Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected with Rootkit, Alureon -FZ


  • This topic is locked This topic is locked
2 replies to this topic

#1 iguanaslot

iguanaslot

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 25 October 2012 - 05:31 PM

I have avast antivirus and constantly sends me a message a rootkit removal called Alureon-FZ. when trying to remove it with avast tells me I must restart the PC to scan your computer at Home, after I waited over two hours to complete the scan, start windows normally and within minutes I relaunch it Message of threat detected , clean my pc with ccleaner, you run the antimalware and antispyware, besides the panda cloud scanning eh cleaner, and also scan the pc with the same avast. and all my reports are not found threats without looking like .however I still sends the message of threat detected
I followed exactly your instructions and here I get the result of Gmer and DDS.
Thanks in advance for your help

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-10-25 17:16:07
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdePort2 SAMSUNG_SP0411N rev.TW100-11
Running: gmer.exe; Driver: C:\DOCUME~1\Mike\CONFIG~1\Temp\pxrdapog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA80404C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA80EDC36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA8040EDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA80827A1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA804BEEE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA804BF3A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA804C0BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA8082155]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA804BE5C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA804BF7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA804BEA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA8041124]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA804C076]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA8041946]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA8040510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA8082E67]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA808311D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA8045108]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA8082CD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA8082B3D]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA80EDCFE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA8040178]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA804055E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA804547A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA80423AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA804BF18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA804BF5C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA804C0E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA80824B1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA804BE82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA8044C46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA804C000]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA804BECC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA8044EB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA804C09A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA80EDE5E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA80829B8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA804227A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA808280A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA8041DDC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA80FA786]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA80817C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA80405AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA80405FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA80417C6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA8040202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA80403B2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA8082F6E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA8040358]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA8041B00]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA8041C5C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA8040422]
SSDT \??\C:\Archivos de programa\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAF832640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA804163E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA80EC468]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA8040648]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA8040F22]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA8106E16]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 398 804E2A04 12 Bytes [AC, 05, 04, A8, FA, 05, 04, ...]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2AAC 12 Bytes [00, 1B, 04, A8, 5C, 1C, 04, ...]
PAGE ntoskrnl.exe!ObInsertObject 8056513A 5 Bytes JMP A81057D0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB88 4 Bytes CALL A8042A7F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8058304C 7 Bytes JMP A8106E1A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059EA53 5 Bytes JMP A8103CB6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.rsrc C:\WINDOWS\system32\drivers\pci.sys entry point in ".rsrc" section [0xF75A4994]
? C:\WINDOWS\system32\drivers\pci.sys suspicious PE modification
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB96C4360, 0x20598D, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP A8046A92 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP A8046982 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP A804693C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C57B 5 Bytes JMP A8045FEE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240EB 5 Bytes JMP A804570A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateBitmap + F9C BF828A55 5 Bytes JMP A8046BFC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314A0 5 Bytes JMP A8046E04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839ED7 5 Bytes JMP A8046842 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5 Bytes JMP A80455CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5 Bytes JMP A80460B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5 Bytes JMP A8045B64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5 Bytes JMP A8045E2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5F0 5 Bytes JMP A80455B6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649BF 5 Bytes JMP A80469CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF8731B9 5 Bytes JMP A8045C24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF873CF6 5 Bytes JMP A8045DE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890DF1 5 Bytes JMP A80460C8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 26EE BF89439B 5 Bytes JMP A8046B44 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 583 BF894E73 5 Bytes JMP A8046D62 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C226 5 Bytes JMP A8045FD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D7BB 5 Bytes JMP A804577A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5 Bytes JMP A804588A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA191 5 Bytes JMP A8045962 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8CA411 5 Bytes JMP A8045A8E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBDCC 5 Bytes JMP A80454B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB47 BF8F4DE0 5 Bytes JMP A8046006 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2F BF9142F4 5 Bytes JMP A80456A6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2603 BF914EC8 5 Bytes JMP A8045836 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F7C BF917841 5 Bytes JMP A8045F44 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1947 BF947973 5 Bytes JMP A8046CBA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
? C:\DOCUME~1\Mike\CONFIG~1\Temp\mbr.sys El sistema no puede hallar el archivo especificado. !

