GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2013-01-03 16:09:39 Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9SA00 rev.FBEOC43C Running: gmer.exe; Driver: C:\Users\Adam\AppData\Local\Temp\kwtdrpoc.sys ---- System - GMER 1.0.15 ---- INT 0x61 ? 84A56BF8 INT 0x71 ? 84A56BF8 INT 0x72 ? 85B2BBF8 INT 0x72 ? 85B2BBF8 INT 0x72 ? 85B2BBF8 INT 0x81 ? 84A56BF8 INT 0x81 ? 84A56BF8 INT 0x81 ? 84A56BF8 INT 0x81 ? 84A56BF8 INT 0x81 ? 84A56BF8 INT 0x81 ? 84A56BF8 INT 0x81 ? 84A56BF8 INT 0x82 ? 85B2BBF8 INT 0x92 ? 85B2BBF8 INT 0x92 ? 85B2BBF8 INT 0x92 ? 85B2BBF8 Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8C4D998E] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8C4D9928] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8C4D993C] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8C4D99CC] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8C4D9A0F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8C4D9900] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8C4D9914] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8C4D99A2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8C4D9A37] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8C4D9A23] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8C4D997A] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8C4D9966] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8C4D99FB] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8C4D99E2] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8C4D99B8] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8C4D9952] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 820271A0 5 Bytes JMP 8C4D99BC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwNotifyChangeKey 821C11CD 5 Bytes JMP 8C4D9A13 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateUserProcess 821C8E26 5 Bytes JMP 8C4D9956 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 821E32F0 5 Bytes JMP 8C4D99FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 8220257A 5 Bytes JMP 8C4D9918 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 82211EF2 5 Bytes JMP 8C4D9904 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 82224AFE 7 Bytes JMP 8C4D99D0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 82225155 5 Bytes JMP 8C4D99E6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 82227366 5 Bytes JMP 8C4D9992 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 82234A24 5 Bytes JMP 8C4D996A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 82236C7E 7 Bytes JMP 8C4D99A6 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRestoreKey 82255982 5 Bytes JMP 8C4D9A27 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwReplaceKey 822569CE 5 Bytes JMP 8C4D9A3B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 8229472B 5 Bytes JMP 8C4D992C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82294776 7 Bytes JMP 8C4D9940 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 82295233 5 Bytes JMP 8C4D997E \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ? System32\Drivers\spqc.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\tos_sps32.sys section is writeable [0x87557000, 0x4036D, 0xE8000020] .dsrt C:\Windows\system32\DRIVERS\tos_sps32.sys unknown last section [0x875A0000, 0x510, 0x40000040] .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8B401000, 0x1FB52A, 0xE8000020] .text USBPORT.SYS!DllUnload 8AD4346F 5 Bytes JMP 85B2B1D8 ? C:\Windows\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ? C:\Users\Adam\AppData\Local\Temp\catchme.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[640] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[640] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Windows\system32\services.exe[692] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 0081006E .text C:\Windows\system32\services.exe[692] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 00810F32 .text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 00810EFC .text C:\Windows\system32\services.exe[692] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 00810089 .text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 00810F5E .text C:\Windows\system32\services.exe[692] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 00810FAF .text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 00810042 .text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 00810025 .text C:\Windows\system32\services.exe[692] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 0081005D .text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 00810F83 .text C:\Windows\system32\services.exe[692] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 00810F9E .text C:\Windows\system32\services.exe[692] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 00810F4D .text C:\Windows\system32\services.exe[692] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 008100AE .text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 00810FD4 .text C:\Windows\system32\services.exe[692] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 00810FEF .text C:\Windows\system32\services.exe[692] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 00810000 .text C:\Windows\system32\services.exe[692] kernel32.dll!WinExec 7680580B 5 Bytes JMP 00810F0D .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 008A0047 .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 008A002C .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 008A0FE5 .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 008A0FAF .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 008A0F8A .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 008A0000 .