Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
IrisC

Flec006 não deixa entrar no modo de segurança

Recommended Posts

Olá,

estou com um cavalo de tróia no meu notebook (FLEC006.EXE), ele não deixa eu entrar no modo de segurança do windows, não deixa atualizar o windows XP, não inicializa pelo CD, não deixa eu rodar o HijackThis, não deixa eu instalar meu anti-virus McAfee (software licenciado).Eu já segui uma dica onde diz para baixar o combofix com outro nome, porém o combofix funciona até uma certa parte e depois aparece uma tela azul do windows dizendo que deu erro de memória e tudo congela.

Alguém tem alguma dica do que posso fazer?

Eu consegui tirar um log com um produto da McAfee, ele diz que eliminou os mawares mas eles continuam lna minha máquina, pelo menos com esse log voce tem uma ideia do que tem na minha máquina, pois não consigo nem entrar no modo de segurança nem executar o HijackThis, nem o combofix.

McAfee® Stinger Version 10.0.1.602 built on Sep 18 2008

Copyright © 2008 McAfee, Inc. All Rights Reserved.

Virus data file v1000 created on Sep 18 2008.

Ready to scan for 236 viruses, trojans and variants.

Scan initiated on Mon Oct 27 19:12:11 2008

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\EW8N7TZ5\b64[1].jpg

Found the W32/Bagle.gen virus !!!

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\EW8N7TZ5\b64[1].jpg has been deleted.

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\EW8N7TZ5\b64_3[1].jpg

Found the W32/Bagle.gen virus !!!

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\EW8N7TZ5\b64_3[1].jpg has been deleted.

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\LXJTJB1U\b64_3[1].jpg

Found the W32/Bagle.gen virus !!!

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\LXJTJB1U\b64_3[1].jpg has been deleted.

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\PXET2G96\b64[1].jpg

Found the W32/Bagle.gen virus !!!

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\PXET2G96\b64[1].jpg has been deleted.

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\PXET2G96\b64[2].jpg

Found the W32/Bagle.gen virus !!!

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\PXET2G96\b64[2].jpg has been deleted.

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\PXET2G96\b64_3[1].jpg

Found the W32/Bagle.gen virus !!!

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\PXET2G96\b64_3[1].jpg has been deleted.

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\RUDGJOYJ\b64[1].jpg

Found the W32/Bagle.gen virus !!!

C:\Documents and Settings\Irismar Correa\Configurações locais\Temporary Internet Files\Content.IE5\RUDGJOYJ\b64[1].jpg has been deleted.

C:\Documents and Settings\Irismar Correa\Dados de aplicativos\m\flec006.exe

Found the W32/Bagle.gen virus !!!

C:\Documents and Settings\Irismar Correa\Dados de aplicativos\m\flec006.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\134578.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\134578.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\139609.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\139609.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\141375.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\141375.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\145406.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\145406.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\146531.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\146531.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\147984.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\147984.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\14973312.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\14973312.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\14979453.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\14979453.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\14988687.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\14988687.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\150156.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\150156.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\151140.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\151140.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\15249453.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\15249453.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\153656.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\153656.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\154031.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\154031.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\156359.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\156359.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\158015.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\158015.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\158968.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\158968.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\160156.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\160156.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\163468.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\163468.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\166859.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\166859.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\190671.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\190671.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\196109.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\196109.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\197156.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\197156.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\200468.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\200468.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\201187.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\201187.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\202765.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\202765.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\205265.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\205265.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\206531.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\206531.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\214828.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\214828.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\215640.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\215640.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\231921.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\231921.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\232546.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\232546.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\235609.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\235609.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\239843.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\239843.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\246109.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\246109.exe has been deleted.

C:\WINDOWS\system32\drivers\downld\29810859.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\drivers\downld\29810859.exe has been deleted.

C:\WINDOWS\system32\mdelk.exe

Found the W32/Bagle.gen virus !!!

C:\WINDOWS\system32\mdelk.exe has been deleted.

Number of clean files: 583137

Number of infected files: 45

Number of files deleted: 45

Scan initiated on Mon Oct 27 20:26:25 2008

Number of clean files: 4

Editado por IrisC

Compartilhar este post


Link para o post
Compartilhar em outros sites

Leia o seguinte tópico:

http://forum.clubedohardware.com.br/criando-novo-topico/429891

Depois poste um novo log do Hijackthis para análise.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Renato,

obrigada por me ajudar.

Começamos bem, já consegui tirar um log !

==================================

Logfile of HijackThis v1.99.1

Scan saved at 19:49, on 2008-10-29

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\SnAgOS.exe

C:\WINDOWS\system32\nutsrv4.exe

C:\WINDOWS\system32\SnLiveUp.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE

C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Arquivos de programas\Digital Line Detect\DLG.exe

C:\Arquivos de programas\Skype\Plugin Manager\skypePM.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\SnEngine.EXE

C:\Hijack\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=0061222

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\BAE\BAE.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\Arquivos de programas\Rational\Rational Test\nutcroot\bin\ncoeenv.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em AMANDA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P41 "Auto EPSON Stylus CX4100 Series em AMANDA" /O20 "\\AMANDA\Impressora3" /M "Stylus CX4100"

O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\CF18871.exe" /c "C:\Combo-Fix\C.bat"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Arquivos de Programas\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [DelayShred] c:\ARQUIV~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\RECYCLER\S-1-5-~2\Dc102.SH! C:\RECYCLER\S-1-5-~2\Dc63.SH! C:\RECYCLER\S-1-5-~2\Dc62\PARTIT~1\PMUPDA~1.01\Update.exe C:\RECYCLER\S-1-5-~2\Dc62\PARTIT~1\PMUPDA~1.SH! C:\RECYCLER\S-1-5-~2\Dc62\PARTIT~1.SH! C:\RECYCLER\S-1-5-~2\Dc62.SH!