---- User code sections - GMER 1.0.15 ----

.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 003D01F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 003D03FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00AE1014
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00AE0804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00AE0A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00AE0C0C
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00AE0E10
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00AE01F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 00AE03FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00AE0600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 012C0804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 012C0A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 012C0600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 012C01F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[444] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 012C03FC
.text C:\WINDOWS\System32\smss.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[760] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[760] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[784] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[828] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[840] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[840] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[1048] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\RunDll32.exe[1048] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[1048] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\RunDll32.exe[1048] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\RunDll32.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00AE1014
.text C:\WINDOWS\system32\RunDll32.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00AE0804
.text C:\WINDOWS\system32\RunDll32.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00AE0A08
.text C:\WINDOWS\system32\RunDll32.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00AE0C0C
.text C:\WINDOWS\system32\RunDll32.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00AE0E10
.text C:\WINDOWS\system32\RunDll32.exe[1048] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00AE01F8
.text C:\WINDOWS\system32\RunDll32.exe[1048] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 00AE03FC
.text C:\WINDOWS\system32\RunDll32.exe[1048] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00AE0600
.text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1096] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe[1156] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 002D01F8
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe[1156] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe[1156] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 002D03FC
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe[1156] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe[1156] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 014B1014
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe[1156] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 014B0804
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe[1156] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 014B0A08
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe[1156] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 014B0C0C
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe[1156] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 014B0E10
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe[1156] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 014B01F8
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe[1156] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 014B03FC
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamgui.exe[1156] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 014B0600
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 002D01F8
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 002D03FC
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 0E180804
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 0E180A08
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 0E180600
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 0E1801F8
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 0E1803FC
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 09E01014
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 09E00804
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 09E00A08
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 09E00C0C
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 09E00E10
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 09E001F8
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 09E003FC
.text C:\Archivos de programa\SUPERAntiSpyware\SUPERAntiSpyware.exe[1212] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 09E00600
.text C:\WINDOWS\system32\svchost.exe[1244] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1244] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 003D01F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 003D03FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00F01014
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00F00804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00F00A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00F00C0C
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00F00E10
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00F001F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 00F003FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00F00600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 011C0804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 011C0A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 011C0600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 011C01F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1284] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 011C03FC
.text C:\WINDOWS\system32\svchost.exe[1336] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe[1508] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe[1508] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Archivos de programa\AVAST Software\Avast\AvastSvc.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1564] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[1564] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE[1692] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\SUPERAntiSpyware\SASCORE.EXE[1692] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1772] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 003101F8
.text C:\WINDOWS\Explorer.EXE[1772] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1772] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 003103FC
.text C:\WINDOWS\Explorer.EXE[1772] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 003C1014
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 003C0804
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 003C0A08
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 003C0C0C
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 003C0E10
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 003C01F8
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 003C03FC
.text C:\WINDOWS\Explorer.EXE[1772] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 003C0600
.text C:\WINDOWS\Explorer.EXE[1772] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00F70804
.text C:\WINDOWS\Explorer.EXE[1772] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00F70A08
.text C:\WINDOWS\Explorer.EXE[1772] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00F70600
.text C:\WINDOWS\Explorer.EXE[1772] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00F701F8
.text C:\WINDOWS\Explorer.EXE[1772] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 00F703FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 20, B2, 00] {SUB [EAX], AH; MOV DL, 0x0}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 23, B2, 00] {SUB [EBX], AH; MOV DL, 0x0}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 20, B2, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 21, B2, 00] {TEST AL, 0x21; MOV DL, 0x0}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B92883A
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 22, B2, 00] {TEST AL, 0x22; MOV DL, 0x0}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 21, B2, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 22, B2, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B9288AB
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 20, B2, 00] {TEST AL, 0x20; MOV DL, 0x0}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B9289D9
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 21, B2, 00] {SUB [ECX], AH; MOV DL, 0x0}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 22, B2, 00] {SUB [EDX], AH; MOV DL, 0x0}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 23, B2, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00E101F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 00E103FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 01161014
