GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-07-28 02:52:59 Windows 5.1.2600 Dodatek Service Pack 3 Running: zi5xp1vt.exe; Driver: C:\DOCUME~1\KRZYSZ~1\USTAWI~1\Temp\pwrdrpow.sys ---- System - GMER 1.0.15 ---- SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E] SSDT sptd.sys ZwEnumerateKey [0xB9ED684C] SSDT sptd.sys ZwEnumerateValueKey [0xB9ED6BEC] SSDT sptd.sys ZwOpenKey [0xB9ED1090] SSDT sptd.sys ZwQueryKey [0xB9ED6CC4] SSDT sptd.sys ZwQueryValueKey [0xB9ED6B44] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8BFE] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateFile [0xB9CC1E02] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9CC1DD8] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9CC1DEC] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB9CC1E42] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9CC1D74] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9CC1D88] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB9CC1E16] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9CC1DC4] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9CC1DB0] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9CC1E71] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB9CC1E58] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xB9CC1E2C] Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtCreateFile Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 80502244 7 Bytes JMP B9CC1E30 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 8056E2EE 5 Bytes JMP B9CC1E06 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805A74F0 7 Bytes JMP B9CC1E46 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8306 5 Bytes JMP B9CC1E5C mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA88 7 Bytes JMP B9CC1E1A mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenProcess 805C1316 5 Bytes JMP B9CC1D78 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtOpenThread 805C15A2 5 Bytes JMP B9CC1D8C mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DD4 5 Bytes JMP B9CC1DB4 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73EA 7 Bytes JMP B9CC1DF0 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 805C74A0 5 Bytes JMP B9CC1DDC mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetContextThread 805C79AA 5 Bytes JMP B9CC1DC8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CAA 5 Bytes JMP B9CC1E75 mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text USBPORT.SYS!DllUnload B30898AC 5 Bytes JMP 8A4CF1B8 ? System32\Drivers\a4w5vvb7.SYS System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006A0FEF .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006A0F54 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006A0F65 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006A003F .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006A0F80 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006A0FB6 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006A0095 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006A007A .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006A0F06 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006A0F17 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006A0EF5 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006A0F91 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006A0000 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!CreatePipe 7C81D83F 1 Byte [E9] .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006A0F43 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006A0022 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006A0011 .text C:\WINDOWS\system32\svchost.exe[444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006A0F28 .text C:\WINDOWS\system32\svchost.exe[444] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00690047 .text C:\WINDOWS\system32\svchost.exe[444] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00690FAF .text C:\WINDOWS\system32\svchost.exe[444] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 0069002C .text C:\WINDOWS\system32\svchost.exe[444] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 0069001B .text C:\WINDOWS\system32\svchost.exe[444] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 0069006C .text C:\WINDOWS\system32\svchost.exe[444] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00690000 .text C:\WINDOWS\system32\svchost.exe[444] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00690FCA .text C:\WINDOWS\system32\svchost.exe[444] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [8A, 88] .text C:\WINDOWS\system32\svchost.exe[444] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00690FDB .text C:\WINDOWS\system32\svchost.exe[444] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 0068003A .text C:\WINDOWS\system32\svchost.exe[444] msvcrt.dll!system 77C193C7 5 Bytes JMP 00680FAF .text C:\WINDOWS\system32\svchost.exe[444] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00680029 .text C:\WINDOWS\system32\svchost.exe[444] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00680FEF .text C:\WINDOWS\system32\svchost.exe[444] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00680FCA .text C:\WINDOWS\system32\svchost.exe[444] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 0068000C .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007C0FEF .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007C0FA1 .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 007C0FB2 .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 007C008C .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 007C0FC3 .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 007C0054 .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 007C0F5F .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007C0F70 .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007C0F33 .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007C0F4E .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007C0F22 .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 007C0065 .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 007C0FDE .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007C00A7 .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 007C0039 .