O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\winfilse.exe

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Irismar Correa\Dados de aplicativos\m\flec006.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: Download Using &BitSpirit - C:\Arquivos de programas\BitSpirit\bsurl.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.canadiangeographic.ca

O15 - Trusted Zone: http://ego.globo.com

O15 - Trusted Zone: http://www.google.com.br

O15 - Trusted Zone: http://www.hihostels.ca

O15 - Trusted Zone: http://www.ilac.com

O15 - Trusted Zone: http://forum.imasters.com.br

O15 - Trusted Zone: http://*.mcafee.com

O15 - Trusted Zone: http://www.pandasecurity.com

O15 - Trusted Zone: http://www.pandasoftware.com

O15 - Trusted Zone: http://brasil.peugeot.com.br

O15 - Trusted Zone: http://ecommerce.peugeot.com.br

O15 - Trusted Zone: http://www.techsupportforum.com

O15 - Trusted Zone: http://www.tiosam.com

O15 - Trusted Zone: http://www.ufrgs.br

O15 - Trusted Zone: http://www.unisinos.br

O15 - Trusted Zone: http://www.ava.unisinos.br

O15 - Trusted Zone: http://www.myfuture.utoronto.ca

O15 - Trusted Zone: http://www.vec.ca

O15 - Trusted Zone: http://www.wtccanada.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: qcom - {B8DBD265-42C3-43E6-B439-E968C71984C6} - C:\ARQUIV~1\COMMON~1\QUESTS~1\CODEXP~1\qcom.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

[*]Duplo clique no icone desktopicon.png que está no desktop.

[*]Leia e aceite as condições, digitando 1 e enter.

[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado a Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.

[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.

[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Renato,

tentei gerar o console pelo CD do windows( é um CD que veio junto com o notebook da Dell), porém a primeira vez ele acusou erro na hora de copiar um arquivo e então eu cancelei a execução.

Depois disso baixei o arquivo no site de microsoft (eu tenho o windows professional service pack 2 na minha máquina) e arrastei o arquivo para cima do combofix, porém também deu erro (ver tela 1).

Depois desisti de criar o console e parti para a execução do combofix direto então não funcionou, ficou aparecendo outra mensagem (ver tela 2).

Agora tirei outro log da máquina para voce dar uma olhada e ver se ainda tenho alguma alternativa, desde já agradeço.

Depois que tirei esse log, tentei novamente executar o combofix porém continuou aparecendo a mensagem da tela-2, então eu fui teclando "ok" várias vezes (umas dez vezes) até que a mensagem parasse de aparecer e o combofix pudesse rodar e então deu certo até certo ponto. O combofix executou vários passos até aquele passo que aprece uma tela dizendo que ele mudou as configurações da hora. Depois disso o meu sistema parou e apareceu uma tela azul (essa tela é a mesma que apareceu outras vezes desde que meu note foi infectado por esse malware) ela diz o seguinte:

"Foi detectado um problema e o windows foi desligado para evitar danos ao computador. INVALID_KERNEL_HANDLE

Informações técnicas:

Iniciando despejo de memória física. Despejo de memória física concluido. Entre em contato com o admin da máquina"

Depois a tela ainda pede para entrar pelo modo de segurança, porém eu ainda não estou conseguindo entrar por esse modo.

Bom, era isso que eu queria complementar por isso editei novamente essa mensagem, fico no aguardo de novas instruções.

obs: Dei uma atualizada no meu log depois que aconteceu esse erro, para que voce possa analisá-lo.

Atenciosamente,

Iris.

Logfile of HijackThis v1.99.1

Scan saved at 11:08, on 2008-11-02

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\nutsrv4.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\system32\SnAgOS.exe

C:\WINDOWS\system32\SnLiveUp.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\drivers\winfilse.exe

C:\WINDOWS\system32\wintems.exe

C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Arquivos de programas\Digital Line Detect\DLG.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\WINDOWS\system32\SnEngine.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Documents and Settings\Irismar Correa\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=0061222

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\BAE\BAE.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\Arquivos de programas\Rational\Rational Test\nutcroot\bin\ncoeenv.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em AMANDA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P41 "Auto EPSON Stylus CX4100 Series em AMANDA" /O20 "\\AMANDA\Impressora3" /M "Stylus CX4100"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Arquivos de Programas\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [DelayShred] c:\ARQUIV~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\RECYCLER\S-1-5-~2\Dc102.SH! C:\RECYCLER\S-1-5-~2\Dc63.SH! C:\RECYCLER\S-1-5-~2\Dc62\PARTIT~1\PMUPDA~1.01\Update.exe C:\RECYCLER\S-1-5-~2\Dc62\PARTIT~1\PMUPDA~1.SH! C:\RECYCLER\S-1-5-~2\Dc62\PARTIT~1.SH! C:\RECYCLER\S-1-5-~2\Dc62.SH!

O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\winfilse.exe

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Irismar Correa\Dados de aplicativos\m\flec006.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: Download Using &BitSpirit - C:\Arquivos de programas\BitSpirit\bsurl.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Arquivos de programas\Altova\XMLSpy2008\spy.htm (file missing)

O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Arquivos de programas\Altova\XMLSpy2008\spy.htm (file missing)

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.canadiangeographic.ca

O15 - Trusted Zone: http://ego.globo.com

O15 - Trusted Zone: http://www.google.com.br

O15 - Trusted Zone: http://www.hihostels.ca

O15 - Trusted Zone: http://www.ilac.com

O15 - Trusted Zone: http://forum.imasters.com.br

O15 - Trusted Zone: http://*.mcafee.com

O15 - Trusted Zone: http://www.pandasecurity.com

O15 - Trusted Zone: http://www.pandasoftware.com

O15 - Trusted Zone: http://brasil.peugeot.com.br

O15 - Trusted Zone: http://ecommerce.peugeot.com.br

O15 - Trusted Zone: http://www.techsupportforum.com

O15 - Trusted Zone: http://www.tiosam.com

O15 - Trusted Zone: http://www.ufrgs.br

O15 - Trusted Zone: http://www.unisinos.br

O15 - Trusted Zone: http://www.ava.unisinos.br

O15 - Trusted Zone: http://www.myfuture.utoronto.ca

O15 - Trusted Zone: http://www.vec.ca

O15 - Trusted Zone: http://www.wtccanada.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: qcom - {B8DBD265-42C3-43E6-B439-E968C71984C6} - C:\ARQUIV~1\COMMON~1\QUESTS~1\CODEXP~1\qcom.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

post-434831-1388494887693_thumb.jpg

post-434831-13884948877561_thumb.jpg

Editado por IrisC
Complementação dos passos realizados

Compartilhar este post


Link para o post
Compartilhar em outros sites

Apenas execute o ComboFix, durante sua execução será oferecido instalar o Console de Recuperação.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Renato,

executei o combofix e aconteceu o seguinte:

1 - apareceu uma mensagem que foi detectado atividade de rootkit, então o combofix pediu para reiniciar a máquina. Dei ok para reinicializar;

2 - quando voltou a máquina, o combofix se autoexecutou só até o ponto em que ele deu a seguinte mensagem: "o combofix modificou as definiçoes do relógio" após isso o windows deu a tela azul com a seguinte mensagem:

"Foi detectado um problema e o windows foi desligado para evitar danos ao computador. INVALID_KERNEL_HANDLE. Iniciando despejo de memória física. Despejo de memória física concluido. Entre em contato com o admin da máquina"

3 - tive que desligar a máquina e se tento executar o combofix novamente, acontece tudo outra vez. Acho que o trojan não deixa o combofix executar.

aí vai um log mais atualizado

Logfile of HijackThis v1.99.1

Scan saved at 20:05, on 2008-11-03

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\savedump.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\system32\nutsrv4.exe

C:\WINDOWS\system32\SnAgOS.exe

C:\WINDOWS\system32\SnLiveUp.exe

C:\WINDOWS\Explorer.exe

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\WINDOWS\stsystra.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE

C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Arquivos de programas\Digital Line Detect\DLG.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\Documents and Settings\Irismar Correa\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=0061222

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\BAE\BAE.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\Arquivos de programas\Rational\Rational Test\nutcroot\bin\ncoeenv.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em AMANDA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P41 "Auto EPSON Stylus CX4100 Series em AMANDA" /O20 "\\AMANDA\Impressora3" /M "Stylus CX4100"

O4 - HKLM\..\Run: [combofix] "C:\WINDOWS\system32\CF21276.exe" /c "C:\ComboFix\C.bat"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [ModemOnHold] C:\Arquivos de Programas\NetWaiting\netWaiting.exe

O4 - HKCU\..\Run: [skype] "C:\Arquivos de programas\Skype\Phone\Skype.exe" /nosplash /minimized

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Arquivos de programas\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [DelayShred] c:\ARQUIV~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\RECYCLER\S-1-5-~2\Dc102.SH! C:\RECYCLER\S-1-5-~2\Dc63.SH! C:\RECYCLER\S-1-5-~2\Dc62\PARTIT~1\PMUPDA~1.01\Update.exe C:\RECYCLER\S-1-5-~2\Dc62\PARTIT~1\PMUPDA~1.SH! C:\RECYCLER\S-1-5-~2\Dc62\PARTIT~1.SH! C:\RECYCLER\S-1-5-~2\Dc62.SH!

O4 - HKCU\..\Run: [drvsyskit] C:\WINDOWS\system32\drivers\winfilse.exe

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe

O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\Irismar Correa\Dados de aplicativos\m\flec006.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: Download Using &BitSpirit - C:\Arquivos de programas\BitSpirit\bsurl.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Arquivos de programas\Altova\XMLSpy2008\spy.htm (file missing)

O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Arquivos de programas\Altova\XMLSpy2008\spy.htm (file missing)

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.canadiangeographic.ca

O15 - Trusted Zone: http://ego.globo.com

O15 - Trusted Zone: http://www.google.com.br

O15 - Trusted Zone: http://www.hihostels.ca

O15 - Trusted Zone: http://www.ilac.com

O15 - Trusted Zone: http://forum.imasters.com.br

O15 - Trusted Zone: http://*.mcafee.com

O15 - Trusted Zone: http://www.pandasecurity.com

O15 - Trusted Zone: http://www.pandasoftware.com

O15 - Trusted Zone: http://brasil.peugeot.com.br

O15 - Trusted Zone: http://ecommerce.peugeot.com.br

O15 - Trusted Zone: http://www.techsupportforum.com

O15 - Trusted Zone: http://www.tiosam.com

O15 - Trusted Zone: http://www.ufrgs.br

O15 - Trusted Zone: http://www.unisinos.br

O15 - Trusted Zone: http://www.ava.unisinos.br

O15 - Trusted Zone: http://www.myfuture.utoronto.ca

O15 - Trusted Zone: http://www.vec.ca

O15 - Trusted Zone: http://www.wtccanada.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: qcom - {B8DBD265-42C3-43E6-B439-E968C71984C6} - C:\ARQUIV~1\COMMON~1\QUESTS~1\CODEXP~1\qcom.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Vamos tentar reparar o modo de segurança, se formos bem sucedido, execute o ComboFix nesse modo.

Faça o download do SafeBootKeyRepair

  • Rode a ferramenta.
  • Demorará breves momentos.
  • Quando a ferramenta terminar, gerará um log C:\SafeBoot_Repair.txt
  • Na sua próxima resposta cole o conteúdo desse log, juntamente com um novo log do HijackThis.
  • Informe também o estado do seu PC e se já consegue entrar em Modo Seguro.

Compartilhar este post


Link para o post
Compartilhar em outros sites

erro na pagina do forum

Fatal error: Maximum execution time of 30 seconds exceeded in /www/forum/includes/functions.php on line 1745

Compartilhar este post


Link para o post
Compartilhar em outros sites

Renato,

não estou conseguindo mandar todos os meus logs para a página do fórum, então resolvi tentar mandar por partes

Mensagem Paret 1/2

O link do safeboot não funcionou, deu "page not found", então pesquisei no google e baixei de outro lugar, rodei na minha máquina e gerei o log, depois consegui entrar no modo de segurança e executei o combofix.

O combofix não executou mesmo estando no modo seguro , apareceu a mesma tela azul de despejo de memória.

A tela azul mostrou também um contador que dizia:

"Despejando memória física para o disco 1, 2, 3, .... 30" e ficou mostrando números em sequencia sem parar e então quando chegou no 30 eu desliguei o note.

Baixei um sw chamado threatfire e rodei na minha máquina, ele rodou legal e disse que removeu vários virus, depois que ele rodou consegui reinstalar o meu antivirus McAfee que antes não tinha jeito de instalar. Depois disso também consegui rodar o CCleaner.

