Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Gerson Tavares

Vírus no iexplore.exe

Recommended Posts

Salve galera do Clube do Hardware. Estou com um empecilho que tá tirando minha paciência. Há mais ou menos uma semana, apareceu um aviso no avast: "URL bloqueada". Como isso acontecia de vez em quando, não dei bola e continuei o que estava fazendo. Porém, logo esse alerta foi ficando mais frequente, ficando a aparecer mesmo que não estivesse navegando em alguma página.

Sempre usei, e uso, o firefox ou Chrome (muito raramente), nunca IE. Mas parece que o vírus se alastrou nele.

A mensagem aparece regularmente, estando ou não na internet, independente do que eu esteja fazendo no computador. A mensagem exibida pelo avast é essa: http://imageshack.us/photo/my-images/593/avastn.png/

e quando eu abro o IE, aparece esta:

http://imageshack.us/photo/my-images/860/35028341.png/

Após isso, fiz um escaneamento pelo avast, foi achado 5 vírus, os quais eu removi 3, e movi dois para a quarentena. (há uns dois dias atrás)

Hoje, fiz um escaneamento do Malwarebytes, o qual não acusou nada:

http://img684.imageshack.us/img684/5604/malwarebytese.png

Já fiz um novo escaneamento pelo avast, que também não acusou nada e usei o CCleaner, que também não ajudou em nada.

Não sei mais o que fazer, o computador está super lento, afetando na internet também, que tá parecendo internet discada, e estou sem tempo de formatar. Alguma dica do que fazer? Desde já agradeço.

E segue abaixo um log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 23:17:23, on 03/04/2012

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16912)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\TVR\RecSche.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\WINDOWS\winservices.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\Gerson\Downloads\HijackThis.exe

C:\Users\Gerson\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gerson\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\rundll32.exe

C:\Users\Gerson\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\notepad.exe

C:\Windows\system32\mspaint.exe

C:\Users\Gerson\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Gerson\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nmd.msn.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={EFFF9CD5-9830-4595-BBFB-41C8B0822963}&mid=10a7bf2aa84847d090d6c131945a34dc-06050e277f64d1ccca6d2151ed49f9cb1323dc9e〈=pt-br&ds=st011&pr=sa&d=2012-03-25 02:17:40&v=10.0.0.7&sap=hp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazernainternet.com/q/%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s

O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TVR\RecSche.exe"

O4 - HKLM\..\Run: [stillImageMonitor] C:\W

O4 - HKLM\..\Run: [scanRegistry] C:\W

O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices

O4 - HKLM\..\Run: [OiVelox] C:\Program Files\Oi\Programmer\OiVeloxCheck.exe

O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [WinServices] C:\WINDOWS\winservices.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Google Update] "C:\Users\Gerson\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - .DEFAULT User Startup: Think Green Weather.lnk = C:\Program Files\Stardock\DesktopGadgets\Think Green Weather\Think Green Weather.exe (User 'Default user')

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000

O9 - Extra button: Incluir no Blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Incluir no Blog no Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{282AE476-8D28-4430-9E8F-6CB056553178}: NameServer = 200.149.55.140,200.202.193.71

O17 - HKLM\System\CS1\Services\Tcpip\..\{282AE476-8D28-4430-9E8F-6CB056553178}: NameServer = 200.149.55.140,200.202.193.71

O17 - HKLM\System\CS2\Services\Tcpip\..\{282AE476-8D28-4430-9E8F-6CB056553178}: NameServer = 200.149.55.140,200.202.193.71

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: lxda_device - - C:\Windows\system32\lxdacoms.exe

O23 - Service: Personalization Panel DWM controller (persdwmsrv) - winreview.ru - C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe

O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\Program Files\Stardock\MyColors\VistaSrv.exe

--

End of file - 9434 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá

Desculpe a demora :)

Postes os logs de acordo com Leia Antes de Postar - Criando um novo Tópico

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Valeu por responder, Diego :)

Peço desculpas, postei antes de ler o tópico do "leia antes de postar". Li ontem, depois de postar, mas não consegui editar o site com os três logs, dava erro e não quis responder o meu próprio tópico, como vocês recomendam.

Seguem abaixo:

o do DDS:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29

Run by Gerson at 20:18:03 on 2012-04-05

Microsoft Windows 7 Starter 6.1.7600.0.1252.55.1046.18.2038.965 [GMT -3:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

"C:\Windows\system32\svchost.exe"

"C:\Windows\system32\svchost.exe"

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Stardock\MyColors\VistaSrv.exe

C:\Program Files\Stardock\MyColors\WBVista.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\lxdacoms.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\TVR\RecSche.EXE

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Microsoft\BingBar\BingBar.exe

C:\WINDOWS\winservices.exe

C:\Program Files\Microsoft\BingBar\BingApp.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Stardock\MyColors\WBVista.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.avg.com/?cid={EFFF9CD5-9830-4595-BBFB-41C8B0822963}&mid=10a7bf2aa84847d090d6c131945a34dc-06050e277f64d1ccca6d2151ed49f9cb1323dc9e〈=pt-br&ds=st011&pr=sa&d=2012-03-25 02:17:40&v=10.0.0.7&sap=hp

uDefault_Page_URL = hxxp://nmd.msn.com

uSearchURL,(Default) = hxxp://www.oquefazernainternet.com/q/%s

mSearchAssistant = hxxp://www.oquefazernainternet.com/

mCustomizeSearch = hxxp://www.oquefazernainternet.com/

uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

BHO: Auxiliar de Conexão do Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"

BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun

uRun: [Google Update] "c:\users\gerson\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s

mRun: [RecSche] "c:\program files\tvr\RecSche.exe"

mRun: [stillImageMonitor] C:\W

mRun: [scanRegistry] C:\W

mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [OiVelox] c:\program files\oi\programmer\OiVeloxCheck.exe

mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe

mRun: [<NO NAME>]

mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"

mRun: [WinServices] c:\windows\winservices.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: &Enviar para o OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/pt/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{282AE476-8D28-4430-9E8F-6CB056553178} : NameServer = 200.149.55.140,200.202.193.71

TCP: Interfaces\{282AE476-8D28-4430-9E8F-6CB056553178} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\mif5ba~1\office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\gerson\appdata\roaming\mozilla\firefox\profiles\nvtqzf0y.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8bdb3636-e9e9-4a58-80e1-5e8e155f1bd8%7D&mid=10a7bf2aa84847d090d6c131945a34dc-06050e277f64d1ccca6d2151ed49f9cb1323dc9e&ds=st011&v=10.0.0.7〈=pt-br&pr=sa&d=2012-03-25%2002%3A17%3A40&sap=ku&q=

FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\users\gerson\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100995

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 70138fd80000000000001078d2bedd2f

FF - user.js: extensions.BabylonToolbar_i.hardId - 70138fd80000000000001078d2bedd2f

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15352

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:21:42

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-1-2 612184]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-3 337880]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-3 20696]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-3 57688]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2012-3-15 44768]

R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]

R2 persdwmsrv;Personalization Panel DWM controller;c:\program files\winreview.ru\personalization panel dwm controller\persdwmsrv.exe [2011-5-28 7680]

R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [2011-2-15 795776]

R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-2-15 327784]

S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]

S2 gupdate;Serviço do Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-2-13 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 253600]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2011-2-15 54632]

S3 fsssvc;Serviço Windows Live Proteção para a Família;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]

S3 gupdatem;Serviço do Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-2-13 136176]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2011-9-29 21632]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]

.

=============== Created Last 30 ================

.

2012-04-05 22:06:57 56200 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{62c04760-b81b-4492-b617-60a1bce2648f}\offreg.dll

2012-04-04 01:11:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-29 14:40:50 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-03-25 05:49:04 -------- d-----w- c:\users\gerson\appdata\local\NFS Underground 2

2012-03-25 05:30:40 -------- d-----w- c:\program files\EA GAMES

2012-03-25 05:17:07 -------- d--h--w- c:\programdata\Common Files

2012-03-25 05:15:24 -------- d-----w- c:\program files\PowerISO

2012-03-18 17:46:44 -------- d-----w- c:\users\gerson\appdata\roaming\YoudaGames

2012-03-18 17:46:23 -------- d-----w- c:\program files\DRACOLISCO DOWNLOAD

2012-03-18 16:53:14 -------- d-----w- c:\programdata\Trymedia

2012-03-18 05:50:14 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2012-03-18 05:50:14 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll

2012-03-17 00:34:43 -------- d-----w- c:\program files\VideoLAN

2012-03-11 18:41:35 -------- d-----w- c:\users\gerson\appdata\local\Ares

2012-03-11 18:09:47 -------- d-----w- c:\users\gerson\appdata\roaming\bsnes

2012-03-10 01:38:50 -------- d-----w- c:\program files\VS Revo Group

.

==================== Find3M ====================

.

2012-03-29 15:03:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-10 00:20:28 20266496 ----a-w- c:\windows\system32\imageres.dll

2012-03-07 00:15:19 41184 ----a-w- c:\windows\avastSS.scr

2012-03-07 00:03:51 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-03-07 00:02:14 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-03-07 00:01:48 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-02-24 18:01:32 472808 ----a-w- c:\windows\system32\deployJava1.dll

2012-02-20 23:39:07 472576 ----a-w- c:\windows\AutoKMS.exe

2012-02-09 06:06:40 112096 ----a-w- c:\windows\system32\drivers\scdemu.sys

2012-01-23 03:25:04 124468 ----a-w- c:\windows\winservices.exe

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 6.1.7600

.

CreateFile("\\.\PHYSICALDRIVE0"): O arquivo já está sendo usado por outro processo.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntoskrnl.exe >>UNKNOWN [0x85E23A2E]<<

_asm { MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH EBX; MOV EBX, [EBP+0xc]; MOV EAX, [EBX+0x60]; PUSH ESI; MOV ESI, [EBP+0x8]; CMP ESI, [0x85e26180]; JZ 0x25; PUSH EBX; PUSH ESI; CALL [0x85e26178]; }

1 nt!IofCallDriver[0x82C72EE0] -> \Device\Harddisk0\DR0[0x85A114C8]

\Driver\Disk[0x85A103A0] -> IRP_MJ_READ -> 0x85E23A2E

kernel: MBR read successfully

_asm { XOR EAX, EAX; MOV DS, AX; NOP ; MOV ES, AX; NOP ; MOV SS, AX; MOV SP, 0x7c00; CLD ; MOV SI, 0x7c00; MOV DI, 0x600; NOP ; MOV CX, 0x80; NOP ; REP MOVSD ; NOP ; JMP FAR 0x0:0x624; }

user != kernel MBR !!!

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 20:20:04,71 ===============

Compartilhar este post


Link para o post
Compartilhar em outros sites

Agora o do Attach:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Starter

Boot Device: \Device\HarddiskVolume1

Install Date: 03/12/2011 18:18:24

System Uptime: 05/04/2012 19:04:03 (1 hours ago)

.

Motherboard: | | TIGD-CI4

Processor: Intel® Atom CPU D425 @ 1.80GHz | CPU 1 | 1795/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 223 GiB total, 124,783 GiB free.