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 007C001E .text C:\WINDOWS\system32\svchost.exe[496] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007C00CC .text C:\WINDOWS\system32\svchost.exe[496] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 007B0FB2 .text C:\WINDOWS\system32\svchost.exe[496] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 007B0F72 .text C:\WINDOWS\system32\svchost.exe[496] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 007B0FC3 .text C:\WINDOWS\system32\svchost.exe[496] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 007B0FD4 .text C:\WINDOWS\system32\svchost.exe[496] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 007B002F .text C:\WINDOWS\system32\svchost.exe[496] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 007B0FEF .text C:\WINDOWS\system32\svchost.exe[496] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 007B001E .text C:\WINDOWS\system32\svchost.exe[496] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 007B0F97 .text C:\WINDOWS\system32\svchost.exe[496] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 007A004E .text C:\WINDOWS\system32\svchost.exe[496] msvcrt.dll!system 77C193C7 5 Bytes JMP 007A0FCD .text C:\WINDOWS\system32\svchost.exe[496] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 007A0022 .text C:\WINDOWS\system32\svchost.exe[496] msvcrt.dll!_open 77C1F566 5 Bytes JMP 007A0FEF .text C:\WINDOWS\system32\svchost.exe[496] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 007A0033 .text C:\WINDOWS\system32\svchost.exe[496] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 007A0FDE .text C:\WINDOWS\system32\svchost.exe[496] WS2_32.dll!socket 71A54211 5 Bytes JMP 00790FEF .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00ED0FE5 .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00ED0056 .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00ED003B .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00ED0F61 .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00ED0F7C .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00ED0F9E .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00ED0095 .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00ED0084 .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00ED0F1E .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00ED00C1 .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00ED0F0D .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00ED0F8D .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00ED0FCA .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00ED0067 .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00ED0FB9 .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00ED0000 .text C:\WINDOWS\system32\svchost.exe[620] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00ED00A6 .text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00EC0FC3 .text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00EC0F68 .text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00EC0FD4 .text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00EC0FE5 .text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00EC0F8D .text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00EC0000 .text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00EC002F .text C:\WINDOWS\system32\svchost.exe[620] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00EC0FB2 .text C:\WINDOWS\system32\svchost.exe[620] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00EB005F .text C:\WINDOWS\system32\svchost.exe[620] msvcrt.dll!system 77C193C7 5 Bytes JMP 00EB0044 .text C:\WINDOWS\system32\svchost.exe[620] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00EB0FDE .text C:\WINDOWS\system32\svchost.exe[620] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00EB000C .text C:\WINDOWS\system32\svchost.exe[620] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00EB0033 .text C:\WINDOWS\system32\svchost.exe[620] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00EB0FEF .text C:\WINDOWS\system32\svchost.exe[620] WS2_32.dll!socket 71A54211 5 Bytes JMP 00EA0FEF .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A5000A .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A50079 .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A50F7A .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A50F97 .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A50FA8 .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A50FDE .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A50F31 .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A50F42 .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A500C0 .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A500A5 .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A50F0C .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A50FCD .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A5001B .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A50F5F .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A50FEF .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A50036 .text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A50094 .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00A40025 .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00A40F8D .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00A40FD4 .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00A40FE5 .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00A40FA8 .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00A40000 .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00A40FB9 .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [C5, 88] .text C:\WINDOWS\system32\svchost.exe[800] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00A40040 .text C:\WINDOWS\system32\svchost.exe[800] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00A3003D .text C:\WINDOWS\system32\svchost.exe[800] msvcrt.dll!system 77C193C7 5 Bytes JMP 00A30FA8 .text C:\WINDOWS\system32\svchost.exe[800] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00A30022 .text C:\WINDOWS\system32\svchost.exe[800] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00A30000 .text C:\WINDOWS\system32\svchost.exe[800] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00A30FCD .text C:\WINDOWS\system32\svchost.exe[800] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00A30011 .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F9000A .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F90F7C .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F90F8D .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F9005B .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F90F9E .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F90025 .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F900A2 .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F90F50 .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F900C7 .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F90F2E .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F900E2 .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F90040 .