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 008A0FD4 .text C:\Windows\system32\services.exe[692] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 008A001B .text C:\Windows\system32\services.exe[692] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 00820F92 .text C:\Windows\system32\services.exe[692] msvcrt.dll!system 77168B63 5 Bytes JMP 0082001D .text C:\Windows\system32\services.exe[692] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 00820FB7 .text C:\Windows\system32\services.exe[692] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 00820FEF .text C:\Windows\system32\services.exe[692] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 0082000C .text C:\Windows\system32\services.exe[692] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 00820FD2 .text C:\Windows\system32\services.exe[692] WS2_32.dll!socket 773136D1 5 Bytes JMP 00890FEF .text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 00210087 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 00210076 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 002100D8 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 002100BD .text C:\Windows\system32\lsass.exe[704] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 00210F66 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 00210FB9 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 00210F83 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 0021002F .text C:\Windows\system32\lsass.exe[704] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 00210F4B .text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 00210040 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 00210FA8 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 00210065 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 002100F3 .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 00210FEF .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 0021000A .text C:\Windows\system32\lsass.exe[704] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 00210FCA .text C:\Windows\system32\lsass.exe[704] kernel32.dll!WinExec 7680580B 5 Bytes JMP 002100A2 .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 00930F9E .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 00930FB9 .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 00930000 .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 00930040 .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 00930F83 .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 00930FE5 .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 0093001B .text C:\Windows\system32\lsass.exe[704] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 00930FCA .text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 00230020 .text C:\Windows\system32\lsass.exe[704] msvcrt.dll!system 77168B63 5 Bytes JMP 00230F95 .text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 00230FC1 .text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 00230FE3 .text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 00230FB0 .text C:\Windows\system32\lsass.exe[704] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 00230FD2 .text C:\Windows\system32\lsass.exe[704] WS2_32.dll!socket 773136D1 5 Bytes JMP 008F0000 .text C:\Windows\system32\svchost.exe[860] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 00730F63 .text C:\Windows\system32\svchost.exe[860] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 007300A9 .text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 007300DF .text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 00730F52 .text C:\Windows\system32\svchost.exe[860] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 00730087 .text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 00730FD4 .text C:\Windows\system32\svchost.exe[860] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 0073006C .text C:\Windows\system32\svchost.exe[860] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 0073004A .text C:\Windows\system32\svchost.exe[860] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 00730F88 .text C:\Windows\system32\svchost.exe[860] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 0073005B .text C:\Windows\system32\svchost.exe[860] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 00730FC3 .text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 00730098 .text C:\Windows\system32\svchost.exe[860] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 00730F2D .text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 00730025 .text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 0073000A .text C:\Windows\system32\svchost.exe[860] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 00730FEF .text C:\Windows\system32\svchost.exe[860] kernel32.dll!WinExec 7680580B 5 Bytes JMP 007300CE .text C:\Windows\system32\svchost.exe[860] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 0074005D .text C:\Windows\system32\svchost.exe[860] msvcrt.dll!system 77168B63 5 Bytes JMP 00740038 .text C:\Windows\system32\svchost.exe[860] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 0074000C .text C:\Windows\system32\svchost.exe[860] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 00740FE3 .text C:\Windows\system32\svchost.exe[860] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 00740027 .text C:\Windows\system32\svchost.exe[860] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 00740FD2 .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 0076004A .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 00760FA8 .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 00760FEF .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 00760039 .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 00760F8D .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 0076000A .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 00760FD4 .text C:\Windows\system32\svchost.exe[860] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 00760FB9 .text C:\Windows\system32\svchost.exe[860] WS2_32.dll!socket 773136D1 5 Bytes JMP 00750FE5 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 00240082 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 00240F32 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 002400AE .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 00240F21 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 00240053 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 00240000 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 00240042 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 00240F79 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 00240F5E .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 00240025 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 00240F8A .