D: is FIXED (NTFS) - 10 GiB total, 5,757 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP53: 09/03/2012 21:16:48 - Removed Google Earth Plug-in.

RP55: 09/03/2012 22:41:02 - Revo Uninstaller's restore point - Counter-Strike 1.6

RP57: 09/03/2012 22:49:37 - Revo Uninstaller's restore point - Stardock MyColors

RP59: 09/03/2012 22:55:37 - Revo Uninstaller's restore point - Stardock MyColors

RP61: 18/03/2012 14:09:02 - Revo Uninstaller's restore point - Governor of Poker 2

RP63: 31/03/2012 12:47:40 - Revo Uninstaller's restore point - Ares 2.1.8

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 11.6

Arquivo do WinRAR

Ask Toolbar

Assistente de Conexão do Windows Live

atualizador Ask Toolbar Updater

avast! Free Antivirus

Bing Bar

BitTorrent

BurnAware Free 3.0.2

Camtasia Studio 7

CCleaner

ConvertXtoDVD 4.1.19.365

Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Ferramenta de Carregamento do Windows Live

FormatFactory 2.80

Foxit Reader

Google Chrome

Google Update Helper

Governor of Poker 2 Deluxe 1.00

Intel® Graphics Media Accelerator Driver

Java Auto Updater

Java 6 Update 29

Junk Mail filter update

K-Lite Mega Codec Pack 4.7.5

Lexmark 640 Series

Malwarebytes Anti-Malware versão 1.60.1.1000

Megacubo 8.0.9

Messenger Plus! 5

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Mozilla Firefox 11.0 (x86 pt-BR)

MSVCRT

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB973685)

Need for Speed Underground 2

Oi Velox

Pando Media Booster

Personalization Panel

Personalization Panel DWM Controller

PowerISO

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Revo Uninstaller 1.93

Security Update for Microsoft InfoPath 2010 (KB2510065)

Security Update for Microsoft Office 2010 (KB2289078)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553353) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2409055)

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Word 2010 (KB2345000)

Stardock MyColors

swMSM

Uniblue SpeedUpMyPC 3

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2202188)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2523113)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition

Update for Microsoft Outlook Social Connector (KB2583935)

VLC media player 2.0.0

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live Mail

Windows Live Messenger

Windows Live Movie Maker

Windows Live Proteção para a Família

Windows Live Sync

Windows Live Writer

Windows Media Player Firefox Plugin

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

e, por fim, o do GMER:

GMER 1.0.15.15641 - http://www.gmer.net

Rootkit scan 2012-04-05 20:17:07

Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 rev.

Running: gmer.exe; Driver: C:\Users\Gerson\AppData\Local\Temp\ugloqpod.sys

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x89AE7DF8]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x900B6A5A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x89AE885E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x89AED2E4]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x89AED330]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x89AED422]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x89AED252]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x89AED374]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x89AED29A]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x89AED3DC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x89AE7E44]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x900B6B34]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x89AE7AD6]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x89AE7E90]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x89AEAD1C]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x89AE8B02]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x89AED30E]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x89AED352]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x89AED446]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x89AED278]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x89AED3AE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x89AED2C2]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x89AED400]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x900B6CA0]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x89AE89CE]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x89AE7EDC]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x89AE7F28]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x89AE7B46]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x89AE7CEA]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x89AE7C92]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x89AE7D5A]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x900B6D60]

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x89AE7F74]

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x900B6BE0]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x900CCD92]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C798A9 1 Byte [06]

.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C992F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntoskrnl.exe!KeRemoveQueueEx + 138B 82CA0558 4 Bytes JMP AE7DF882

.text ntoskrnl.exe!KeRemoveQueueEx + 13B3 82CA0580 4 Bytes [5A, 6A, 0B, 90] {POP EDX; PUSH 0xb; NOP }

.text ntoskrnl.exe!KeRemoveQueueEx + 1413 82CA05E0 4 Bytes [5E, 88, AE, 89]

.text ntoskrnl.exe!KeRemoveQueueEx + 1467 82CA0634 8 Bytes [E4, D2, AE, 89, 30, D3, AE, ...]

.text ntoskrnl.exe!KeRemoveQueueEx + 1473 82CA0640 4 Bytes [22, D4, AE, 89]

.text ...

PAGE ntoskrnl.exe!ObMakeTemporaryObject 82E25E6C 5 Bytes JMP 900C9C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!RtlCompareUnicodeStrings + 50C 82E4D574 5 Bytes JMP 900CB764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 108 82E53D51 4 Bytes CALL 89AE91B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 122 82E9089F 4 Bytes CALL 89AE91CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

PAGE ntoskrnl.exe!ZwCreateProcessEx 82F15CCA 7 Bytes JMP 900CCD96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)

.text win32k.sys!EngMultiByteToUnicodeN + 7231 8244986A 5 Bytes JMP 89AEB536 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngIsSemaphoreOwned + 8A1B 824608B5 5 Bytes JMP 89AEB67C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngEraseSurface + 7E89 8247DC71 5 Bytes JMP 89AEB73C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngEraseSurface + C174 82481F5C 5 Bytes JMP 89AEC2EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XFORMOBJ_iGetXform + 1C30 8249475D 5 Bytes JMP 89AEB7FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XFORMOBJ_iGetXform + 3330 82495E5D 5 Bytes JMP 89AEAF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XFORMOBJ_iGetXform + 4035 82496B62 2 Bytes JMP 89AEC0BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!XFORMOBJ_iGetXform + 4038 82496B65 2 Bytes [65, 07]