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F90FEF .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F90F61 .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F90FB9 .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F90FD4 .text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F90F3F .text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00F80011 .text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00F80047 .text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00F80000 .text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00F80FD4 .text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00F80036 .text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00F80FEF .text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00F80F94 .text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [19, 89] .text C:\WINDOWS\System32\svchost.exe[908] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00F80FA5 .text C:\WINDOWS\System32\svchost.exe[908] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00F70058 .text C:\WINDOWS\System32\svchost.exe[908] msvcrt.dll!system 77C193C7 5 Bytes JMP 00F70047 .text C:\WINDOWS\System32\svchost.exe[908] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00F70011 .text C:\WINDOWS\System32\svchost.exe[908] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00F70FEF .text C:\WINDOWS\System32\svchost.exe[908] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00F7002C .text C:\WINDOWS\System32\svchost.exe[908] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00F70000 .text C:\WINDOWS\System32\svchost.exe[908] WS2_32.dll!socket 71A54211 5 Bytes JMP 00F60000 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01170000 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01170087 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01170F88 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01170F99 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01170062 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01170FC0 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01170098 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01170F50 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011700D5 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011700C4 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01170F2B .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01170051 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01170011 .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01170F6D .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01170FDB .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0117002C .text C:\WINDOWS\system32\services.exe[1572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011700A9 .text C:\WINDOWS\system32\services.exe[1572] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 01160FD4 .text C:\WINDOWS\system32\services.exe[1572] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 01160040 .text C:\WINDOWS\system32\services.exe[1572] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 0116001B .text C:\WINDOWS\system32\services.exe[1572] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 0116000A .text C:\WINDOWS\system32\services.exe[1572] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 01160F83 .text C:\WINDOWS\system32\services.exe[1572] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 01160FEF .text C:\WINDOWS\system32\services.exe[1572] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 01160F94 .text C:\WINDOWS\system32\services.exe[1572] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [37, 89] .text C:\WINDOWS\system32\services.exe[1572] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 01160FB9 .text C:\WINDOWS\system32\services.exe[1572] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00FF004E .text C:\WINDOWS\system32\services.exe[1572] msvcrt.dll!system 77C193C7 5 Bytes JMP 00FF0033 .text C:\WINDOWS\system32\services.exe[1572] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00FF0018 .text C:\WINDOWS\system32\services.exe[1572] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00FF0FEF .text C:\WINDOWS\system32\services.exe[1572] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00FF0FC3 .text C:\WINDOWS\system32\services.exe[1572] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00FF0FDE .text C:\WINDOWS\system32\services.exe[1572] WS2_32.dll!socket 71A54211 5 Bytes JMP 00FE0000 .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01020FEF .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01020F3C .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01020F57 .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01020F68 .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01020025 .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01020F9E .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01020056 .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01020F04 .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01020ECE .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01020067 .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01020EB3 .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01020F83 .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01020FCA .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01020F21 .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01020FB9 .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01020000 .text C:\WINDOWS\system32\lsass.exe[1592] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01020EF3 .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 01010025 .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 0101006C .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 01010000 .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 01010FD4 .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 0101005B .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 01010FE5 .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 01010FAF .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [22, 89] .text C:\WINDOWS\system32\lsass.exe[1592] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 01010036 .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!_wsystem 77C1931E 1 Byte [E9] .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00FF0022 .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!system 77C193C7 5 Bytes JMP 00FF0011 .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00FF0FBC .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00FF0000 .