Mas porque não consigo rodar o combofix? será que eu estou com problema de vírus e de hardware? e porque só dá problema com o combofix?

Aqui vão os logs:

SafeBoot

=======

Reg export of SafeBoot key after repair:

========================

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\AppMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Base]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot Bus estender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Boot file system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\CryptSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\DcomLaunch]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmadmin]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmboot.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmio.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmload.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\dmserver]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\EventLog]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\HelpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Netlogon]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PCI Configuration]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PlugPlay]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PNP Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\Primary disk]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\procexp90.Sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\PSEXESVC]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\RpcSs]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SCSI Class]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sermouse.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\SRService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\System Bus estender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\WinMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Minimal\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AFD]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\AppMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Base]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot Bus estender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Boot file system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Browser]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\CryptSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DcomLaunch]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Dhcp]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmadmin]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmboot.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmio.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmload.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\dmserver]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\DnsCache]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\EventLog]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\File system]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\HelpSvc]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ip6fw.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\ipnat.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanServer]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LanmanWorkstation]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\LmHosts]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\MCODS]

@=""

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Messenger]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\MpfService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NDIS Wrapper]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Ndisuio]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOS]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBIOSGroup]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetBT]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetDDEGroup]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Netlogon]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetMan]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Network]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NetworkProvider]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\NtLmSsp]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PCI Configuration]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PlugPlay]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP Filter]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PNP_TDI]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Primary disk]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\procexp90.Sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\PSEXESVC]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpcdd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpdd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdpwd.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\rdsessmgr]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\RpcSs]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SCSI Class]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sermouse.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SharedAccess]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\sr.sys]

@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\SRService]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Streams Drivers]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\System Bus estender]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\Tcpip]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\TDI]

@="Driver Group"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdpipe.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\tdtcp.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\termservice]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vga.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\vgasave.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\WinMgmt]

@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{36FC9E60-C465-11CF-8056-444553540000}]

@="Universal Serial Bus controllers"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E965-E325-11CE-BFC1-08002BE10318}]

@="CD-ROM Drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E967-E325-11CE-BFC1-08002BE10318}]

@="DiskDrive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E969-E325-11CE-BFC1-08002BE10318}]

@="Standard floppy disk controller"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96A-E325-11CE-BFC1-08002BE10318}]

@="Hdc"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96B-E325-11CE-BFC1-08002BE10318}]

@="Keyboard"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E96F-E325-11CE-BFC1-08002BE10318}]

@="Mouse"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}]

@="Net"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}]

@="NetClient"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}]

@="NetService"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}]

@="NetTrans"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E977-E325-11CE-BFC1-08002BE10318}]

@="PCMCIA Adapters"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97B-E325-11CE-BFC1-08002BE10318}]

@="SCSIAdapter"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E97D-E325-11CE-BFC1-08002BE10318}]

@="System"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{4D36E980-E325-11CE-BFC1-08002BE10318}]

@="Floppy disk drive"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]

@="Volume"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\Network\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA}]

@="Human Interface Devices"

========================

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\mcmscsvc

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\procexp90.Sys

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\PSEXESVC

Compartilhar este post


Link para o post
Compartilhar em outros sites

mensagem parte 2/2

HiJAck

=============================

Logfile of HijackThis v1.99.1

Scan saved at 21:46, on 2008-11-04

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\GbPlugin\GbpSv.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\system32\inetsrv\inetinfo.exe

C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

C:\WINDOWS\system32\tcpsvcs.exe

C:\WINDOWS\system32\SnMgrSvc.exe

C:\WINDOWS\System32\snmp.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\ThreatFire\TFService.exe

C:\WINDOWS\system32\UAService7.exe

C:\WINDOWS\System32\WLTRYSVC.EXE

C:\WINDOWS\System32\bcmwltry.exe

C:\WINDOWS\system32\nutsrv4.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

c:\ARQUIV~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\SnAgOS.exe

C:\WINDOWS\system32\SnLiveUp.exe

C:\WINDOWS\Explorer.exe

C:\WINDOWS\system32\SnEngine.EXE

C:\Arquivos de programas\Dell\QuickSet\quickset.exe

C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\WLTRAY.exe

C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe

C:\Arquivos de programas\QuickTime\qttask.exe

C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE

C:\Arquivos de programas\ThreatFire\TFTray.exe

C:\WINDOWS\stsystra.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Arquivos de programas\Digital Line Detect\DLG.exe

C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\WINDOWS\system32\SnEngine.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\SnEngine.EXE

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\System32\svchost.exe

c:\ARQUIV~1\mcafee\VIRUSS~1\mcvsshld.exe

c:\ARQUIV~1\mcafee\VIRUSS~1\mcvsmap.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Irismar Correa\Desktop\HiJackThis_v2.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=0061222

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\ARQUIV~1\mcafee\msk\mcapbho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\BAE\BAE.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe"

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe

O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe"

O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\Arquivos de programas\Rational\Rational Test\nutcroot\bin\ncoeenv.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em AMANDA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P41 "Auto EPSON Stylus CX4100 Series em AMANDA" /O20 "\\AMANDA\Impressora3" /M "Stylus CX4100"

O4 - HKLM\..\Run: [ThreatFire] C:\Arquivos de programas\ThreatFire\TFTray.exe

O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [DelayShred] c:\ARQUIV~1\mcafee\mshr\ShrCL.EXE /P7 /q C:\RECYCLER\S-1-5-~2\Dc102.SH! C:\RECYCLER\S-1-5-~2\Dc63.SH! C:\RECYCLER\S-1-5-~2\Dc62\PARTIT~1\PMUPDA~1.01\Update.exe C:\RECYCLER\S-1-5-~2\Dc62\PARTIT~1\PMUPDA~1.SH! C:\RECYCLER\S-1-5-~2\Dc62\PARTIT~1.SH! C:\RECYCLER\S-1-5-~2\Dc62.SH!

O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: Digital Line Detect.lnk = ?

