Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Guguets

Me ajudem, não sei o que é esse Spyware!

Recommended Posts

Contraí um Spyware desconhecido, utilizei o Spybot-SD, ele limpou tudo (trojans,keyloggers,registros, etc) porém, o Spyware mudou meu plano de fundo e agora não consigo muda-lo para o normal.

Gostaria de uma ajuda, e segue log do DDS para análise:

DDS (Version 1.0.1) - NTFSx86

Run by Principal at 20:14:39,59 on 15/12/2008

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.1024.464 [GMT -2:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe

c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe

C:\Arquivos de programas\McAfee\VirusScan\McShield.exe

C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe

C:\Arquivos de programas\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\system32\wdfmgr.exe

C:\WINDOWS\Explorer.EXE

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Ahead\Nero BackItUp\NBJ.exe

C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe

C:\Arquivos de programas\MSN Messenger\msnmsgr.exe

C:\Arquivos de programas\MSN Messenger\usnsvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Principal\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.br/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

mWinlogon: Userinit=userinit.exe

BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

BHO: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\arquivos de programas\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\arquivos de programas\java\jre6\bin\ssv.dll

BHO: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\arquivos de programas\mcafee\virusscan\scriptsn.dll

BHO: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\arquivos de programas\arquivos comuns\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AE7CD045-E861-484f-8273-0445EE161910} - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

BHO: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - c:\windows\downloaded program files\gbiehuni.dll

BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\arquivos de programas\java\jre6\bin\jp2ssv.dll

BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\arquivos de programas\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\arquivos de programas\yahoo!\companion\installs\cpn\yt.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe

uRun: [NBJ] "c:\arquivos de programas\ahead\nero backitup\NBJ.exe"

uRun: [updateMgr] "c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1

uRun: [shareaza] "c:\arquivos de programas\shareaza\Shareaza.exe" -tray

uRun: [steam] "d:\my games\steam\counter strike source\steam.exe" -silent

uRun: [spybotSD TeaTimer] c:\arquivos de programas\spybot - search & destroy\TeaTimer.exe

mRun: [sunJavaUpdateSched] "c:\arquivos de programas\java\jre6\bin\jusched.exe"

mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe

mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd

mRun: [Acrobat Assistant 7.0] "c:\arquivos de programas\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [<NO NAME>]

mRun: [TkBellExe] "c:\arquivos de programas\arquivos comuns\real\update_ob\realsched.exe" -osboot

mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

mRun: [mcagent_exe] c:\arquivos de programas\mcafee.com\agent\mcagent.exe /runkey

mRun: [EPSON Stylus C63 Series] c:\windows\system32\spool\drivers\w32x86\3\E_S4I4C1.EXE /P23 "EPSON Stylus C63 Series" /O6 "USB001" /M "Stylus C63"

dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1034-4700-7760-000000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adobeg~1.lnk - c:\arquivos de programas\arquivos comuns\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~1.lnk - c:\arquivos de programas\adobe\reader 8.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\menuin~1\progra~1\inicia~1\adober~2.lnk - c:\arquivos de programas\adobe\reader 8.0\reader\AdobeCollabSync.exe

uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: DisableRegistryTools = 1 (0x1)

IE: Converter destino de link em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter destino de link em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Converter links selecionados em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Converter links selecionados em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Converter seleção em Adobe PDF - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Converter seleção em PDF existente - c:\arquivos de programas\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\micros~2\office11\EXCEL.EXE/3000

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\arquiv~1\micros~2\office11\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\arquiv~1\spybot~1\SDHelper.dll

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\arquivos de programas\messenger\msmsgs.exe

SEH: {E37CB5F0-51F5-4395-A808-5FA49E399008} - c:\windows\downloaded program files\gbiehuni.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\princi~1\dadosd~1\mozilla\firefox\profiles\tre0szbw.default\

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-8-22 201320]