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 00240F43 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 00240EF2 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 00240FD4 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 00240FE5 .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 00240FAF .text C:\Windows\system32\svchost.exe[1000] kernel32.dll!WinExec 7680580B 5 Bytes JMP 0024009D .text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 007E0022 .text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!system 77168B63 5 Bytes JMP 007E0FA1 .text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 007E0FC3 .text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 007E0FEF .text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 007E0FB2 .text C:\Windows\system32\svchost.exe[1000] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 007E0FDE .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 00800F8D .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 00800FA8 .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 00800000 .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 0080002F .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 0080004A .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 00800FD4 .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 00800FE5 .text C:\Windows\system32\svchost.exe[1000] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 00800FB9 .text C:\Windows\system32\svchost.exe[1000] WS2_32.dll!socket 773136D1 5 Bytes JMP 007F000A .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 01350F26 .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 01350F37 .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 01350EF0 .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 01350087 .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 01350F77 .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 01350014 .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 01350F94 .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 01350040 .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 0135006C .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 01350051 .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 0135002F .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 01350F5C .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 013500A2 .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 01350FD4 .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 01350FEF .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 01350FC3 .text C:\Windows\System32\svchost.exe[1060] kernel32.dll!WinExec 7680580B 5 Bytes JMP 01350F15 .text C:\Windows\System32\svchost.exe[1060] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 01360FB6 .text C:\Windows\System32\svchost.exe[1060] msvcrt.dll!system 77168B63 5 Bytes JMP 0136004B .text C:\Windows\System32\svchost.exe[1060] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 01360FE5 .text C:\Windows\System32\svchost.exe[1060] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 0136000C .text C:\Windows\System32\svchost.exe[1060] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 0136003A .text C:\Windows\System32\svchost.exe[1060] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 01360029 .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 01EF0F79 .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 01EF001B .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 01EF0000 .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 01EF0F8A .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 01EF0036 .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 01EF0FCA .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 01EF0FDB .text C:\Windows\System32\svchost.exe[1060] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 01EF0FAF .text C:\Windows\System32\svchost.exe[1060] WS2_32.dll!socket 773136D1 5 Bytes JMP 01EE0000 .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 008E0F6D .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 008E0F7E .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 008E00F3 .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 008E00E2 .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 008E0073 .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 008E002C .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 008E0062 .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 008E0FAF .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 008E0084 .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 008E0051 .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 008E0FC0 .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 008E009F .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 008E0104 .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 008E001B .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 008E0000 .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 008E0FDB .text C:\Windows\System32\svchost.exe[1184] kernel32.dll!WinExec 7680580B 5 Bytes JMP 008E0F5C .text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 008F002C .text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!system 77168B63 5 Bytes JMP 008F0FA1 .text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 008F0FC6 .text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 008F0000 .text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 008F0011 .text C:\Windows\System32\svchost.exe[1184] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 008F0FD7 .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 0099005B .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 00990025 .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 00990FEF .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 00990040 .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 0099006C .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 00990FB9 .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 00990FD4 .text C:\Windows\System32\svchost.exe[1184] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 0099000A .text C:\Windows\System32\svchost.exe[1184] WS2_32.dll!socket 773136D1 5 Bytes JMP 00940FEF .