.text win32k.sys!EngCTGetGammaTable + 6CB 8249B646 5 Bytes JMP 89AEB70C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCTGetGammaTable + 18AB 8249C826 5 Bytes JMP 89AEB562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngAllocMem + 8FA6 824A783C 5 Bytes JMP 89AEB724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_bEnum + 79B6 824B8D60 5 Bytes JMP 89AEAFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_bEnum + 869D 824B9A47 5 Bytes JMP 89AEAE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_bEnum + 928D 824BA637 5 Bytes JMP 89AEB384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateSemaphore + A5E8 824D544C 5 Bytes JMP 89AEBF8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCreateSemaphore + C99D 824D7801 5 Bytes JMP 89AEAD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngBitBlt + 56E 824E0E4D 5 Bytes JMP 89AEC036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngBitBlt + 5201 824E5AE0 5 Bytes JMP 89AEC4F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngLpkInstalled + 6119 824F8D0A 5 Bytes JMP 89AEAE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngLpkInstalled + 11685 82504276 5 Bytes JMP 89AEC07C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngLpkInstalled + 1AEC6 8250DAB7 5 Bytes JMP 89AED544 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!STROBJ_bEnum + 99BD 825211E9 5 Bytes JMP 89AEB2E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngPlgBlt + 26C1 825292C7 5 Bytes JMP 89AEC3A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_bPolyBezierTo + F8 8253CD48 5 Bytes JMP 89AEB1AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngAcquireSemaphoreSharedNoWait + 1F5A 8254D0B0 5 Bytes JMP 89AEC450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!PATHOBJ_vGetBounds + EB5 82576F9F 5 Bytes JMP 89AEB0B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngCTGetCurrentGamma + 1C88 8257AFCA 5 Bytes JMP 89AEB104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngSetPointerShape + B31 8257DB2B 5 Bytes JMP 89AEB7E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!EngSetPointerShape + C86 8257DC80 5 Bytes JMP 89AEC232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!CLIPOBJ_cEnumStart + 6CFE 82586975 5 Bytes JMP 89AEAF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text win32k.sys!CLIPOBJ_cEnumStart + A3FD 8258A074 5 Bytes JMP 89AEB248 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

.text user32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes [E9, 88, 3D, A6, 88] {JMP 0xffffffff88a63d8d}

.text user32.dll!UnhookWinEvent 777AD924 5 Bytes [E9, D3, 2A, A6, 88] {JMP 0xffffffff88a62ad8}

.text user32.dll!SetWindowsHookExW 777B210A 5 Bytes [E9, F5, E6, A5, 88] {JMP 0xffffffff88a5e6fa}

.text user32.dll!SetWinEventHook 777B507E 5 Bytes [E9, 75, B1, A5, 88] {JMP 0xffffffff88a5b17a}

.text user32.dll!SetWindowsHookExA 777D6DFA 5 Bytes [E9, 01, 98, A3, 88] {JMP 0xffffffff88a39806}

.text kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[108] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\Explorer.EXE[108] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\Explorer.EXE[108] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\Explorer.EXE[108] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00110A08

.text C:\Windows\Explorer.EXE[108] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001103FC

.text C:\Windows\Explorer.EXE[108] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00110804

.text C:\Windows\Explorer.EXE[108] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001101F8

.text C:\Windows\Explorer.EXE[108] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00110600

.text C:\Windows\System32\svchost.exe[400] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\System32\svchost.exe[400] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\System32\svchost.exe[400] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Microsoft\BingBar\BingBar.exe[492] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\csrss.exe[556] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Winreview.ru\Personalization Panel DWM Controller\persdwmsrv.exe[604] KERNEL32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\wininit.exe[608] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000303FC

.text C:\Windows\system32\wininit.exe[608] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000301F8

.text C:\Windows\system32\wininit.exe[608] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\wininit.exe[608] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 000C0A08

.text C:\Windows\system32\wininit.exe[608] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 000C03FC

.text C:\Windows\system32\wininit.exe[608] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 000C0804

.text C:\Windows\system32\wininit.exe[608] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 000C01F8

.text C:\Windows\system32\wininit.exe[608] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 000C0600

.text C:\Windows\system32\csrss.exe[616] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\winlogon.exe[672] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000303FC

.text C:\Windows\system32\winlogon.exe[672] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000301F8

.text C:\Windows\system32\winlogon.exe[672] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\winlogon.exe[672] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00100A08

.text C:\Windows\system32\winlogon.exe[672] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001003FC

.text C:\Windows\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00100804

.text C:\Windows\system32\winlogon.exe[672] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001001F8

.text C:\Windows\system32\winlogon.exe[672] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00100600

.text C:\Windows\system32\services.exe[700] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001003FC

.text C:\Windows\system32\services.exe[700] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001001F8

.text C:\Windows\system32\services.exe[700] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\lsass.exe[732] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\system32\lsass.exe[732] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\system32\lsass.exe[732] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000A03FC

.text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000A01F8

.text C:\Windows\system32\lsm.exe[740] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\svchost.exe[780] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\system32\svchost.exe[780] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\system32\svchost.exe[780] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\svchost.exe[780] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 001A0A08

.text C:\Windows\system32\svchost.exe[780] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001A03FC

.text C:\Windows\system32\svchost.exe[780] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 001A0804

.text C:\Windows\system32\svchost.exe[780] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001A01F8

.text C:\Windows\system32\svchost.exe[780] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 001A0600

.text C:\Windows\system32\svchost.exe[788] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000803FC

.text C:\Windows\system32\svchost.exe[788] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000801F8

.text C:\Windows\system32\svchost.exe[788] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\svchost.exe[788] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 001A0A08

