaming\99
c:\users\jmtodos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\da3bd.js

ADS::


  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

# Etapa nº 2 #

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-12-07.01 - jmtodos 08/12/2013 10:15:34.6.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.6009.4378 [GMT -2:00]

Executando de: c:\users\jmtodos\Desktop\Combo-Fix.exe

Comandos utilizados :: c:\users\jmtodos\Desktop\CFScript.txt

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Criado um novo ponto de restauração

.

FILE ::

"c:\users\jmtodos\AppData\Roaming\99"

"c:\users\jmtodos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\da3bd.js"

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-11-08 to 2013-12-08 ))))))))))))))))))))))))))))

.

.

2013-12-08 12:23 . 2013-12-08 12:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-12-08 12:23 . 2013-12-08 12:23 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-12-08 12:23 . 2013-12-08 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-12-08 12:23 . 2013-12-08 12:23 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2013-12-08 12:03 . 2013-12-08 12:03 47108 ----a-w- c:\users\jmtodos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\da38.js

2013-12-07 22:17 . 2013-12-08 12:03 -------- d-sh--w- c:\users\jmtodos\AppData\Roaming\99

2013-12-06 19:57 . 2013-11-08 03:12 10285968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EDB36300-0208-4ED5-8294-4AE2D8BA97E0}\mpengine.dll

2013-12-05 19:53 . 2013-12-06 16:19 -------- d-----w- C:\AdwCleaner

2013-12-05 19:39 . 2013-12-05 19:39 -------- d-----w- c:\windows\ERUNT

2013-12-04 22:22 . 2013-12-04 22:22 -------- d-----w- c:\users\jmtodos\AppData\Local\ElevatedDiagnostics

2013-11-29 00:23 . 2013-11-29 00:23 -------- d-----w- c:\program files\gs

2013-11-29 00:22 . 2013-11-29 00:22 -------- d-----w- c:\program files\Ghostgum

2013-11-27 04:03 . 2013-10-14 20:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE

2013-11-18 18:43 . 2013-11-18 18:43 -------- d-----w- c:\program files (x86)\Dell Digital Delivery

2013-11-14 22:25 . 2013-11-14 22:25 -------- d-----w- c:\program files (x86)\EatCam

2013-11-14 13:03 . 2013-10-05 20:25 1474048 ----a-w- c:\windows\system32\crypt32.dll

2013-11-14 13:03 . 2013-10-05 19:57 1168384 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-11-14 13:03 . 2013-09-28 01:09 497152 ----a-w- c:\windows\system32\drivers\afd.sys

2013-11-14 13:00 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-11-14 13:00 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-11-14 12:59 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-11-14 12:59 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-11-14 12:59 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-11-14 12:59 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-11-14 12:59 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-15 05:00 . 2013-09-02 17:31 82896128 ----a-w- c:\windows\system32\MRT.exe

2013-11-11 07:50 . 2010-11-21 03:27 267936 ------w- c:\windows\system32\MpSigStub.exe

2013-10-22 00:32 . 2013-09-02 02:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-10-08 09:50 . 2013-11-01 15:20 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-09-24 06:51 . 2013-09-24 06:51 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-09-24 06:51 . 2013-09-24 06:51 973736 ----a-w- c:\windows\system32\deployJava1.dll

2013-09-24 06:51 . 2013-09-24 06:51 312744 ----a-w- c:\windows\system32\javaws.exe

2013-09-24 06:51 . 2013-09-24 06:51 1095080 ----a-w- c:\windows\system32\npDeployJava1.dll

2013-09-24 06:51 . 2013-09-24 06:51 189352 ----a-w- c:\windows\system32\javaw.exe

2013-09-24 06:51 . 2013-09-24 06:51 189352 ----a-w- c:\windows\system32\java.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 131248 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"8f7a"="c:\users\jmtodos\AppData\Roaming\99\8f7a.js" [X]

"Facebook Update"="c:\users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-09-21 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-07-16 56128]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

"20131121"="c:\program files\AVAST Software\Avast\setup\emupdate\1c725855-43c1-4340-9cc7-e440ab5be634.exe" [2013-11-23 180184]

.

c:\users\jmtodos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

ArcGIS License Manager 10 CRACKED.lnk - c:\cracked license manager 10\start_lic_mgr_invisible.vbs [2013-9-30 174]

da38.js [2013-12-8 47108]

Dropbox.lnk - c:\users\jmtodos\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-11-1 29769432]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AutoUpdateDisableNotify"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe;c:\program files (x86)\BitComet\tools\BitCometService.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 IDL DicomEx Storage SCP;IDL DicomEx Storage SCP;c:\rsi\IDL63\bin\bin.x86\idl_dicomexstorscp.exe;c:\rsi\IDL63\bin\bin.x86\idl_dicomexstorscp.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]

S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 rtcrfilt64;Realtek Turbo Mode Filter Driver;c:\windows\system32\DRIVERS\rtcrfilt64.sys;c:\windows\SYSNATIVE\DRIVERS\rtcrfilt64.sys [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe;c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

S2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe;c:\program files (x86)\PANDORA.TV\PanService\KMPService.exe [x]

S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-12-05 10:51 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02 00:32]

.

2013-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163358809-1814848239-1213952711-1000Core.job

- c:\users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-21 03:04]

.

2013-12-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-163358809-1814848239-1213952711-1000UA.job

- c:\users\jmtodos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-09-21 03:04]

.

2013-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25 18:19]

.

2013-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-25 18:19]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-09-11 02:09 164016 ----a-w- c:\users\jmtodos\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe" [2012-10-16 1023104]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe" [2012-10-16 801920]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-19 6846096]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-11-19 1253520]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-05 170304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-05 398656]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-05 441152]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.orbitdownloader.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: &B&aixar &com o BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &B&aixar tudo usando o BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 10.0.0.1

FF - ProfilePath - c:\users\jmtodos\AppData\Roaming\Mozilla\Firefox\Profiles\tkw5f32h.default-1382888034152\

FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-10-21 22:47; fmconverter@gmail.com; c:\program files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox

FF - ExtSQL: 2013-10-24 14:46; {87F8774F-B485-47E2-A755-A40A8A5E8874}; c:\users\jmtodos\AppData\Local\GAS Tecnologia\GBBD\abn\sf.xpi

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-12-08 10:35:50

ComboFix-quarantined-files.txt 2013-12-08 12:35

ComboFix2.txt 2013-12-07 22:26

ComboFix3.txt 2013-12-07 21:03

ComboFix4.txt 2013-12-06 17:04

ComboFix5.txt 2013-12-08 12:13

.

Pré-execução: 99.314.331.648 bytes disponíveis

Pós execução: 99.137.933.312 bytes disponíveis

.

- - End Of File - - B5532038D7992E632DA8C63E34CD8376

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não to conseguindo executar o Malwarebytes, segui todos os passos certinho mas não tem jeito. O programa está instalado mas quando vou executar ele abre e até começa a fazer a varredura, mas em seguida a janela se fecha sozinha sem terminar.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Depois que fiz os últimos passos começou a aparecer os seguintes erros toda vez que ligo o computador.

post-1071737-13884967101683_thumb.jpg

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×