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00FF0FA1 .text C:\WINDOWS\system32\lsass.exe[1592] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00FF0FE3 .text C:\WINDOWS\system32\lsass.exe[1592] WS2_32.dll!socket 71A54211 5 Bytes JMP 00FE0000 .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1644] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1644] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0069 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE004E .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE003D .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0F8A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0FA5 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0F28 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F43 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0EF2 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE008B .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE009C .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE002C .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0FCA .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE007A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0011 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0000 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE0F0D .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00BD002F .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00BD0087 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00BD0FD4 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00BD0FEF .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00BD0076 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00BD0000 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00BD005B .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00BD0040 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00BC0FAB .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!system 77C193C7 5 Bytes JMP 00BC0036 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00BC0FC6 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00BC0FEF .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00BC001B .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00BC0000 .text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!socket 71A54211 5 Bytes JMP 00B50FEF .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00FEF .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00FB2 .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C000A7 .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00080 .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C0006F .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C0004A .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00F69 .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00F7A .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C00F4E .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C000E7 .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C00F29 .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C00FCD .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C00014 .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C00F97 .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C0002F .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C00FDE .text C:\WINDOWS\system32\svchost.exe[1812] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C000CC .text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00BF0036 .text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00BF0F6F .text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00BF001B .text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00BF0000 .text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00BF0F94 .text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00BF0FE5 .text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyW 77DEBA55 2 Bytes JMP 00BF0FAF .text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyW + 3 77DEBA58 2 Bytes [E0, 88] {LOOPNZ 0xffffffffffffff8a} .text C:\WINDOWS\system32\svchost.exe[1812] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00BF0FC0 .text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00BE0062 .text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!system 77C193C7 5 Bytes JMP 00BE0FCD .text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00BE0FDE .text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00BE0FEF .text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00BE003D .text C:\WINDOWS\system32\svchost.exe[1812] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00BE0018 .text C:\WINDOWS\system32\svchost.exe[1812] WS2_32.dll!socket 71A54211 5 Bytes JMP 00BD0000 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 026B0000 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 026B0078 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 026B0F8D .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026B0F9E .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 026B0051 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 026B0036 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026B0F4B .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 026B0F68 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026B00C2 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026B0F29 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 026B00D3 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 026B0FB9 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 026B0FE5 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 026B0089 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 026B0025 .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 026B0FCA .text C:\WINDOWS\Explorer.EXE[1904] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 026B0F3A .text C:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 02690025 .text C:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 02690F83 .text C:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 02690FD4 .text C:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 02690FEF .text C:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 02690F94 .text C:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 02690000 .text C:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 02690036 .text C:\WINDOWS\Explorer.EXE[1904] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 02690FAF .text C:\WINDOWS\Explorer.EXE[1904] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 02680FAD .text C:\WINDOWS\Explorer.EXE[1904] msvcrt.dll!system 77C193C7 5 Bytes JMP 02680FC8 .text C:\WINDOWS\Explorer.EXE[1904] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 0268002E .text C:\WINDOWS\Explorer.EXE[1904] msvcrt.dll!