O8 - Extra context menu item: Download Using &BitSpirit - C:\Arquivos de programas\BitSpirit\bsurl.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Arquivos de programas\Altova\XMLSpy2008\spy.htm (file missing)

O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Arquivos de programas\Altova\XMLSpy2008\spy.htm (file missing)

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O15 - Trusted Zone: http://www.adobe.com

O15 - Trusted Zone: http://www.canadiangeographic.ca

O15 - Trusted Zone: http://ego.globo.com

O15 - Trusted Zone: http://www.google.com.br

O15 - Trusted Zone: http://www.hihostels.ca

O15 - Trusted Zone: http://www.ilac.com

O15 - Trusted Zone: http://forum.imasters.com.br

O15 - Trusted Zone: http://*.mcafee.com

O15 - Trusted Zone: http://www.pandasecurity.com

O15 - Trusted Zone: http://www.pandasoftware.com

O15 - Trusted Zone: http://brasil.peugeot.com.br

O15 - Trusted Zone: http://ecommerce.peugeot.com.br

O15 - Trusted Zone: http://www.techsupportforum.com

O15 - Trusted Zone: http://www.tiosam.com

O15 - Trusted Zone: http://www.ufrgs.br

O15 - Trusted Zone: http://www.unisinos.br

O15 - Trusted Zone: http://www.ava.unisinos.br

O15 - Trusted Zone: http://www.myfuture.utoronto.ca

O15 - Trusted Zone: http://www.vec.ca

O15 - Trusted Zone: http://www.wtccanada.com

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL

O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll

O18 - Protocol: qcom - {B8DBD265-42C3-43E6-B439-E968C71984C6} - C:\ARQUIV~1\COMMON~1\QUESTS~1\CODEXP~1\qcom.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll

O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe

O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe

O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe

O23 - Service: MySQL - Unknown owner - C:\Arquivos.exe (file missing)

O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe

O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe

O23 - Service: SNMgrSvc - Open Communications Security S/A - C:\WINDOWS\system32\SnMgrSvc.exe

O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\ThreatFire\TFService.exe

O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Gmer e salve no seu desktop (Área de Trabalho).

  • Extraia/tire do zip o arquivo para uma pasta própria.
  • Feito isso, desligue o PC da Internet e feche todos os programas.
    Existe uma pequenissíma hipótese desta aplicação desligar o seu PC. Por isso, salve qualquer trabalho que tenha aberto.
  • Duplo-clique em Gmer.exe.
  • Permita que o driver gmer.sys seja rodado, se lhe for perguntado.
  • Se receber o aviso acerca de actividade de rootkit e para fazer um scan...clique em NO.
  • Clique em "Settings", e marque as 5 (cinco) primeiras:
    *System Protection and Tracing
    *Processes
    *Save created processes to the log
    *Drivers
    *Save loaded drivers to the log
  • Será questionado para reiniciar o PC. Reinicie.

Rode novamente o Gmer e clique em Rootkit.

  • No lado direito (debaixo de file, desmarque todos os drives excepto o seu disco (usualmente o C).
  • Certifique-se que todas as outras caixas, no lado direito do ecran estão marcadas, EXCEPTO para "Show All".
  • Clique em "Scan" e aguarde que o scan seja efectuado.
    Nota: Antes do scan, certifique-se que todos os outros programas estão fechados. Também não use o computador durente o scan.
  • Quando terminar, clique no botão Copiar e depois clique com o botão direito no seu Desktop, escolha "Novo" e depois -> Documento de Texto. Quando o arquivo tiver sido criado, abra e novamente botão direito e Cole ou Ctrl+V. Salve o arquivo como gmer.txt e poste o conteúdo na sua próxima resposta.
  • Nota: Se tiver problemas, tente rodar o GMER em Modo Seguro

Importante! Por favor não marque a caixa "Show all" durante o scan.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Renato,

deu tudo certo e aqui vai o log do GMER, por favor queira verificá-lo,

fico aguardando.

O log vai em anexo

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-11-08 10:38:21

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xF7576DFA]

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xF7576FEA]

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xF757708C]

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF7576CEE]

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xF7577224]

SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xF7578798]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xEDE109B2]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xEDE1095D]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xEDE10976]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xEDE10AF9]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xEDE10AE3]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xEDE109F2]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xEDE10B25]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xEDE10930]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xEDE10944]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xEDE109C6]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xEDE10B61]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xEDE10ACD]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xEDE10AB7]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEDE10A75]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xEDE10B4D]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xEDE10B39]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xEDE1099E]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xEDE1098A]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xEDE10B0F]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xEDE10A08]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xEDE109DC]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntkrnlpa.exe!ZwYieldExecution 80503DBC 7 Bytes JMP EDE109E0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtCreateFile 80577E5E 5 Bytes JMP EDE109B6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtMapViewOfSection 805B09CE 7 Bytes JMP EDE109F6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B17DC 5 Bytes JMP EDE10A0C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6DA2 7 Bytes JMP EDE109CA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenProcess 805C9C46 5 Bytes JMP EDE10934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtOpenThread 805C9ED2 5 Bytes JMP EDE10948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!NtSetInformationProcess 805CC690 5 Bytes JMP EDE1098E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcessEx 805CF966 7 Bytes JMP EDE1097A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwCreateProcess 805CFA1C 5 Bytes JMP EDE10961 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwSetContextThread 805CFF26 5 Bytes JMP EDE109A2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryValueKey 80620102 7 Bytes JMP EDE10ABB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRestoreKey 80620450 5 Bytes JMP EDE10B3D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwUnloadKey 806209D0 7 Bytes JMP EDE10B13 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80621216 7 Bytes JMP EDE10AD1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwRenameKey 80621A6E 7 Bytes JMP EDE10A79 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwEnumerateKey 80622888 7 Bytes JMP EDE10AFD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwEnumerateValueKey 80622AF2 7 Bytes JMP EDE10AE7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwQueryKey 80623702 7 Bytes JMP EDE10B65 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwReplaceKey 80623C28 5 Bytes JMP EDE10B51 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80623D42 5 Bytes JMP EDE10B29 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys O sistema não pode encontrar o arquivo especificado. !