.text C:\Windows\system32\svchost.exe[788] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001A03FC

.text C:\Windows\system32\svchost.exe[788] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 001A0804

.text C:\Windows\system32\svchost.exe[788] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001A01F8

.text C:\Windows\system32\svchost.exe[788] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 001A0600

.text C:\Program Files\Stardock\MyColors\WBVista.exe[816] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001603FC

.text C:\Program Files\Stardock\MyColors\WBVista.exe[816] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001601F8

.text C:\Program Files\Stardock\MyColors\WBVista.exe[816] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\svchost.exe[892] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\system32\svchost.exe[892] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\system32\svchost.exe[892] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\svchost.exe[988] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000A03FC

.text C:\Windows\system32\svchost.exe[988] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000A01F8

.text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 001D0A08

.text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001D03FC

.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 001D0804

.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001D01F8

.text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 001D0600

.text C:\Windows\System32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\System32\svchost.exe[1120] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\System32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00370A08

.text C:\Windows\System32\svchost.exe[1120] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 003703FC

.text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00370804

.text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 003701F8

.text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00370600

.text C:\Windows\system32\svchost.exe[1164] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000A03FC

.text C:\Windows\system32\svchost.exe[1164] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000A01F8

.text C:\Windows\system32\svchost.exe[1164] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1164] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00E90A08

.text C:\Windows\system32\svchost.exe[1164] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 00E903FC

.text C:\Windows\system32\svchost.exe[1164] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00E90804

.text C:\Windows\system32\svchost.exe[1164] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 00E901F8

.text C:\Windows\system32\svchost.exe[1164] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00E90600

.text C:\Windows\system32\AUDIODG.EXE[1252] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1292] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00160A08

.text C:\Windows\system32\svchost.exe[1292] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001603FC

.text C:\Windows\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00160804

.text C:\Windows\system32\svchost.exe[1292] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001601F8

.text C:\Windows\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00160600

.text C:\Program Files\Stardock\MyColors\VistaSrv.exe[1352] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001603FC

.text C:\Program Files\Stardock\MyColors\VistaSrv.exe[1352] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001601F8

.text C:\Program Files\Stardock\MyColors\VistaSrv.exe[1352] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Stardock\MyColors\VistaSrv.exe[1352] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00200A08

.text C:\Program Files\Stardock\MyColors\VistaSrv.exe[1352] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002003FC

.text C:\Program Files\Stardock\MyColors\VistaSrv.exe[1352] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00200804

.text C:\Program Files\Stardock\MyColors\VistaSrv.exe[1352] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002001F8

.text C:\Program Files\Stardock\MyColors\VistaSrv.exe[1352] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00200600

.text C:\Program Files\Stardock\MyColors\WBVista.exe[1368] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001603FC

.text C:\Program Files\Stardock\MyColors\WBVista.exe[1368] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001601F8

.text C:\Program Files\Stardock\MyColors\WBVista.exe[1368] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Stardock\MyColors\WBVista.exe[1368] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00220A08

.text C:\Program Files\Stardock\MyColors\WBVista.exe[1368] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002203FC

.text C:\Program Files\Stardock\MyColors\WBVista.exe[1368] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00220804

.text C:\Program Files\Stardock\MyColors\WBVista.exe[1368] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002201F8

.text C:\Program Files\Stardock\MyColors\WBVista.exe[1368] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00220600

.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\system32\svchost.exe[1436] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\system32\svchost.exe[1436] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\System32\svchost.exe[1460] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\System32\svchost.exe[1460] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\System32\svchost.exe[1460] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\WINDOWS\winservices.exe[1464] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001503FC

.text C:\WINDOWS\winservices.exe[1464] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001501F8

.text C:\WINDOWS\winservices.exe[1464] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\WINDOWS\winservices.exe[1464] user32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 001E0A08

.text C:\WINDOWS\winservices.exe[1464] user32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001E03FC

.text C:\WINDOWS\winservices.exe[1464] user32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 001E0804

.text C:\WINDOWS\winservices.exe[1464] user32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001E01F8

.text C:\WINDOWS\winservices.exe[1464] user32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 001E0600

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1488] kernel32.dll!SetUnhandledExceptionFilter 76B530E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1488] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Users\Gerson\Desktop\gmer.exe[1552] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001603FC

.text C:\Users\Gerson\Desktop\gmer.exe[1552] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001601F8

.text C:\Users\Gerson\Desktop\gmer.exe[1552] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Users\Gerson\Desktop\gmer.exe[1552] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00210A08

.text C:\Users\Gerson\Desktop\gmer.exe[1552] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002103FC

.text C:\Users\Gerson\Desktop\gmer.exe[1552] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00210804

.text C:\Users\Gerson\Desktop\gmer.exe[1552] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002101F8

.text C:\Users\Gerson\Desktop\gmer.exe[1552] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00210600

.text C:\Windows\system32\svchost.exe[1656] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\system32\svchost.exe[1656] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\system32\svchost.exe[1656] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\svchost.exe[1656] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00290A08

.text C:\Windows\system32\svchost.exe[1656] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002903FC

.text C:\Windows\system32\svchost.exe[1656] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00290804

.text C:\Windows\system32\svchost.exe[1656] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002901F8

.text C:\Windows\system32\svchost.exe[1656] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00290600

.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1776] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1776] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1776] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1776] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00090A08

.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1776] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 000903FC

.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1776] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00090804

.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1776] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 000901F8

.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1776] USER32.dll!SetWindowsHookExA 777D6DFA 3 Bytes JMP 00090600

.text C:\Program Files\Microsoft\BingBar\BBSvc.EXE[1776] USER32.dll!SetWindowsHookExA + 4 777D6DFE 1 Byte [88]