_open 77C1F566 5 Bytes JMP 02680000 .text C:\WINDOWS\Explorer.EXE[1904] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 02680FD9 .text C:\WINDOWS\Explorer.EXE[1904] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 02680011 .text C:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetOpenA 3FD1D690 5 Bytes JMP 01F2000A .text C:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetOpenW 3FD1DB09 5 Bytes JMP 01F20FE5 .text C:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetOpenUrlA 3FD1F3A4 5 Bytes JMP 01F20025 .text C:\WINDOWS\Explorer.EXE[1904] WININET.dll!InternetOpenUrlW 3FD66DDF 5 Bytes JMP 01F20040 .text C:\WINDOWS\Explorer.EXE[1904] WS2_32.dll!socket 71A54211 5 Bytes JMP 02670FEF .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60000 .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60F9C .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60FAD .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C60FCA .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60087 .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C6005B .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C600D8 .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C600C7 .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C60115 .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C600FA .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60126 .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C60076 .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60FEF .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C600B6 .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C6004A .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C6002F .text C:\WINDOWS\system32\svchost.exe[1964] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C600E9 .text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00C50FCA .text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00C50FAF .text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00C50FE5 .text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00C5001B .text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00C5006C .text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00C50000 .text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00C50051 .text C:\WINDOWS\system32\svchost.exe[1964] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00C50036 .text C:\WINDOWS\system32\svchost.exe[1964] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00C40FA6 .text C:\WINDOWS\system32\svchost.exe[1964] msvcrt.dll!system 77C193C7 5 Bytes JMP 00C40031 .text C:\WINDOWS\system32\svchost.exe[1964] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00C4000C .text C:\WINDOWS\system32\svchost.exe[1964] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00C40FEF .text C:\WINDOWS\system32\svchost.exe[1964] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00C40FB7 .text C:\WINDOWS\system32\svchost.exe[1964] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00C40FD2 .text C:\WINDOWS\system32\svchost.exe[1964] WININET.dll!InternetOpenA 3FD1D690 5 Bytes JMP 00C20000 .text C:\WINDOWS\system32\svchost.exe[1964] WININET.dll!InternetOpenW 3FD1DB09 5 Bytes JMP 00C20FEF .text C:\WINDOWS\system32\svchost.exe[1964] WININET.dll!InternetOpenUrlA 3FD1F3A4 5 Bytes JMP 00C2001B .text C:\WINDOWS\system32\svchost.exe[1964] WININET.dll!InternetOpenUrlW 3FD66DDF 5 Bytes JMP 00C20FCA .text C:\WINDOWS\system32\svchost.exe[1964] WS2_32.dll!socket 71A54211 5 Bytes JMP 00C3000A .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0270000A .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02700F8D .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0270008C .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02700065 .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02700FB2 .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02700FDE .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02700F5F .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02700F70 .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027000F8 .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027000E7 .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02700F4E .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02700FCD .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0270001B .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0270009D .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0270004A .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02700FEF .text C:\WINDOWS\System32\svchost.exe[2020] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 027000C2 .text C:\WINDOWS\System32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 02430025 .text C:\WINDOWS\System32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 02430F8A .text C:\WINDOWS\System32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 0243000A .text C:\WINDOWS\System32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 02430FD4 .text C:\WINDOWS\System32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 02430FAF .text C:\WINDOWS\System32\svchost.exe[2020] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 02430FE5 .text C:\WINDOWS\System32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 02430051 .text C:\WINDOWS\System32\svchost.exe[2020] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 02430040 .text C:\WINDOWS\System32\svchost.exe[2020] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 02420FAD .text C:\WINDOWS\System32\svchost.exe[2020] msvcrt.dll!system 77C193C7 5 Bytes JMP 02420042 .text C:\WINDOWS\System32\svchost.exe[2020] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 02420FE3 .text C:\WINDOWS\System32\svchost.exe[2020] msvcrt.dll!_open 77C1F566 5 Bytes JMP 02420000 .text C:\WINDOWS\System32\svchost.exe[2020] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 02420FD2 .text C:\WINDOWS\System32\svchost.exe[2020] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 0242001D .text C:\WINDOWS\System32\svchost.exe[2020] WS2_32.dll!socket 71A54211 5 Bytes JMP 02410FEF .text C:\WINDOWS\System32\svchost.exe[2020] WININET.dll!InternetOpenA 3FD1D690 5 Bytes JMP 02400FEF .text C:\WINDOWS\System32\svchost.exe[2020] WININET.dll!InternetOpenW 3FD1DB09 5 Bytes JMP 02400000 .text C:\WINDOWS\System32\svchost.exe[2020] WININET.dll!InternetOpenUrlA 3FD1F3A4 5 Bytes JMP 0240001B .text C:\WINDOWS\System32\svchost.exe[2020] WININET.dll!InternetOpenUrlW 3FD66DDF 5 Bytes JMP 02400FCA .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00710FEF .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 007100A2 .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00710087 .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0071006C .