---- User code sections - GMER 1.0.14 ----

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F7C0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F790F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F730F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe[256] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe[284] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nutsrv4.exe[400] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\nutsrv4.exe[400] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nutsrv4.exe[400] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\nutsrv4.exe[400] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\system32\nutsrv4.exe[400] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\nutsrv4.exe[400] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

Compartilhar este post


Link para o post
Compartilhar em outros sites

.text C:\WINDOWS\system32\nutsrv4.exe[400] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[528] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 1005C0D0 C:\ARQUIV~1\GbPlugin\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

.text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!FreeLibrary 7C80AA66 5 Bytes JMP 1005C240 C:\ARQUIV~1\GbPlugin\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

.text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F040F5A

.text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!FreeLibraryAndExitThread 7C80CEA1 5 Bytes JMP 1005BF70 C:\ARQUIV~1\GbPlugin\gbiehabn.dll (Gbieh Module/Banco ABN AMRO)

.text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\winlogon.exe[528] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\winlogon.exe[528] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\winlogon.exe[528] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\winlogon.exe[528] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\winlogon.exe[528] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\winlogon.exe[528] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\winlogon.exe[528] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\winlogon.exe[528] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\Explorer.EXE[548] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[548] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\Explorer.EXE[548] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[548] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02C40000

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 02C40F6F

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02C4006E

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 02C4005D

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02C40F94

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02C4002C

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 02C40089

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02C40F43

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02C400B5

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02C40F1C

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 02C400D0

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 02C40FA5

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 02C40FE5

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 02C40F54

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 02C40FC0

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 02C40011

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 02C4009A

.text C:\WINDOWS\Explorer.EXE[548] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A

.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 02C30FC3

.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 02C30F8D

.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 02C30FD4

.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 02C3000A

.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 02C3004A

.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 02C30FA8

.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 02C30FEF

.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 02C30039

.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A

.text C:\WINDOWS\Explorer.EXE[548] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ]

.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\Explorer.EXE[548] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\Explorer.EXE[548] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A

.text C:\WINDOWS\Explorer.EXE[548] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A

.text C:\WINDOWS\Explorer.EXE[548] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A

.text C:\WINDOWS\Explorer.EXE[548] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A

.text C:\WINDOWS\Explorer.EXE[548] WININET.dll!InternetOpenA 771A6D2A 5 Bytes JMP 02C10000

.text C:\WINDOWS\Explorer.EXE[548] WININET.dll!InternetOpenUrlA 771A6FDD 5 Bytes JMP 02C10038

.text C:\WINDOWS\Explorer.EXE[548] WININET.dll!InternetOpenW 771B6CF3 5 Bytes JMP 02C1001B

.text C:\WINDOWS\Explorer.EXE[548] WININET.dll!InternetOpenUrlW 771B7304 5 Bytes JMP 02C10FE5

.text C:\WINDOWS\Explorer.EXE[548] WS2_32.dll!socket 71A73B91 5 Bytes JMP 02C00000

.text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[572] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070FEF

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070087

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0007006C

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070F92

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070FB9

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070036

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 000700A9

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070098

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00070F1A

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F2B

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00070F09

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00070051

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 0007000A

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00070F6D

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 0007001B

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00070FD4

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00070F46

.text C:\WINDOWS\system32\services.exe[572] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A

.text C:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 0006000A

.text C:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00060F68

.text C:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00060FC3

.text C:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00060FD4

.text C:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00060F83

.text C:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00060F94

.text C:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00060FE5

.text C:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00060025

.text C:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A

.text C:\WINDOWS\system32\services.exe[572] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\services.exe[572] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\services.exe[572] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\services.exe[572] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[572] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ]

.text C:\WINDOWS\system32\services.exe[572] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\services.exe[572] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\services.exe[572] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\system32\services.exe[572] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\services.exe[572] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\services.exe[572] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\services.exe[572] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\services.exe[572] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\system32\services.exe[572] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A

.text C:\WINDOWS\system32\services.exe[572] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A

.text C:\WINDOWS\system32\services.exe[572] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A

.text C:\WINDOWS\system32\services.exe[572] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A

.text C:\WINDOWS\system32\services.exe[572] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00040000

.text C:\WINDOWS\system32\lsass.exe[584] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[584] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\system32\lsass.exe[584] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[584] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F60FEF

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00F6006E

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00F60F83

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00F60051

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00F60040

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00F60F9E

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00F60F4D

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00F60F5E

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00F60F32

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00F600C1

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00F60F21

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00F60025

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00F60FDE

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00F60089

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00F60FC3

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00F6000A

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00F600B0

.text C:\WINDOWS\system32\lsass.exe[584] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A

.text C:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00F5002C

.text C:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00F50073

.text C:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00F50011

.text C:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00F50FE5

.text C:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00F50062

.text C:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00F50047

.text C:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00F50000

.text C:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00F50FC0

.text C:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A

.text C:\WINDOWS\system32\lsass.exe[584] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ]

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

Compartilhar este post


Link para o post
Compartilhar em outros sites

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\system32\lsass.exe[584] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00F30000

.text C:\WINDOWS\system32\lsass.exe[584] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A

.text C:\WINDOWS\system32\lsass.exe[584] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A

.text C:\WINDOWS\system32\lsass.exe[584] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A

.text C:\WINDOWS\system32\lsass.exe[584] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D30FEF

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D30F3A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D30F4B

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D30F66

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D3002F

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D30FB2

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D30EFB

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D30F0C

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D30079

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D3005E

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00D3008A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00D30F8D

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00D30014

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00D30F29

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00D30FC3

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00D30FD4

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00D30EE0

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 0093001B

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00930058

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00930FCA

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00930FE5

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 0093003D

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00930F9B

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00930000

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 0093002C

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ]

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\system32\svchost.exe[772] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A

.text C:\WINDOWS\system32\svchost.exe[772] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A

.text C:\WINDOWS\system32\svchost.exe[772] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A

.text C:\WINDOWS\system32\svchost.exe[772] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A

.text C:\WINDOWS\system32\svchost.exe[772] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00910FEF

.text C:\WINDOWS\System32\snmp.exe[804] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\snmp.exe[804] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\System32\snmp.exe[804] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\snmp.exe[804] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\System32\snmp.exe[804] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\System32\snmp.exe[804] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\System32\snmp.exe[804] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\System32\snmp.exe[804] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\System32\snmp.exe[804] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\System32\snmp.exe[804] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B60FEF