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 01160804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 01160A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 01160C0C
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 01160E10
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 011601F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 011603FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 01160600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 01940804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 01940A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 01940600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 019401F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[1868] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 019403FC
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe[1980] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamscheduler.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe[2044] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\Malwarebytes' Anti-Malware\mbamservice.exe[2044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 90, EE, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 93, EE, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 90, EE, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 91, EE, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B92C4AA
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 92, EE, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 91, EE, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 92, EE, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B92C51B
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 90, EE, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B92C649
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 91, EE, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 92, EE, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 93, EE, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 011D01F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 011D03FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 01521014
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 01520804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 01520A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 01520C0C
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 01520E10
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 015201F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 015203FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 01520600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 01D00804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 01D00A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 01D00600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 01D001F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2080] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 01D003FC
.text C:\WINDOWS\System32\alg.exe[2256] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[2256] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2256] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[2256] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, 18, E2, 00] {SUB [EAX], BL; LOOP 0x4}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, 1B, E2, 00] {SUB [EBX], BL; LOOP 0x4}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, 18, E2, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, 19, E2, 00] {TEST AL, 0x19; LOOP 0x4}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B92B832
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, 1A, E2, 00] {TEST AL, 0x1a; LOOP 0x4}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, 19, E2, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, 1A, E2, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B92B8A3
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, 18, E2, 00] {TEST AL, 0x18; LOOP 0x4}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B92B9D1
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, 19, E2, 00] {SUB [ECX], BL; LOOP 0x4}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, 1A, E2, 00] {SUB [EDX], BL; LOOP 0x4}
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, 1B, E2, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 011101F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 011103FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 01461014
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 01460804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 01460A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 01460C0C
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 01460E10
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 014601F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 014603FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 01460600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 01C40804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 01C40A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 01C40600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 01C401F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2520] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 01C403FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, A8, A4, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, AB, A4, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, A8, A4, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, A9, A4, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B927AC2
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, AA, A4, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, A9, A4, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, AA, A4, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B927B33
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, A8, A4, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B927C61
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, A9, A4, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, AA, A4, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, AB, A4, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00D301F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 00D303FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 01081014
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 01080804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 01080A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 01080C0C
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 01080E10
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 010801F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 010803FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 01080600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 01860804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 01860A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 01860600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 018601F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[2544] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 018603FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2656] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\RUNDLL32.EXE[2656] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2656] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\RUNDLL32.EXE[2656] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 003D01F8
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 003D03FC
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 009C1014
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 009C0804
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 009C0A08
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 009C0C0C
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 009C0E10
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 009C01F8
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 009C03FC
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 009C0600
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 009D0804
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 009D0A08
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 009D0600
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 009D01F8
.text C:\Documents and Settings\Mike\Mis documentos\gmer.exe[2704] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 009D03FC
.text C:\Archivos de programa\AVAST Software\Avast\avastUI.exe[2948] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\AVAST Software\Avast\avastUI.exe[2948] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 003D01F8
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 003D03FC
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 00C50804
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 00C50A08
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 00C50600
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 00C501F8