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00710FAF .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0071004A .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00710F7C .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 007100CE .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007100FA .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007100DF .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00710115 .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0071005B .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0071000A .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 007100B3 .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00710FD4 .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00710025 .text C:\WINDOWS\System32\svchost.exe[2224] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00710F6B .text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 0070001B .text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00700FA5 .text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00700FC0 .text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00700FDB .text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00700062 .text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00700000 .text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00700047 .text C:\WINDOWS\System32\svchost.exe[2224] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 0070002C .text C:\WINDOWS\System32\svchost.exe[2224] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 006F0FA8 .text C:\WINDOWS\System32\svchost.exe[2224] msvcrt.dll!system 77C193C7 5 Bytes JMP 006F003D .text C:\WINDOWS\System32\svchost.exe[2224] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 006F0FCD .text C:\WINDOWS\System32\svchost.exe[2224] msvcrt.dll!_open 77C1F566 5 Bytes JMP 006F0000 .text C:\WINDOWS\System32\svchost.exe[2224] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 006F0022 .text C:\WINDOWS\System32\svchost.exe[2224] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 006F0011 .text C:\WINDOWS\System32\svchost.exe[2224] WS2_32.dll!socket 71A54211 5 Bytes JMP 006E0000 .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00710000 .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00710089 .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0071006E .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00710F94 .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00710FA5 .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0071003D .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00710F5E .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00710F6F .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007100CB .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00710F32 .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007100DC .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00710FB6 .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00710011 .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0071009A .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00710FD1 .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00710022 .text C:\WINDOWS\System32\svchost.exe[2368] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00710F43 .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 0070003D .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00700084 .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 0070002C .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00700011 .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00700073 .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00700000 .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00700058 .text C:\WINDOWS\System32\svchost.exe[2368] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00700FD1 .text C:\WINDOWS\System32\svchost.exe[2368] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 006F0FD4 .text C:\WINDOWS\System32\svchost.exe[2368] msvcrt.dll!system 77C193C7 5 Bytes JMP 006F0FEF .text C:\WINDOWS\System32\svchost.exe[2368] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 006F003A .text C:\WINDOWS\System32\svchost.exe[2368] msvcrt.dll!_open 77C1F566 5 Bytes JMP 006F000C .text C:\WINDOWS\System32\svchost.exe[2368] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 006F0055 .text C:\WINDOWS\System32\svchost.exe[2368] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 006F001D .text C:\WINDOWS\System32\svchost.exe[2368] WS2_32.dll!socket 71A54211 5 Bytes JMP 006E0FEF .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C60FEF .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C60069 .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C60F74 .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C6004E .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C60F91 .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C6002C .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C6009F .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C60084 .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C60F28 .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C600C1 .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C60F17 .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C6003D .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C60FCA .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C60F63 .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C6001B .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C6000A .text C:\WINDOWS\system32\svchost.exe[2692] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C600B0 .text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00C50028 .text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00C50F97 .text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00C50FCD .text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00C50FDE .text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00C50FA8 .text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00C50FEF .text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 00C5004A .text C:\WINDOWS\system32\svchost.exe[2692] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 00C50039 .text C:\WINDOWS\system32\svchost.exe[2692] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 00C40FD2 .text C:\WINDOWS\system32\svchost.exe[2692] msvcrt.dll!system 77C193C7 5 Bytes JMP 00C40053 .text C:\WINDOWS\system32\svchost.exe[2692] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 00C40FE3 .text C:\WINDOWS\system32\svchost.exe[2692] msvcrt.dll!