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B60F8D

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B60082

Compartilhar este post


Link para o post
Compartilhar em outros sites

.text C:\WINDOWS\system32\lsass.exe[584] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\system32\lsass.exe[584] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00F30000

.text C:\WINDOWS\system32\lsass.exe[584] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A

.text C:\WINDOWS\system32\lsass.exe[584] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A

.text C:\WINDOWS\system32\lsass.exe[584] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A

.text C:\WINDOWS\system32\lsass.exe[584] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\system32\tcpsvcs.exe[588] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\tcpsvcs.exe[588] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[752] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[772] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00D30FEF

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00D30F3A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00D30F4B

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00D30F66

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00D3002F

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00D30FB2

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00D30EFB

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00D30F0C

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00D30079

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00D3005E

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00D3008A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00D30F8D

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00D30014

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00D30F29

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00D30FC3

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00D30FD4

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00D30EE0

.text C:\WINDOWS\system32\svchost.exe[772] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 0093001B

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00930058

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00930FCA

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00930FE5

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 0093003D

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00930F9B

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00930000

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 0093002C

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A

.text C:\WINDOWS\system32\svchost.exe[772] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ]

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[772] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\system32\svchost.exe[772] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A

.text C:\WINDOWS\system32\svchost.exe[772] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A

.text C:\WINDOWS\system32\svchost.exe[772] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A

.text C:\WINDOWS\system32\svchost.exe[772] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A

.text C:\WINDOWS\system32\svchost.exe[772] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00910FEF

.text C:\WINDOWS\System32\snmp.exe[804] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\snmp.exe[804] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\System32\snmp.exe[804] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\snmp.exe[804] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\System32\snmp.exe[804] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\System32\snmp.exe[804] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\System32\snmp.exe[804] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\System32\snmp.exe[804] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\System32\snmp.exe[804] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\System32\snmp.exe[804] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\System32\snmp.exe[804] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\snmp.exe[804] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[840] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B60FEF

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B60F8D

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B60082

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B60FA8

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B60FC3

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B60040

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B60F46

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B60F57

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B600C4

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B600B3

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00B60F10

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00B60065

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00B60FDE

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00B60F72

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00B60025

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00B60014

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00B60F35

.text C:\WINDOWS\system32\svchost.exe[840] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A

.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00B50014

.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00B50F8D

.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00B50FC3

.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00B50FD4

.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00B5004A

.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00B5002F

.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00B50FEF

.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00B50FA8

.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A

.text C:\WINDOWS\system32\svchost.exe[840] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ]

.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[840] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\system32\svchost.exe[840] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A

.text C:\WINDOWS\system32\svchost.exe[840] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A

.text C:\WINDOWS\system32\svchost.exe[840] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A

.text C:\WINDOWS\system32\svchost.exe[840] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A

.text C:\WINDOWS\system32\svchost.exe[840] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00B30000

.text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[896] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 03200000

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 03200F6B

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 03200F7C

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 03200F8D

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0320004A

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 03200F9E

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 03200071

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 03200F35

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 03200EFA

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0320009D

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 03200EDF

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0320002F

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 03200FEF

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 03200F46

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 03200FAF

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 03200FD4

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 03200082

.text C:\WINDOWS\System32\svchost.exe[896] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A

.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 031F0FEF

.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 031F0087

.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 031F0040

.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 031F0025

.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 031F0FCA

.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 031F0062

.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 031F000A

.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 031F0051

.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A

.text C:\WINDOWS\System32\svchost.exe[896] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\System32\svchost.exe[896] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\System32\svchost.exe[896] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\System32\svchost.exe[896] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[896] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ]

.text C:\WINDOWS\System32\svchost.exe[896] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\System32\svchost.exe[896] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\System32\svchost.exe[896] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\System32\svchost.exe[896] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\System32\svchost.exe[896] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\System32\svchost.exe[896] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\System32\svchost.exe[896] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\svchost.exe[896] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\System32\svchost.exe[896] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A

.text C:\WINDOWS\System32\svchost.exe[896] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A

.text C:\WINDOWS\System32\svchost.exe[896] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A

.text C:\WINDOWS\System32\svchost.exe[896] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A

.text C:\WINDOWS\System32\svchost.exe[896] WS2_32.dll!socket 71A73B91 5 Bytes JMP 031C0000

.text C:\WINDOWS\System32\svchost.exe[896] WININET.dll!InternetOpenA 771A6D2A 5 Bytes JMP 031D0000

.text C:\WINDOWS\System32\svchost.exe[896] WININET.dll!InternetOpenUrlA 771A6FDD 5 Bytes JMP 031D0FD4

.text C:\WINDOWS\System32\svchost.exe[896] WININET.dll!InternetOpenW 771B6CF3 5 Bytes JMP 031D0FE5

.text C:\WINDOWS\System32\svchost.exe[896] WININET.dll!InternetOpenUrlW 771B7304 5 Bytes JMP 031D0FC3

.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[952] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007A0000

Compartilhar este post


Link para o post
Compartilhar em outros sites

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007A0F6D

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007A0062

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007A0F88

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007A0047

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007A002C

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007A009F

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007A008E

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007A0F1E

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007A00C1

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 007A00D2

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 007A0FA5

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 007A0FEF

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 007A007D

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 007A0FC0

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 007A001B

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 007A00B0

.text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A

.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00790025

.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00790073

.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00790FCA

.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00790000

.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00790058

.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00790047

.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00790FE5

.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00790036

.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A

.text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ]

.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\system32\svchost.exe[952] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A

.text C:\WINDOWS\system32\svchost.exe[952] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A

.text C:\WINDOWS\system32\svchost.exe[952] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A

.text C:\WINDOWS\system32\svchost.exe[952] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A

.text C:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00770000

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\Ati2evxx.exe[1040] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A40FEF

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A40F57

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A4004C

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A4003B

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A40F72

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A40014

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A40F30

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A40078

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A400BF

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A400AE

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00A400D0

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00A40F83

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A40FDE

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00A40067

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00A40F9E

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00A40FB9

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00A40093

.text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A

.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00A30FCA

.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00A30F9B

.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00A30011

.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00A30000

.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00A30058

.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00A30047

.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00A30FE5

.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00A30036

.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A

.text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ]