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 00C503FC
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00B61014
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00B60804
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00B60A08
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00B60C0C
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00B60E10
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00B601F8
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 00B603FC
.text C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe[3088] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00B60600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, E4, A9, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, E7, A9, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, E4, A9, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, E5, A9, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B927FFE
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, E6, A9, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, E5, A9, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, E6, A9, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B92806F
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, E4, A9, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B92819D
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, E5, A9, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, E6, A9, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, E7, A9, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 00D701F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 00D703FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 010C1014
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 010C0804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 010C0A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 010C0C0C
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 010C0E10
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 010C01F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 010C03FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 010C0600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 018A0804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 018A0A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 018A0600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 018A01F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3240] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 018A03FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtCreateFile + 6 7C91D0B4 4 Bytes [28, D0, 5C, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtCreateFile + B 7C91D0B9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtMapViewOfSection + 6 7C91D524 4 Bytes [28, D3, 5C, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtMapViewOfSection + B 7C91D529 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenFile + 6 7C91D5A4 4 Bytes [68, D0, 5C, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenFile + B 7C91D5A9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcess + 6 7C91D604 4 Bytes [A8, D1, 5C, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcess + B 7C91D609 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessToken + 6 7C91D614 4 Bytes CALL 7B9232EA
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessToken + B 7C91D619 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessTokenEx + 6 7C91D624 4 Bytes [A8, D2, 5C, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenProcessTokenEx + B 7C91D629 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThread + 6 7C91D664 4 Bytes [68, D1, 5C, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThread + B 7C91D669 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadToken + 6 7C91D674 4 Bytes [68, D2, 5C, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadToken + B 7C91D679 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadTokenEx + 6 7C91D684 4 Bytes CALL 7B92335B
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtOpenThreadTokenEx + B 7C91D689 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryAttributesFile + 6 7C91D714 4 Bytes [A8, D0, 5C, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryAttributesFile + B 7C91D719 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryFullAttributesFile + 6 7C91D7B4 4 Bytes CALL 7B923489
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtQueryFullAttributesFile + B 7C91D7B9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationFile + 6 7C91DC64 4 Bytes [28, D1, 5C, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationFile + B 7C91DC69 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationThread + 6 7C91DCB4 4 Bytes [28, D2, 5C, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtSetInformationThread + B 7C91DCB9 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtUnmapViewOfSection + 6 7C91DF14 4 Bytes [68, D3, 5C, 00]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!NtUnmapViewOfSection + B 7C91DF19 1 Byte [E2]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 008B01F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 008B03FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00C01014
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00C00804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00C00A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00C00C0C
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00C00E10
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00C001F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 00C003FC
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00C00600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] USER32.dll!SetWindowsHookExW 7E3A820F 5 Bytes JMP 013E0804
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] USER32.dll!UnhookWindowsHookEx 7E3AD5F3 5 Bytes JMP 013E0A08
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] USER32.dll!SetWindowsHookExA 7E3B1211 5 Bytes JMP 013E0600
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] USER32.dll!SetWinEventHook 7E3B17F7 5 Bytes JMP 013E01F8
.text C:\Archivos de programa\Google\Chrome\Application\chrome.exe[3408] USER32.dll!UnhookWinEvent 7E3B18AC 5 Bytes JMP 013E03FC
.text C:\WINDOWS\system32\ctfmon.exe[3612] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 003201F8
.text C:\WINDOWS\system32\ctfmon.exe[3612] ntdll.dll!RtlDosSearchPath_U + 186 7C926865 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3612] ntdll.dll!LdrUnloadDll 7C9271CD 5 Bytes JMP 003203FC
.text C:\WINDOWS\system32\ctfmon.exe[3612] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3612] ADVAPI32.dll!SetServiceObjectSecurity 77E06D81 5 Bytes JMP 00A41014
.text C:\WINDOWS\system32\ctfmon.exe[3612] ADVAPI32.dll!ChangeServiceConfigA 77E06E69 5 Bytes JMP 00A40804
.text C:\WINDOWS\system32\ctfmon.exe[3612] ADVAPI32.dll!ChangeServiceConfigW 77E07001 5 Bytes JMP 00A40A08
.text C:\WINDOWS\system32\ctfmon.exe[3612] ADVAPI32.dll!ChangeServiceConfig2A 77E07101 5 Bytes JMP 00A40C0C
.text C:\WINDOWS\system32\ctfmon.exe[3612] ADVAPI32.dll!ChangeServiceConfig2W 77E07189 5 Bytes JMP 00A40E10
.text C:\WINDOWS\system32\ctfmon.exe[3612] ADVAPI32.dll!CreateServiceA 77E07211 5 Bytes JMP 00A401F8
.text C:\WINDOWS\system32\ctfmon.exe[3612] ADVAPI32.dll!CreateServiceW 77E073A9 5 Bytes JMP 00A403FC
.text C:\WINDOWS\system32\ctfmon.exe[3612] ADVAPI32.dll!DeleteService 77E074B1 5 Bytes JMP 00A40600

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8975CAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8975CAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort2 8975CAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort3 8975CAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-5 8975CAF1
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP2T1L0-1b 8975CAF1

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Device\Ide\IdeDeviceP2T0L0-13 -> \??\IDE#DiskSAMSUNG_SP0411N_________________________TW100-11#30534a31314a5830374132393633202020202020#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\pci.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

Attached Files


Edited by iguanaslot, 25 October 2012 - 05:37 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:04 AM

Posted 25 October 2012 - 05:38 PM

Hi,

Please do the following:

Please download TDSSKiller.zip
  • Extract it to your desktop
  • Double click TDSSKiller.exe
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
    • If Malicious objects are found then ensure Cure is selected
    • If TDLFS File System is found then ensure Cure is selected (if Cure is not available, select Skip)
    • Then click Continue > Reboot now
  • Copy and paste the log in your next reply
    • A copy of the log will be saved automatically to the root of the drive (typically C:\)



NEXT



Download ComboFix from the following location:

Link 1

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:04 AM

Posted 01 November 2012 - 08:42 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users