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 00FF00AE .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 00FF009D .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 00FF00F5 .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 00FF00E4 .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 00FF0071 .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 00FF0025 .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 00FF0F8D .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 00FF0FB9 .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 00FF0F7C .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 00FF0FA8 .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 00FF0040 .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 00FF0082 .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 00FF0106 .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 00FF0FEF .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 00FF000A .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 00FF0FDE .text C:\Windows\System32\svchost.exe[1232] kernel32.dll!WinExec 7680580B 5 Bytes JMP 00FF00C9 .text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 01030F7F .text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!system 77168B63 5 Bytes JMP 01030F9A .text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 01030FC6 .text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 01030000 .text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 01030FB5 .text C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 01030FE3 .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 015D0FB6 .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 015D0FD1 .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 015D0000 .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 015D0058 .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 015D0073 .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 015D002C .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 015D001B .text C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 015D003D .text C:\Windows\System32\svchost.exe[1232] WS2_32.dll!socket 773136D1 5 Bytes JMP 01180000 .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 00C20F6F .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 00C20F8A .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 00C20F39 .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 00C20F4A .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 00C20075 .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 00C20033 .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 00C20058 .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 00C20FAC .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 00C20090 .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 00C20F9B .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 00C20FC7 .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 00C200AB .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 00C20F1E .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 00C20011 .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 00C20000 .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 00C20022 .text C:\Windows\system32\svchost.exe[1276] kernel32.dll!WinExec 7680580B 5 Bytes JMP 00C200D0 .text C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 0100006E .text C:\Windows\system32\svchost.exe[1276] msvcrt.dll!system 77168B63 5 Bytes JMP 01000049 .text C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 0100001D .text C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 01000000 .text C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 01000038 .text C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 01000FE3 .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 0106005B .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 01060025 .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 01060FEF .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 0106004A .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 01060076 .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 01060FB9 .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 01060FD4 .text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 01060014 .text C:\Windows\system32\svchost.exe[1276] WS2_32.dll!socket 773136D1 5 Bytes JMP 01010FEF .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 001F0097 .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 001F0F51 .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 001F0F2C .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 001F00B9 .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 001F0F98 .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 001F0FD1 .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 001F0070 .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 001F004E .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 001F0F7D .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 001F005F .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 001F0033 .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 001F0F62 .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 001F00E8 .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 001F0011 .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 001F0000 .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 001F0022 .text C:\Windows\system32\svchost.exe[1432] kernel32.dll!WinExec 7680580B 5 Bytes JMP 001F00A8 .text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 00FC0FA6 .text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!system 77168B63 5 Bytes JMP 00FC0FB7 .text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 00FC0FC8 .text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 00FC0FEF .text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 00FC001D .text C:\Windows\system32\svchost.exe[1432] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 00FC000C .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 01020062 .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 01020FD1 .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 0102000A .