R2 McProxy;McAfee Proxy Service;c:\arquiv~1\arquiv~1\mcafee\mcproxy\mcproxy.exe [2008-8-22 359248]

R2 McShield;McAfee Real-time Scanner;c:\arquivos de programas\mcafee\virusscan\McShield.exe [2008-8-22 144704]

R3 McSysmon;McAfee SystemGuards;c:\arquiv~1\mcafee\viruss~1\mcsysmon.exe [2008-8-22 695624]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-8-22 79304]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-8-22 35240]

R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-8-22 40488]

R3 slnt;Real RTL8139 PCI Fast Ethernet Adapter;c:\windows\system32\drivers\slnt.sys [2007-6-15 18004]

S3 DMSKSSRh;DMSKSSRh;\??\c:\docume~1\princi~1\config~1\temp\DMSKSSRh.sys []

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-8-22 33832]

S3 npkycryp;npkycryp;\??\c:\arquivos de programas\gravity\ro\npkycryp.sys []

S3 XDva009;XDva009;\??\c:\windows\system32\XDva009.sys []

S3 XDva019;XDva019;\??\c:\windows\system32\XDva019.sys []

S3 XDva026;XDva026;\??\c:\windows\system32\XDva026.sys []

S3 XDva028;XDva028;\??\c:\windows\system32\XDva028.sys []

S3 XDva032;XDva032;\??\c:\windows\system32\XDva032.sys []

S3 XDva033;XDva033;\??\c:\windows\system32\XDva033.sys []

S3 XDva038;XDva038;\??\c:\windows\system32\XDva038.sys []

S3 XDva072;XDva072;\??\c:\windows\system32\XDva072.sys []

S3 XDva074;XDva074;\??\c:\windows\system32\XDva074.sys []

S3 XDva134;XDva134;\??\c:\windows\system32\XDva134.sys []

S3 XDva168;XDva168;\??\c:\windows\system32\XDva168.sys []

=============== Created Last 30 ================

2008-12-15 18:56 250 a------- c:\windows\gmer.ini

2008-12-15 18:41 <DIR> --d----- c:\arquivos de programas\arquivos comuns\Wise Installation Wizard

2008-12-14 16:56 <DIR> -cd----- c:\arquivos de programas\Spybot - Search & Destroy

2008-12-14 16:56 <DIR> --d----- c:\docume~1\alluse~1\dadosd~1\Spybot - Search & Destroy

2008-12-14 15:15 109 a--sh--- c:\windows\system32\1083278476.dat

2008-12-14 15:10 71,168 ac------ C:\U.exe

2008-12-13 16:08 15,532 ac------ C:\disturbed-719854.jpg

2008-12-09 00:31 <DIR> -cd----- c:\arquivos de programas\Gravity

2008-11-18 18:22 <DIR> -cd----- c:\arquivos de programas\OGPlanet

==================== Find3M ====================

2008-12-09 00:31 65,536 ac------ c:\windows\IFinst27.exe

2008-11-01 12:46 30 a------- c:\documents and settings\principal\jagex_runescape_preferences.dat

2008-10-24 09:10 453,632 a------- c:\windows\system32\drivers\mrxsmb.sys

2008-10-23 11:00 283,648 a------- c:\windows\system32\gdi32.dll

2008-10-16 08:39 661,504 a------- c:\windows\system32\wininet.dll

2008-10-13 16:07 433,250 a------- c:\windows\system32\perfh016.dat

2008-10-13 16:07 69,374 a------- c:\windows\system32\perfc016.dat

2008-10-03 08:16 247,326 a------- c:\windows\system32\strmdll.dll

2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll

2001-11-23 02:08 712,704 ac---r-- c:\windows\inf\other\AUDIO3D.DLL

2007-06-28 22:14 6,409 ---sh--- c:\windows\system32\utstv.bak1

2007-07-26 19:13 714,973 ---sh--- c:\windows\system32\utstv.bak2

============= FINISH: 20:15:26,78 ===============

Editado por Guguets
Resumi a análise do tópico, + simples.