.text C:\Windows\system32\taskhost.exe[1820] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000503FC

.text C:\Windows\system32\taskhost.exe[1820] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000501F8

.text C:\Windows\system32\taskhost.exe[1820] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\taskhost.exe[1820] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 000F0A08

.text C:\Windows\system32\taskhost.exe[1820] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 000F03FC

.text C:\Windows\system32\taskhost.exe[1820] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 000F0804

.text C:\Windows\system32\taskhost.exe[1820] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 000F01F8

.text C:\Windows\system32\taskhost.exe[1820] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 000F0600

.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1880] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000A03FC

.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1880] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000A01F8

.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1880] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1880] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00140A08

.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1880] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001403FC

.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1880] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00140804

.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1880] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001401F8

.text C:\Program Files\Microsoft\BingBar\SeaPort.EXE[1880] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00140600

.text C:\Windows\system32\lxdacoms.exe[2004] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001503FC

.text C:\Windows\system32\lxdacoms.exe[2004] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001501F8

.text C:\Windows\system32\lxdacoms.exe[2004] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\lxdacoms.exe[2004] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 001E0A08

.text C:\Windows\system32\lxdacoms.exe[2004] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001E03FC

.text C:\Windows\system32\lxdacoms.exe[2004] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 001E0804

.text C:\Windows\system32\lxdacoms.exe[2004] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001E01F8

.text C:\Windows\system32\lxdacoms.exe[2004] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 001E0600

.text C:\Windows\system32\Dwm.exe[2012] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000A03FC

.text C:\Windows\system32\Dwm.exe[2012] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000A01F8

.text C:\Windows\system32\Dwm.exe[2012] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\Dwm.exe[2012] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00230A08

.text C:\Windows\system32\Dwm.exe[2012] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002303FC

.text C:\Windows\system32\Dwm.exe[2012] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00230804

.text C:\Windows\system32\Dwm.exe[2012] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002301F8

.text C:\Windows\system32\Dwm.exe[2012] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00230600

.text C:\Windows\system32\svchost.exe[2052] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\system32\svchost.exe[2052] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\system32\svchost.exe[2052] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\System32\spoolsv.exe[2188] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\System32\spoolsv.exe[2188] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\System32\spoolsv.exe[2188] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\System32\spoolsv.exe[2188] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00140A08

.text C:\Windows\System32\spoolsv.exe[2188] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001403FC

.text C:\Windows\System32\spoolsv.exe[2188] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00140804

.text C:\Windows\System32\spoolsv.exe[2188] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001401F8

.text C:\Windows\System32\spoolsv.exe[2188] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00140600

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001803FC

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001801F8

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 6B4C8345 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!CallNextHookEx 777ACC8F 5 Bytes JMP 6B4A9D1C C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002203FC

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!CreateWindowExW 777B0E51 5 Bytes JMP 6B4B810F C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 6B46460B C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002201F8

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamW 777D4AA7 5 Bytes JMP 6B5E00C8 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamW 777D564A 5 Bytes JMP 6B3D4B87 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00220600

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxParamA 777ECF6A 5 Bytes JMP 6B5E0065 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!DialogBoxIndirectParamA 777ED29C 5 Bytes JMP 6B5E012B C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectA 777FE8C9 5 Bytes JMP 6B5DFFFA C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxIndirectW 777FE9C3 5 Bytes JMP 6B5DFF8F C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExA 777FEA29 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExA 777FEA29 5 Bytes JMP 6B5DFF2D C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] USER32.dll!MessageBoxExW 777FEA4D 5 Bytes JMP 6B5DFECB C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ole32.dll!OleLoadFromStream 76BE5BF6 5 Bytes JMP 6B5E041B C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2468] ole32.dll!CoCreateInstance 76C3590C 5 Bytes JMP 6B4B8BFD C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2568] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000A03FC

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2568] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000A01F8

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2568] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2568] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00250A08

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2568] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002503FC

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2568] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00250804

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2568] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002501F8

.text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2568] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00250600

.text C:\Windows\System32\igfxtray.exe[2664] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001603FC

.text C:\Windows\System32\igfxtray.exe[2664] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001601F8

.text C:\Windows\System32\igfxtray.exe[2664] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\System32\igfxtray.exe[2664] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00200A08

.text C:\Windows\System32\igfxtray.exe[2664] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002003FC

.text C:\Windows\System32\igfxtray.exe[2664] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00200804

.text C:\Windows\System32\igfxtray.exe[2664] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002001F8

.text C:\Windows\System32\igfxtray.exe[2664] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00200600

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000803FC

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000801F8

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 000B0A08

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 000B03FC

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!CreateWindowExW 777B0E51 5 Bytes JMP 6B4B810F C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 000B0804

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 000B01F8

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxIndirectParamW 777D4AA7 5 Bytes JMP 6B5E00C8 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxParamW 777D564A 5 Bytes JMP 6B3D4B87 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 000B0600

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxParamA 777ECF6A 5 Bytes JMP 6B5E0065 C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!DialogBoxIndirectParamA 777ED29C 5 Bytes JMP 6B5E012B C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxIndirectA 777FE8C9 5 Bytes JMP 6B5DFFFA C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxIndirectW 777FE9C3 5 Bytes JMP 6B5DFF8F C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExA 777FEA29 1 Byte [E9]

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExA 777FEA29 5 Bytes JMP 6B5DFF2D C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\iexplore.exe[2684] USER32.dll!MessageBoxExW 777FEA4D 5 Bytes JMP 6B5DFECB C:\Windows\system32\IEFRAME.dll (Navegador da Internet/Microsoft Corporation)