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 01020FC0 .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 01020FA5 .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 01020036 .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 01020025 .text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 01020047 .text C:\Windows\system32\svchost.exe[1432] WS2_32.dll!socket 773136D1 5 Bytes JMP 00FD0FEF .text C:\Windows\system32\svchost.exe[1432] WinInet.dll!InternetOpenA 76D20A4D 5 Bytes JMP 00C20000 .text C:\Windows\system32\svchost.exe[1432] WinInet.dll!InternetOpenUrlA 76D22713 5 Bytes JMP 00C20FDB .text C:\Windows\system32\svchost.exe[1432] WinInet.dll!InternetOpenW 76D230C8 5 Bytes JMP 00C20011 .text C:\Windows\system32\svchost.exe[1432] WinInet.dll!InternetOpenUrlW 76D78515 5 Bytes JMP 00C20FCA .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 00900091 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 00900080 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 00900F0B .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 00900F26 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 00900040 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 00900FD4 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 00900F66 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 00900FA8 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 00900F55 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 00900F8D .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 00900FB9 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 00900065 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 009000C7 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 00900FEF .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 00900000 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 00900025 .text C:\Windows\system32\svchost.exe[1636] kernel32.dll!WinExec 7680580B 5 Bytes JMP 009000A2 .text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 00950F86 .text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!system 77168B63 5 Bytes JMP 00950FA1 .text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 00950011 .text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 00950000 .text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 00950FB2 .text C:\Windows\system32\svchost.exe[1636] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 00950FD7 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 00980F72 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 00980F9E .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 00980FE5 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 00980F8D .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 00980F57 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 00980FB9 .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 00980FCA .text C:\Windows\system32\svchost.exe[1636] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 00980000 .text C:\Windows\system32\svchost.exe[1636] WS2_32.dll!socket 773136D1 5 Bytes JMP 00970000 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 00790083 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 00790072 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 00790EFD .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 00790094 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 00790F69 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 00790FC3 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 00790F86 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 00790FB2 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 00790F58 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 00790F97 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 0079002F .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 00790F47 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 007900AF .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 0079000A .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 00790FE5 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 00790FD4 .text C:\Windows\system32\svchost.exe[1896] kernel32.dll!WinExec 7680580B 5 Bytes JMP 00790F18 .text C:\Windows\system32\svchost.exe[1896] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 007A0F9A .text C:\Windows\system32\svchost.exe[1896] msvcrt.dll!system 77168B63 5 Bytes JMP 007A001B .text C:\Windows\system32\svchost.exe[1896] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 007A0FBC .text C:\Windows\system32\svchost.exe[1896] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 007A0FEF .text C:\Windows\system32\svchost.exe[1896] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 007A0FAB .text C:\Windows\system32\svchost.exe[1896] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 007A0000 .text C:\Windows\system32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 009F001B .text C:\Windows\system32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 009F0F94 .text C:\Windows\system32\svchost.exe[1896] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 009F0FEF .text C:\Windows\system32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 009F0F79 .text C:\Windows\system32\svchost.exe[1896] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 009F002C .text C:\Windows\system32\svchost.exe[1896] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 009F0FB9 .text C:\Windows\system32\svchost.exe[1896] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 009F0FCA .text C:\Windows\system32\svchost.exe[1896] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 009F0000 .text C:\Windows\system32\svchost.exe[1896] WS2_32.dll!socket 773136D1 5 Bytes JMP 009E0FEF .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 00890F83 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 008900BF .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 00890F4D .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 008900E4 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 00890FA8 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 00890025 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 00890076 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 0089005B .