Compartilhar este post


Link para o post
Compartilhar em outros sites
 

Log do GMER Rootkit Scan

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-15 19:11:58

Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.14 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xF57B29AA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xF57B2A41]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xF57B2958]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xF57B296C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xF57B2A55]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF57B2A81]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xF57B2AEF]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xF57B2AD9]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF57B29EA]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xF57B2B1B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xF57B2A2D]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xF57B2930]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xF57B2944]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xF57B29BE]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xF57B2B57]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xF57B2AC3]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xF57B2AAD]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xF57B2A6B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xF57B2B43]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xF57B2B2F]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xF57B2996]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xF57B2982]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xF57B2A97]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF57B2A19]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xF57B2B05]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF57B2A00]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xF57B29D4]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!ZwYieldExecution 804F8B8D 7 Bytes JMP F57B29D8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwOpenKey 80567D7B 5 Bytes JMP F57B2A31 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwQueryValueKey 8056B183 7 Bytes JMP F57B2AB1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!NtSetInformationProcess 8056BDCD 5 Bytes JMP F57B2986 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwCreateKey 8056E829 5 Bytes JMP F57B2A45 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwQueryKey 8056EC39 7 Bytes JMP F57B2B5B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwEnumerateKey 8056EF30 7 Bytes JMP F57B2AF3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!NtCreateFile 8056FC78 5 Bytes JMP F57B29AE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwUnmapViewOfSection 80571F71 5 Bytes JMP F57B2A04 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!NtMapViewOfSection 805723EC 7 Bytes JMP F57B29EE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!NtOpenProcess 80572D86 5 Bytes JMP F57B2934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80573135 7 Bytes JMP F57B29C2 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwSetValueKey 80573D0D 7 Bytes JMP F57B2A9B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwEnumerateValueKey 8057FC04 7 Bytes JMP F57B2ADD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwCreateProcessEx 80581F0E 7 Bytes JMP F57B2970 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwTerminateProcess 805847CC 5 Bytes JMP F57B2A1D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!NtOpenThread 8058C892 5 Bytes JMP F57B2948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwNotifyChangeKey 80590EA2 5 Bytes JMP F57B2B1F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwDeleteValueKey 80593B38 1 Byte [ E9 ]

PAGE ntoskrnl.exe!ZwDeleteValueKey + 2 80593B3A 5 Bytes [ EF, 21, 75, 90, 90 ]

PAGE ntoskrnl.exe!ZwDeleteKey 805951C2 7 Bytes JMP F57B2A59 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwCreateProcess 805B0B34 5 Bytes JMP F57B295C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwSetContextThread 8062C493 5 Bytes JMP F57B299A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwRestoreKey 8064C0D2 5 Bytes JMP F57B2B33 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwUnloadKey 8064C3A7 7 Bytes JMP F57B2B09 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064CC74 7 Bytes JMP F57B2AC7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwRenameKey 8064D0B9 7 Bytes JMP F57B2A6F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwReplaceKey 8064D5AE 2 Bytes JMP F57B2B47 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

PAGE ntoskrnl.exe!ZwReplaceKey + 3 8064D5B1 2 Bytes [ 16, 75 ]

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A000A

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A006E

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0F79

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0053

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F8A

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A002C

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A00A6

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0089

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00B7

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0F1E

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A00DC

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0FA5

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FE5

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0F5E

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0FC0

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A001B

.text C:\WINDOWS\System32\svchost.exe[524] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F43

.text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00280036

.text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00280087

.text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00280025

.text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 0028000A

.text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 0028006C

.text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00280FCA

.text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00280FEF

.text C:\WINDOWS\System32\svchost.exe[524] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00280051

.text C:\WINDOWS\System32\svchost.exe[524] WS2_32.dll!socket 71A73B91 5 Bytes JMP 006D0FEF