.text C:\Program Files\Microsoft\BingBar\BingApp.exe[2820] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000503FC

.text C:\Program Files\Microsoft\BingBar\BingApp.exe[2820] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000501F8

.text C:\Program Files\Microsoft\BingBar\BingApp.exe[2820] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Microsoft\BingBar\BingApp.exe[2820] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 000F0A08

.text C:\Program Files\Microsoft\BingBar\BingApp.exe[2820] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 000F03FC

.text C:\Program Files\Microsoft\BingBar\BingApp.exe[2820] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 000F0804

.text C:\Program Files\Microsoft\BingBar\BingApp.exe[2820] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 000F01F8

.text C:\Program Files\Microsoft\BingBar\BingApp.exe[2820] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 000F0600

.text C:\Windows\System32\hkcmd.exe[2844] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001603FC

.text C:\Windows\System32\hkcmd.exe[2844] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001601F8

.text C:\Windows\System32\hkcmd.exe[2844] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\System32\hkcmd.exe[2844] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00200A08

.text C:\Windows\System32\hkcmd.exe[2844] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002003FC

.text C:\Windows\System32\hkcmd.exe[2844] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00200804

.text C:\Windows\System32\hkcmd.exe[2844] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002001F8

.text C:\Windows\System32\hkcmd.exe[2844] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00200600

.text C:\Windows\System32\igfxpers.exe[2944] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001603FC

.text C:\Windows\System32\igfxpers.exe[2944] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001601F8

.text C:\Windows\System32\igfxpers.exe[2944] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\System32\igfxpers.exe[2944] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00200A08

.text C:\Windows\System32\igfxpers.exe[2944] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002003FC

.text C:\Windows\System32\igfxpers.exe[2944] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00200804

.text C:\Windows\System32\igfxpers.exe[2944] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002001F8

.text C:\Windows\System32\igfxpers.exe[2944] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00200600

.text C:\Windows\system32\UI0Detect.exe[2972] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\system32\UI0Detect.exe[2972] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\system32\UI0Detect.exe[2972] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\UI0Detect.exe[2972] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00240A08

.text C:\Windows\system32\UI0Detect.exe[2972] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002403FC

.text C:\Windows\system32\UI0Detect.exe[2972] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00240804

.text C:\Windows\system32\UI0Detect.exe[2972] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002401F8

.text C:\Windows\system32\UI0Detect.exe[2972] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00240600

.text C:\Windows\system32\svchost.exe[3080] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000A03FC

.text C:\Windows\system32\svchost.exe[3080] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000A01F8

.text C:\Windows\system32\svchost.exe[3080] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\svchost.exe[3080] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 001B0A08

.text C:\Windows\system32\svchost.exe[3080] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001B03FC

.text C:\Windows\system32\svchost.exe[3080] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 001B0804

.text C:\Windows\system32\svchost.exe[3080] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001B01F8

.text C:\Windows\system32\svchost.exe[3080] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 001B0600

.text C:\Windows\system32\igfxsrvc.exe[3140] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001603FC

.text C:\Windows\system32\igfxsrvc.exe[3140] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001601F8

.text C:\Windows\system32\igfxsrvc.exe[3140] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\igfxsrvc.exe[3140] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 001F0A08

.text C:\Windows\system32\igfxsrvc.exe[3140] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001F03FC

.text C:\Windows\system32\igfxsrvc.exe[3140] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 001F0804

.text C:\Windows\system32\igfxsrvc.exe[3140] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001F01F8

.text C:\Windows\system32\igfxsrvc.exe[3140] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 001F0600

Compartilhar este post


Link para o post
Compartilhar em outros sites

.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001603FC

.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001601F8

.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00300A08

.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 003003FC

.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00300804

.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 003001F8

.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3240] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00300600

.text C:\Program Files\TVR\RecSche.EXE[3388] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001603FC

.text C:\Program Files\TVR\RecSche.EXE[3388] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001601F8

.text C:\Program Files\TVR\RecSche.EXE[3388] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\TVR\RecSche.EXE[3388] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 001F0A08

.text C:\Program Files\TVR\RecSche.EXE[3388] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001F03FC

.text C:\Program Files\TVR\RecSche.EXE[3388] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 001F0804

.text C:\Program Files\TVR\RecSche.EXE[3388] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001F01F8

.text C:\Program Files\TVR\RecSche.EXE[3388] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 001F0600

.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3420] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\System32\svchost.exe[3452] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\System32\svchost.exe[3452] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\System32\svchost.exe[3452] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\System32\svchost.exe[3452] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 001D0A08

.text C:\Windows\System32\svchost.exe[3452] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001D03FC

.text C:\Windows\System32\svchost.exe[3452] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 001D0804

.text C:\Windows\System32\svchost.exe[3452] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001D01F8

.text C:\Windows\System32\svchost.exe[3452] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 001D0600

.text C:\Windows\system32\SearchIndexer.exe[3624] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\system32\SearchIndexer.exe[3624] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\system32\SearchIndexer.exe[3624] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\SearchIndexer.exe[3624] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00100A08

.text C:\Windows\system32\SearchIndexer.exe[3624] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001003FC

.text C:\Windows\system32\SearchIndexer.exe[3624] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00100804

.text C:\Windows\system32\SearchIndexer.exe[3624] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001001F8

.text C:\Windows\system32\SearchIndexer.exe[3624] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00100600

.text C:\Windows\system32\taskeng.exe[3860] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Windows\system32\taskeng.exe[3860] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Windows\system32\taskeng.exe[3860] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Windows\system32\taskeng.exe[3860] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00130A08