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 0089009D .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 00890FB9 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 00890040 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 008900AE .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 00890109 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 00890FEF .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 00890000 .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 00890FDE .text C:\Windows\system32\svchost.exe[2060] kernel32.dll!WinExec 7680580B 5 Bytes JMP 00890F68 .text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 00C40F8B .text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!system 77168B63 5 Bytes JMP 00C40F9C .text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 00C40FD2 .text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 00C40FEF .text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 00C40FB7 .text C:\Windows\system32\svchost.exe[2060] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 00C4000C .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 00C6003D .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 00C60FB6 .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 00C60000 .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 00C60F9B .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 00C60F80 .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 00C6002C .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 00C60011 .text C:\Windows\system32\svchost.exe[2060] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 00C60FD1 .text C:\Windows\system32\svchost.exe[2060] WS2_32.dll!socket 773136D1 5 Bytes JMP 00C5000A .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 00CD0F68 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 00CD0F83 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 00CD00F5 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 00CD00E4 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 00CD0093 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 00CD0036 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 00CD0076 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 00CD0FD4 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 00CD0F9E .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 00CD0FB9 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 00CD0051 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 00CD00AE .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 00CD0F43 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 00CD0011 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 00CD0000 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 00CD0FE5 .text C:\Windows\system32\svchost.exe[2120] kernel32.dll!WinExec 7680580B 5 Bytes JMP 00CD00D3 .text C:\Windows\system32\svchost.exe[2120] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 00D2005A .text C:\Windows\system32\svchost.exe[2120] msvcrt.dll!system 77168B63 5 Bytes JMP 00D20FD9 .text C:\Windows\system32\svchost.exe[2120] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 00D2002E .text C:\Windows\system32\svchost.exe[2120] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 00D2000C .text C:\Windows\system32\svchost.exe[2120] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 00D2003F .text C:\Windows\system32\svchost.exe[2120] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 00D2001D .text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 00D40036 .text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 00D4001B .text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 00D40FEF .text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 00D40F94 .text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 00D40F79 .text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 00D40FCA .text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 00D40000 .text C:\Windows\system32\svchost.exe[2120] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 00D40FAF .text C:\Windows\system32\svchost.exe[2120] WS2_32.dll!socket 773136D1 5 Bytes JMP 00D30FEF .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 000B00AB .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 000B009A .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 000B0F39 .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 000B0F4A .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 000B0F83 .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 000B0047 .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 000B0F94 .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 000B0FC0 .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 000B0078 .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 000B0FA5 .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 000B0FD1 .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 000B0089 .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 000B00E1 .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 000B001B .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 000B0000 .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 000B0036 .text C:\Windows\System32\svchost.exe[2572] kernel32.dll!WinExec 7680580B 5 Bytes JMP 000B00BC .text C:\Windows\System32\svchost.exe[2572] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 000C0066 .text C:\Windows\System32\svchost.exe[2572] msvcrt.dll!system 77168B63 5 Bytes JMP 000C0055 .text C:\Windows\System32\svchost.exe[2572] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 000C0044 .text C:\Windows\System32\svchost.exe[2572] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 000C0000 .text C:\Windows\System32\svchost.exe[2572] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 000C0FEF .text C:\Windows\System32\svchost.exe[2572] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 000C0029 .text C:\Windows\System32\svchost.exe[2572] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 000D0051 .text C:\Windows\System32\svchost.exe[2572] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 000D0FAF .text