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01770000

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01770044

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01770033

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01770F59

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01770022

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01770F9B

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0177007C

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0177005F

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01770EFE

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01770F0F

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 017700B2

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 01770F8A

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 01770FE5

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 01770F34

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 01770FB6

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 01770011

.text C:\WINDOWS\Explorer.EXE[824] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0177008D

.text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 01760047

.text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 01760FC3

.text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 01760036

.text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 0176001B

.text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 01760080

.text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 01760FD4

.text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 01760000

.text C:\WINDOWS\Explorer.EXE[824] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 01760FE5

.text C:\WINDOWS\Explorer.EXE[824] WININET.dll!InternetOpenW 7719AED5 5 Bytes JMP 01740FEF

.text C:\WINDOWS\Explorer.EXE[824] WININET.dll!InternetOpenA 771A574E 5 Bytes JMP 0174000A

.text C:\WINDOWS\Explorer.EXE[824] WININET.dll!InternetOpenUrlA 771A5A01 5 Bytes JMP 01740FD4

.text C:\WINDOWS\Explorer.EXE[824] WININET.dll!InternetOpenUrlW 771B5B4A 5 Bytes JMP 01740FAD

.text C:\WINDOWS\Explorer.EXE[824] WS2_32.dll!socket 71A73B91 5 Bytes JMP 01730000

.text C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!FreeLibrary 7C80ABDE 5 Bytes JMP 1002C3CF C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (Gbieh Module/Banco Unibanco)

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00070000

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00070071

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070060

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00070F7C

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00070039

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00070F9E

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 000700A9

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00070098

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000700D5

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070F46

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 000700F0

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00070F8D

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00070FE5

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00070F61

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00070FAF

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00070FD4

.text C:\WINDOWS\system32\services.exe[904] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 000700C4

.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00060FC0

.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 0006005B

.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00060011

.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00060000

.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00060040

.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00060F9E

.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00060FE5

.text C:\WINDOWS\system32\services.exe[904] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00060FAF

.text C:\WINDOWS\system32\services.exe[904] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00040FEF

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EB0000

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00EB0F6F

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00EB0F80

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00EB0058

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00EB0047

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00EB0FA5

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00EB00AB

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00EB009A

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00EB0F48

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00EB00E1

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00EB0F2D

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00EB002C

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00EB0011

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00EB007F

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00EB0FC0

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00EB0FD1

.text C:\WINDOWS\system32\lsass.exe[916] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00EB00D0

.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00EA0FC0

.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00EA0F8A

.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00EA0FD1

.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00EA0011

.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00EA0F9B

.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00EA0047

.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00EA0000

.text C:\WINDOWS\system32\lsass.exe[916] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00EA002C

.text C:\WINDOWS\system32\lsass.exe[916] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00E80FEF

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C7000A

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C70F80

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C70F9B

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C70069

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C70058

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C70036

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C70F39

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C70F4A

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C70F1E

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C700B7

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C70F0D

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C70047

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C70FEF

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C70F5B

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C70025

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C70FD4

.text C:\WINDOWS\system32\svchost.exe[1072] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C7009C

.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00C6000A

.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00C60F83

.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00C60FB9

.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00C60FDE

.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00C60040

.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00C60F9E

.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00C60FEF

.text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00C6001B

.text C:\WINDOWS\system32\svchost.exe[1072] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00C40FE5

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00840FEF

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00840076

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 0084005B

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00840F81

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00840F9E

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00840040

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008400B6

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00840F64

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008400DB

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00840F42

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00840F27

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00840FB9

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0084000A

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 0084009B

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00840FD4

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0084002F

.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00840F53

.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00830FC3

.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 0083005B

.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00830FD4

.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 0083000A

.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 0083004A

.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW 77F78F7D 3 Bytes JMP 0083002F

.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyW + 4 77F78F81 1 Byte [ 88 ]