.text C:\Windows\system32\taskeng.exe[3860] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001303FC

.text C:\Windows\system32\taskeng.exe[3860] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00130804

.text C:\Windows\system32\taskeng.exe[3860] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001301F8

.text C:\Windows\system32\taskeng.exe[3860] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00130600

.text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[3904] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001603FC

.text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[3904] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001601F8

.text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[3904] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[3904] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00200A08

.text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[3904] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002003FC

.text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[3904] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00200804

.text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[3904] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002001F8

.text C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe[3904] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00200600

.text C:\Program Files\Ask.com\Updater\Updater.exe[3976] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001703FC

.text C:\Program Files\Ask.com\Updater\Updater.exe[3976] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001701F8

.text C:\Program Files\Ask.com\Updater\Updater.exe[3976] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Ask.com\Updater\Updater.exe[3976] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00300A08

.text C:\Program Files\Ask.com\Updater\Updater.exe[3976] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 003003FC

.text C:\Program Files\Ask.com\Updater\Updater.exe[3976] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00300804

.text C:\Program Files\Ask.com\Updater\Updater.exe[3976] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 003001F8

.text C:\Program Files\Ask.com\Updater\Updater.exe[3976] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00300600

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4012] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 001703FC

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4012] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 001701F8

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4012] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4012] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00210A08

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4012] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 002103FC

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4012] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00210804

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4012] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 002101F8

.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[4012] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00210600

.text C:\Program Files\Windows Sidebar\sidebar.exe[4024] ntdll.dll!LdrUnloadDll 7797BEAF 5 Bytes JMP 000603FC

.text C:\Program Files\Windows Sidebar\sidebar.exe[4024] ntdll.dll!LdrLoadDll 7797F5B5 5 Bytes JMP 000601F8

.text C:\Program Files\Windows Sidebar\sidebar.exe[4024] kernel32.dll!GetBinaryTypeW + 70 76B678FC 1 Byte [62]

.text C:\Program Files\Windows Sidebar\sidebar.exe[4024] USER32.dll!UnhookWindowsHookEx 777ACC7B 5 Bytes JMP 00110A08

.text C:\Program Files\Windows Sidebar\sidebar.exe[4024] USER32.dll!UnhookWinEvent 777AD924 5 Bytes JMP 001103FC

.text C:\Program Files\Windows Sidebar\sidebar.exe[4024] USER32.dll!SetWindowsHookExW 777B210A 5 Bytes JMP 00110804

.text C:\Program Files\Windows Sidebar\sidebar.exe[4024] USER32.dll!SetWinEventHook 777B507E 5 Bytes JMP 001101F8

.text C:\Program Files\Windows Sidebar\sidebar.exe[4024] USER32.dll!SetWindowsHookExA 777D6DFA 5 Bytes JMP 00110600

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745C2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [745A5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745A56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [745C250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [745B8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745B4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745B50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [745B51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [745B66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [745B82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [745B8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [745B907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [745BE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[108] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745B4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1488] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73B0F6A0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[3420] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [73B0F6A0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

Device \Driver\ACPI_HAL \Device\00000042 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP0T0L0-0 85E240AE

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85E23F76

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 85E240AE

Device \Driver\atapi \Device\Ide\IdePort0 85E23F76

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 85E240AE

Device \Driver\atapi \Device\Ide\IdePort1 85E23F76

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-2 85E240AE

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 85E23F76

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Disk \Device\Harddisk0\DR0 85E23A2E

---- Processes - GMER 1.0.15 ----

Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 2468

Process C:\Program Files\Internet Explorer\iexplore.exe (*** hidden *** ) 2684

Process iexplore.exe (*** hidden *** ) 2908

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Q2SR0GZQ.txt 996 bytes

File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6SVOWWBH.txt 1235 bytes

File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\8TJHRLG6.txt 103 bytes

File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\V4CD4KXS.txt 110 bytes

File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\L6R0365R.txt 89 bytes

File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\38UKQZF2.txt 105 bytes

File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\417TIPCU.txt 118 bytes

File C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\CY3X6H7P.txt 112 bytes

---- EOF - GMER 1.0.15 ----

Foi mal mandar de pouquinho em pouquinho, quando eu mandava muito dava um erro

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Gerson Tavares

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

  • Faça download do TDSSKiller e salve no seu desktop (área de trabalho).
  • Extraia o conteúdo no próprio desktop e tenha certeza de que o arquivo TDSSKiller.exe (o conteúdo do arquivo zipado) esteja no desktop e não dentro de uma pasta.
  • Vá em Iniciar > Executar e copie e cole o seguinte comando na caixa de texto (inclua as aspas) e depois pressione Ok.

"%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v

  • Se aparecer a seguinte mensagem de texto "Hidden service detected" NÃO digite nada. Apenas pressioner ENTER no teclado para não fazer nada com o arquivo.
  • Quando acabar, um log será criado em sua unidade C: chamado "TDSSKiller.txt", copie e cole o conteúdo deste arquivo em sua próxima resposta.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Fala, Diego :D

Desculpa a demora pra responder, viajei e não tive tempo de avisar.

Eu fiz com o KAS desativado, AVAST e tudo mais, mas mesmo assim aquele erro persistiu :angry:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tente apenas clicar duas vezes no TDSSKiller.exe, caso não dê certo novamente me avise!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Depois de muito tentar, consegui fazer o programa rodar.

Ele só encontrou um vírus, o qual não tentei curar, apenas fechei, mas acho que ele se auto-curou.

seguem as imagens:

http://img444.imageshack.us/img444/7209/sadasdfe.png

http://img17.imageshack.us/img17/7746/asffsaq.png

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×