C:\Windows\System32\svchost.exe[2572] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 000D0FEF .text C:\Windows\System32\svchost.exe[2572] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 000D0036 .text C:\Windows\System32\svchost.exe[2572] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 000D0F8A .text C:\Windows\System32\svchost.exe[2572] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 000D0FCA .text C:\Windows\System32\svchost.exe[2572] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 000D0000 .text C:\Windows\System32\svchost.exe[2572] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 000D001B .text C:\Windows\explorer.exe[4132] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 0001009A .text C:\Windows\explorer.exe[4132] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 00010F4A .text C:\Windows\explorer.exe[4132] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 000100BC .text C:\Windows\explorer.exe[4132] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 00010F2F .text C:\Windows\explorer.exe[4132] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 0001006E .text C:\Windows\explorer.exe[4132] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 00010FCA .text C:\Windows\explorer.exe[4132] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 00010047 .text C:\Windows\explorer.exe[4132] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 00010FAF .text C:\Windows\explorer.exe[4132] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 00010F6F .text C:\Windows\explorer.exe[4132] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 00010F94 .text C:\Windows\explorer.exe[4132] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 00010036 .text C:\Windows\explorer.exe[4132] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 0001007F .text C:\Windows\explorer.exe[4132] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 00010F0A .text C:\Windows\explorer.exe[4132] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 00010000 .text C:\Windows\explorer.exe[4132] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 00010FEF .text C:\Windows\explorer.exe[4132] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 0001001B .text C:\Windows\explorer.exe[4132] kernel32.dll!WinExec 7680580B 5 Bytes JMP 000100AB .text C:\Windows\explorer.exe[4132] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 00050F83 .text C:\Windows\explorer.exe[4132] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 00050F9E .text C:\Windows\explorer.exe[4132] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 00050000 .text C:\Windows\explorer.exe[4132] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 00050025 .text C:\Windows\explorer.exe[4132] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 00050040 .text C:\Windows\explorer.exe[4132] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 00050FCA .text C:\Windows\explorer.exe[4132] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 00050FE5 .text C:\Windows\explorer.exe[4132] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 00050FB9 .text C:\Windows\explorer.exe[4132] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 00060049 .text C:\Windows\explorer.exe[4132] msvcrt.dll!system 77168B63 5 Bytes JMP 0006002E .text C:\Windows\explorer.exe[4132] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 00060FC8 .text C:\Windows\explorer.exe[4132] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 00060000 .text C:\Windows\explorer.exe[4132] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 0006001D .text C:\Windows\explorer.exe[4132] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 00060FE3 .text C:\Windows\explorer.exe[4132] WININET.dll!InternetOpenA 76D20A4D 5 Bytes JMP 03630FEF .text C:\Windows\explorer.exe[4132] WININET.dll!InternetOpenUrlA 76D22713 5 Bytes JMP 03630025 .text C:\Windows\explorer.exe[4132] WININET.dll!InternetOpenW 76D230C8 5 Bytes JMP 03630014 .text C:\Windows\explorer.exe[4132] WININET.dll!InternetOpenUrlW 76D78515 3 Bytes JMP 03630036 .text C:\Windows\explorer.exe[4132] WININET.dll!InternetOpenUrlW + 4 76D78519 1 Byte [8C] .text C:\Windows\explorer.exe[4132] ws2_32.dll!socket 773136D1 5 Bytes JMP 03840000 .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!GetStartupInfoW 76771929 5 Bytes JMP 000100A9 .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!GetStartupInfoA 767719C9 5 Bytes JMP 00010098 .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreateProcessW 76771C01 5 Bytes JMP 00010F3E .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreateProcessA 76771C36 5 Bytes JMP 000100CB .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!VirtualProtect 76771DD1 5 Bytes JMP 00010F7E .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreateNamedPipeW 76775C44 5 Bytes JMP 0001002C .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!LoadLibraryExW 7679374A 5 Bytes JMP 00010058 .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!LoadLibraryW 7679382D 5 Bytes JMP 00010FAC .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!VirtualProtectEx 76798F5E 5 Bytes JMP 00010F6D .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!LoadLibraryExA 76799649 5 Bytes JMP 00010F9B .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!LoadLibraryA 76799671 5 Bytes JMP 0001003D .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreatePipe 767A0474 5 Bytes JMP 0001007D .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!GetProcAddress 767BBAC6 5 Bytes JMP 000100F0 .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreateFileW 767BCE4E 5 Bytes JMP 00010000 .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreateFileA 767BD171 5 Bytes JMP 00010FE5 .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!CreateNamedPipeA 7680462E 5 Bytes JMP 0001001B .text C:\Windows\system32\wuauclt.exe[4232] kernel32.dll!WinExec 7680580B 5 Bytes JMP 000100BA .text C:\Windows\system32\wuauclt.exe[4232] msvcrt.dll!_wsystem 77168A47 5 Bytes JMP 00060FD2 .text C:\Windows\system32\wuauclt.exe[4232] msvcrt.dll!system 77168B63 5 Bytes JMP 0006005D .text C:\Windows\system32\wuauclt.exe[4232] msvcrt.dll!_creat 7716C6F1 5 Bytes JMP 0006001D .text C:\Windows\system32\wuauclt.exe[4232] msvcrt.dll!