.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA 77F7C41B 3 Bytes JMP 00830FEF

.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegOpenKeyA + 4 77F7C41F 1 Byte [ 88 ]

.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 3 Bytes JMP 00830FA8

.text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!RegCreateKeyA + 4 77F7D5BF 1 Byte [ 88 ]

.text C:\WINDOWS\system32\svchost.exe[1148] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00810000

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 02760000

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 027600B5

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 02760FB6

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0276008E

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 02760FD1

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 02760058

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 027600E6

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 02760F94

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 02760F61

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 02760F72

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 02760F50

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 02760069

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0276001B

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 02760FA5

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 02760047

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 02760036

.text C:\WINDOWS\System32\svchost.exe[1292] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 02760F83

.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 02750F94

.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 02750011

.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 02750FAF

.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 02750FD4

.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 02750000

.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 02750F5E

.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 02750FE5

.text C:\WINDOWS\System32\svchost.exe[1292] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 02750F79

.text C:\WINDOWS\System32\svchost.exe[1292] WS2_32.dll!socket 71A73B91 5 Bytes JMP 020D0FE5

.text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenW 7719AED5 5 Bytes JMP 02170014

.text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenA 771A574E 5 Bytes JMP 02170FEF

.text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenUrlA 771A5A01 5 Bytes JMP 02170FDE

.text C:\WINDOWS\System32\svchost.exe[1292] WININET.dll!InternetOpenUrlW 771B5B4A 5 Bytes JMP 02170FCD

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 0077000A

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00770F8A

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00770FAF

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00770FC0

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0077007D

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00770047

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007700CB

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007700A4

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007700F0

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00770F57

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00770F3C

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00770062

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00770FEF

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00770F79

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00770036

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00770025

.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00770F68

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00760025

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00760062

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00760FCA

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00760FE5

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00760FA5

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00760051

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00760000

.text C:\WINDOWS\system32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00760036

.text C:\WINDOWS\system32\svchost.exe[1336] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00740FEF

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00930FE5

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 009300AC

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00930091

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00930076

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00930FB9

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00930036

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 009300D8

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 009300C7

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009300E9

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00930F50

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00930F2B

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0093005B

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 0093000A

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00930F9C

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00930FCA

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 0093001B

.text C:\WINDOWS\system32\svchost.exe[1448] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00930F6B

.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 0092001B

.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00920F72

.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00920FCA

.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00920000

.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00920F8D

.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00920F9E

.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00920FE5

.text C:\WINDOWS\system32\svchost.exe[1448] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00920FAF

.text C:\WINDOWS\system32\svchost.exe[1448] WS2_32.dll!socket 71A73B91 5 Bytes JMP 008F000A

.text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenW 7719AED5 5 Bytes JMP 0090000A

.text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenA 771A574E 5 Bytes JMP 00900FEF

.text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenUrlA 771A5A01 5 Bytes JMP 0090001B

.text C:\WINDOWS\system32\svchost.exe[1448] WININET.dll!InternetOpenUrlW 771B5B4A 5 Bytes JMP 00900038

.text C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe[1552] USER32.dll!GetKeyState 7E36C505 5 Bytes JMP 1002CA6A C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (Gbieh Module/Banco Unibanco)

.text C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe[1552] USER32.dll!GetKeyboardState 7E36EF29 5 Bytes JMP 1002C10D C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (Gbieh Module/Banco Unibanco)

.text C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe[1552] USER32.dll!GetAsyncKeyState 7E36F3B3 5 Bytes JMP 1002BBE5 C:\WINDOWS\Downloaded Program Files\gbiehuni.dll (Gbieh Module/Banco Unibanco)