.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A

.text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A

.text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A

.text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A

.text C:\WINDOWS\system32\svchost.exe[1076] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00A0000A

.text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetOpenA 771A6D2A 5 Bytes JMP 00A10000

.text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetOpenUrlA 771A6FDD 5 Bytes JMP 00A10038

.text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetOpenW 771B6CF3 5 Bytes JMP 00A1001B

.text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetOpenUrlW 771B7304 5 Bytes JMP 00A10049

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1224] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1224] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1224] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\system32\spoolsv.exe[1224] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\spoolsv.exe[1224] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A0FEF

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008A00AE

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008A009D

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008A0082

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008A0065

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008A0040

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008A0F7C

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008A0F8D

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008A0F35

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008A0F50

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 008A00E9

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 008A0FB9

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008A000A

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreatePipe 7C81DD9A 1 Byte [ E9 ]

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreatePipe + 2 7C81DD9C 3 Bytes [ 31, 08, 84 ]

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 008A0FD4

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 008A001B

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 008A0F61

.text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A

.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00890039

.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00890FAF

.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 0089001E

.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00890FDE

.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00890076

.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A

.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 0089005B

.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00890FEF

.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 0089004A

.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A

.text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ]

.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A

.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A

.text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A

.text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A

.text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\cisvc.exe[1316] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\system32\cisvc.exe[1316] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\cisvc.exe[1316] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\system32\cisvc.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\cisvc.exe[1316] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ]

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01660000

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 016600A8

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01660097

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0166007A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01660069

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0166004E

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01660F7D

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 016600C5

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01660116

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 016600FB

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F890F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 01660127

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 01660FBD

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01660011

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 01660F98

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 01660033

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 01660022

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 016600EA

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 01650FD4

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 01650FB2

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 01650025

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 01650014

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 01650FC3

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F800F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 01650065

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 01650FEF

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 01650040

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 87, 5F ]

Compartilhar este post


Link para o post
Compartilhar em outros sites

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 87, 5F ]

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F830F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ]

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] WS2_32.dll!socket 71A73B91 5 Bytes JMP 01630FEF

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A

.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4C, 5F ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3A, 5F ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F690F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F720F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F240F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F210F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7E0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F570F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0041C3C0 c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6F0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F660F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3C0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5A0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3F0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F330F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6C0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F600F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5D0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F630F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F750F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4E0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F420F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F450F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7C, 5F ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F510F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1E0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F780F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1B0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F480F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F360F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 55, 5F ]

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F300F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2D0F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F270F5A

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2A0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

Compartilhar este post


Link para o post
Compartilhar em outros sites

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\UAService7.exe[2032] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\system32\UAService7.exe[2032] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\UAService7.exe[2032] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\WINDOWS\System32\bcmwltry.exe[2172] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\bcmwltry.exe[2172] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\System32\bcmwltry.exe[2172] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\bcmwltry.exe[2172] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\System32\bcmwltry.exe[2172] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\System32\bcmwltry.exe[2172] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F790F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\WLTRAY.exe[2508] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\system32\WLTRAY.exe[2508] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\WLTRAY.exe[2508] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\system32\WLTRAY.exe[2508] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\WLTRAY.exe[2508] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ]

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ]

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ]

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

Compartilhar este post


Link para o post
Compartilhar em outros sites

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ]

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ]

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\QuickTime\qttask.exe[2584] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!GetKeyboardState 77D2EF35 5 Bytes JMP 0684FB80 C:\Arquivos de programas\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!FindWindowA 77D4F3C6 5 Bytes JMP 0686F0C0 C:\Arquivos de programas\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!FindWindowExA 77D4F7D0 5 Bytes JMP 0686F0F0 C:\Arquivos de programas\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil)

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\stsystra.exe[2816] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\stsystra.exe[2816] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\stsystra.exe[2816] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\stsystra.exe[2816] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\stsystra.exe[2816] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\stsystra.exe[2816] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\stsystra.exe[2816] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\stsystra.exe[2816] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\stsystra.exe[2816] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\stsystra.exe[2816] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\stsystra.exe[2816] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\WINDOWS\stsystra.exe[2816] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\stsystra.exe[2816] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\stsystra.exe[2816] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\stsystra.exe[2816] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\stsystra.exe[2816] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\stsystra.exe[2816] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\stsystra.exe[2816] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\stsystra.exe[2816] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\stsystra.exe[2816] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\WINDOWS\stsystra.exe[2816] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\stsystra.exe[2816] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\stsystra.exe[2816] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\stsystra.exe[2816] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\stsystra.exe[2816] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\stsystra.exe[2816] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2848] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2848] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2848] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\system32\ctfmon.exe[2848] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\system32\ctfmon.exe[2848] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

Compartilhar este post


Link para o post
Compartilhar em outros sites

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ]

.text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ]

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ]

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A

.text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A

.text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A

.text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A

.text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]

.text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A

.text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A

.text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A

.text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A

.text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A

.text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A

.text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ]

.text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ]

.text C:\WINDOWS\System32\alg.exe[3540] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A

.text C:\WINDOWS\System32\alg.exe[3540] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A

.text C:\WINDOWS\System32\alg.exe[3540] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A

.text C:\WINDOWS\System32\alg.exe[3540] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A

.text C:\WINDOWS\System32\alg.exe[3540] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A

.text C:\WINDOWS\System32\alg.exe[3540] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A

.text C:\WINDOWS\System32\alg.exe[3540] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A

.text C:\WINDOWS\System32\alg.exe[3540] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A

.text C:\WINDOWS\System32\alg.exe[3540] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A

.text C:\WINDOWS\System32\alg.exe[3540] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000

Compartilhar este post


Link para o post
Compartilhar em outros sites

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

Compartilhar este post


Link para o post
Compartilhar em outros sites

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7D0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

Compartilhar este post


Link para o post
Compartilhar em outros sites

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7D0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000

IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F180000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F180000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F180000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F180000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F180000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F180000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F180000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F180000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 5F180000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 5F140000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] 5F180000

IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] 5F140000

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \FileSystem\Fastfat \Fat kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation)

AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×