_open 7716DA7E 5 Bytes JMP 00060000 .text C:\Windows\system32\wuauclt.exe[4232] msvcrt.dll!_wcreat 7716DC9E 5 Bytes JMP 00060042 .text C:\Windows\system32\wuauclt.exe[4232] msvcrt.dll!_wopen 7716DE79 5 Bytes JMP 00060FEF .text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegCreateKeyExA 7736B5E7 5 Bytes JMP 0007005B .text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegCreateKeyA 7736B8AE 5 Bytes JMP 00070FC3 .text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegOpenKeyA 77370BF5 5 Bytes JMP 00070FEF .text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegCreateKeyW 7737B83D 5 Bytes JMP 0007004A .text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegCreateKeyExW 7737BCE1 5 Bytes JMP 0007006C .text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegOpenKeyExA 7737D4E8 5 Bytes JMP 0007002F .text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegOpenKeyW 77383CB0 5 Bytes JMP 0007000A .text C:\Windows\system32\wuauclt.exe[4232] ADVAPI32.dll!RegOpenKeyExW 7738F09D 5 Bytes JMP 00070FD4 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806046D6] \SystemRoot\System32\Drivers\spqc.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80604042] \SystemRoot\System32\Drivers\spqc.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80604800] \SystemRoot\System32\Drivers\spqc.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806040C0] \SystemRoot\System32\Drivers\spqc.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8060413E] \SystemRoot\System32\Drivers\spqc.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80613E9C] \SystemRoot\System32\Drivers\spqc.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [73638864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [73679855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7363B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7362FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73637A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [7362EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStreamICM] [7366B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromStream] [7363BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [73630756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [736306BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [736271B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFileICM] [736BD9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipLoadImageFromFile] [73657329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [7362E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [7362697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [736269A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[4132] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [73632475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84A5C1F8 AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\fastfat \FatCdrom 843841F8 AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Dynamiczna struktura WDF/Microsoft Corporation) Device \Driver\volmgr \Device\VolMgrControl 84A581F8 Device \Driver\usbohci \Device\USBPDO-0 849EF1F8 Device \Driver\usbohci \Device\USBPDO-1 849EF1F8 Device \Driver\usbehci \Device\USBPDO-2 85B7F500 Device \Driver\usbohci \Device\USBPDO-3 849EF1F8 Device \Driver\usbohci \Device\USBPDO-4 849EF1F8 AttachedDevice \Driver\tdx \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\usbehci \Device\USBPDO-5 85B7F500 Device \Driver\volmgr \Device\HarddiskVolume1 84A581F8 Device \Driver\volmgr \Device\HarddiskVolume2 84A581F8 Device \Driver\cdrom \Device\CdRom0 85A3B1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84A5A1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-2 84A5A1F8 Device \Driver\atapi \Device\Ide\IdePort0 84A5A1F8 Device \Driver\atapi \Device\Ide\IdePort1 84A5A1F8 Device \Driver\atapi \Device\Ide\IdePort2 84A5A1F8 Device \Driver\atapi \Device\Ide\IdePort3 84A5A1F8 Device \Driver\atapi \Device\Ide\IdePort4 84A5A1F8 Device \Driver\atapi \Device\Ide\IdePort5 84A5A1F8 Device \Driver\atapi \Device\Ide\IdePort6 84A5A1F8 Device \Driver\atapi \Device\Ide\IdePort7 84A5A1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel0 84A5B1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel1 84A5B1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel2 84A5B1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel3 84A5B1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel4 84A5B1F8 Device \Driver\msahci \Device\Ide\PciIde0Channel5 84A5B1F8 Device \Driver\volmgr \Device\HarddiskVolume3 84A581F8 Device \Driver\netbt \Device\NetBT_Tcpip_{0F7D4D79-E951-44A8-84DD-B2B171DEF94F} 871B7500 Device \Driver\netbt \Device\NetBT_Tcpip_{81B752AC-6558-458E-B45D-0348A5A69B8F} 871B7500 Device \Driver\netbt \Device\NetBt_Wins_Export 871B7500 Device \Driver\Smb \Device\NetbiosSmb 871DA1F8 Device \Driver\iScsiPrt \Device\RaidPort0 85BC81F8 AttachedDevice \Driver\tdx \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\tdx \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\usbohci \Device\USBFDO-0 849EF1F8 Device \Driver\usbohci \Device\USBFDO-1 849EF1F8 Device \Driver\usbehci \Device\USBFDO-2 85B7F500 Device \Driver\usbohci \Device\USBFDO-3 849EF1F8 Device \Driver\usbohci \Device\USBFDO-4 849EF1F8 Device \Driver\usbehci \Device\USBFDO-5 85B7F500 Device \FileSystem\fastfat \Fat 843841F8 AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) Device \FileSystem\cdfs \Cdfs 8C1D91F8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFA 0x5D 0x8F 0x15 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0xC8 0xC4 0x59 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0xC1 0xC8 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x45 0xC1 0xC8 0x10 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xFA 0x5D 0x8F 0x15 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA5 0xC8 0xC4 0x59 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x45 0xC1 0xC8 0x10 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x45 0xC1 0xC8 0x10 ... Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Adam\Downloads\7-Zip-Najlepszy program PakujÄ\x2026cy.exe 1 ---- EOF - GMER 1.0.15 ----