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[2000] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[2000] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 0041C3C0 c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!LoadResource 7C809FB5 7 Bytes JMP 28001CC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!FindResourceExW 7C80AC88 7 Bytes JMP 28001B00 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!FindResourceW 7C80BBCE 7 Bytes JMP 28001A80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!SizeofResource 7C80BC69 7 Bytes JMP 28001D80 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!FindResourceA 7C80BE89 7 Bytes JMP 28001B90 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!LockResource 7C80CC97 5 Bytes JMP 28001DF0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!CreateEventA 7C8308AD 5 Bytes JMP 28001840 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!FindResourceExA 7C835F78 7 Bytes JMP 28001C20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Arquivos de programas\MSN Messenger\msnmsgr.exe (Messenger/Microsoft Corporation)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] kernel32.dll!OutputDebugStringW 7C85A42D 5 Bytes JMP 28001E50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] ADVAPI32.dll!CryptDeriveKey 77F6A685 7 Bytes JMP 28001000 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] ADVAPI32.dll!CryptDecrypt 77F6A7B1 2 Bytes JMP 28001060 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] ADVAPI32.dll!CryptDecrypt + 3 77F6A7B4 4 Bytes [ 09, B0, CC, CC ]

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!PeekMessageW 7E36929B 5 Bytes JMP 28004090 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!CreateWindowExW 7E36FC25 5 Bytes JMP 28003820 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!SetWindowRgn 7E36FFB2 7 Bytes JMP 28005980 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!LoadIconW 7E370894 5 Bytes JMP 280062B0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!LoadImageW 7E372CFE 5 Bytes JMP 280060C0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!CreateDialogParamW 7E377D4F 5 Bytes JMP 28005AC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!SetWindowPlacement 7E37D84C 5 Bytes JMP 28005840 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 28005CB0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] USER32.dll!TrackPopupMenuEx 7E3BCD28 5 Bytes JMP 28004970 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WS2_32.dll!send 71A7428A 5 Bytes JMP 2800A180 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WS2_32.dll!WSARecv 71A74318 5 Bytes JMP 28009F60 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WS2_32.dll!recv 71A7615A 5 Bytes JMP 28009DC0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WS2_32.dll!WSASend 71A76233 5 Bytes JMP 2800A360 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WS2_32.dll!closesocket 71A79639 5 Bytes JMP 2800A5A0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] SHELL32.dll!Shell_NotifyIconW 7CA21B92 5 Bytes JMP 28002FE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] ole32.dll!CoInitializeEx 774DEF6B 5 Bytes JMP 28002100 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] ole32.dll!CoRegisterClassObject 774F8720 5 Bytes JMP 28002200 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WININET.dll!HttpOpenRequestA 771A368D 2 Bytes JMP 28008BE0 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WININET.dll!HttpOpenRequestA + 3 771A3690 2 Bytes [ E6, B0 ]

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WININET.dll!InternetCloseHandle 771A4D4C 5 Bytes JMP 28008F20 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WININET.dll!HttpSendRequestA 771A60D9 5 Bytes JMP 28008E50 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\Arquivos de programas\MSN Messenger\msnmsgr.exe[2380] WININET.dll!InternetReadFile 771A828C 5 Bytes JMP 28008D70 C:\Arquivos de programas\Messenger Plus! Live\MsgPlusLive.dll (Messenger Plus! Live Add-On/Patchou)

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001B0FEF

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001B005D

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001B0F72

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001B004C

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001B002F

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001B0F9E

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001B0F28

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001B0F43

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001B0EF2

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001B0F03

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001B009C

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001B0F8D

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001B000A

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001B006E

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001B0FC3

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001B0FD4

.text C:\WINDOWS\system32\wuauclt.exe[2504] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001B008B

.text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 002A002F

.text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 002A0FA1

.text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 002A0FDE

.text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 002A0014

.text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 002A005E

.text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 002A0FBC

.text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 002A0FEF

.text C:\WINDOWS\system32\wuauclt.exe[2504] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 002A0FCD

---- Devices - GMER 1.0.14 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)

---- EOF - GMER 1.0.14 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×