_open 77C1F566 5 Bytes JMP 00C40000 .text C:\WINDOWS\system32\svchost.exe[2692] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 00C40038 .text C:\WINDOWS\system32\svchost.exe[2692] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 00C4001D .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001B0FEF .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001B0F8D .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001B0082 .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001B0065 .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001B004A .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001B0FB9 .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001B00C1 .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001B00A4 .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001B00E6 .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001B0F4D .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001B010B .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001B0FA8 .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001B000A .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001B0093 .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001B0FD4 .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001B001B .text C:\WINDOWS\system32\wuauclt.exe[3484] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001B0F68 .text C:\WINDOWS\system32\wuauclt.exe[3484] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 002F0F97 .text C:\WINDOWS\system32\wuauclt.exe[3484] msvcrt.dll!system 77C193C7 5 Bytes JMP 002F0FA8 .text C:\WINDOWS\system32\wuauclt.exe[3484] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 002F0FDE .text C:\WINDOWS\system32\wuauclt.exe[3484] msvcrt.dll!_open 77C1F566 5 Bytes JMP 002F000C .text C:\WINDOWS\system32\wuauclt.exe[3484] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 002F0FC3 .text C:\WINDOWS\system32\wuauclt.exe[3484] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 002F0FEF .text C:\WINDOWS\system32\wuauclt.exe[3484] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 00300FC0 .text C:\WINDOWS\system32\wuauclt.exe[3484] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 00300F80 .text C:\WINDOWS\system32\wuauclt.exe[3484] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 00300FDB .text C:\WINDOWS\system32\wuauclt.exe[3484] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 00300011 .text C:\WINDOWS\system32\wuauclt.exe[3484] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 00300F9B .text C:\WINDOWS\system32\wuauclt.exe[3484] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 00300000 .text C:\WINDOWS\system32\wuauclt.exe[3484] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 0030003D .text C:\WINDOWS\system32\wuauclt.exe[3484] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 0030002C .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 026A0000 .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 026A00B3 .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 026A00A2 .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 026A0FBE .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 026A007D .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 026A0051 .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 026A00EB .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 026A0FA3 .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026A0F63 .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026A0F7E .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 026A0121 .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 026A006C .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 026A001B .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 026A00CE .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 026A0FE5 .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 026A0036 .text C:\WINDOWS\system32\wuauclt.exe[4004] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 026A00FC .text C:\WINDOWS\system32\wuauclt.exe[4004] msvcrt.dll!_wsystem 77C1931E 5 Bytes JMP 02680064 .text C:\WINDOWS\system32\wuauclt.exe[4004] msvcrt.dll!system 77C193C7 5 Bytes JMP 02680049 .text C:\WINDOWS\system32\wuauclt.exe[4004] msvcrt.dll!_creat 77C1D40F 5 Bytes JMP 0268001D .text C:\WINDOWS\system32\wuauclt.exe[4004] msvcrt.dll!_open 77C1F566 5 Bytes JMP 02680000 .text C:\WINDOWS\system32\wuauclt.exe[4004] msvcrt.dll!_wcreat 77C1FC9B 5 Bytes JMP 0268002E .text C:\WINDOWS\system32\wuauclt.exe[4004] msvcrt.dll!_wopen 77C20055 5 Bytes JMP 02680FE3 .text C:\WINDOWS\system32\wuauclt.exe[4004] ADVAPI32.dll!RegOpenKeyExW 77DC6AAF 5 Bytes JMP 02690FD1 .text C:\WINDOWS\system32\wuauclt.exe[4004] ADVAPI32.dll!RegCreateKeyExW 77DC776C 5 Bytes JMP 02690FAC .text C:\WINDOWS\system32\wuauclt.exe[4004] ADVAPI32.dll!RegOpenKeyExA 77DC7852 5 Bytes JMP 0269002C .text C:\WINDOWS\system32\wuauclt.exe[4004] ADVAPI32.dll!RegOpenKeyW 77DC7946 5 Bytes JMP 0269001B .text C:\WINDOWS\system32\wuauclt.exe[4004] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 5 Bytes JMP 02690069 .text C:\WINDOWS\system32\wuauclt.exe[4004] ADVAPI32.dll!RegOpenKeyA 77DCEFC8 5 Bytes JMP 02690000 .text C:\WINDOWS\system32\wuauclt.exe[4004] ADVAPI32.dll!RegCreateKeyW 77DEBA55 5 Bytes JMP 0269004E .text C:\WINDOWS\system32\wuauclt.exe[4004] ADVAPI32.dll!RegCreateKeyA 77DEBCF3 5 Bytes JMP 0269003D .text C:\WINDOWS\system32\wuauclt.exe[4004] WS2_32.dll!socket 71A54211 5 Bytes JMP 02670000 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9ED1ABA] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9ED1C00] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9ED1B82] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9ED272E] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9ED2604] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EE4B9A] sptd.sys ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8A81E980 AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG) AttachedDevice \FileSystem\Ntfs \Ntfs PQV2i.sys (StorageCraft Volume Snap-Shot/StorageCraft) Device \FileSystem\Fastfat \FatCdrom 8AB491D8 AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\NetBT \Device\NetBT_Tcpip_{89C28625-3C35-4AE2-9D17-1581DE53C975} 8A7781D8 Device \Driver\usbohci \Device\USBPDO-0 8A4CE1D8 Device \Driver\usbohci \Device\USBPDO-1 8A4CE1D8 Device \Driver\usbehci \Device\USBPDO-2 8A4B71D8 AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\Ftdisk \Device\HarddiskVolume1 8AB4B1D8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\Ftdisk \Device\HarddiskVolume2 8AB4B1D8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\Cdrom \Device\CdRom0 8A4AB1D8 Device \Driver\Ftdisk \Device\HarddiskVolume3 8AB4B1D8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\Cdrom \Device\CdRom1 8A4AB1D8 Device \Driver\Ftdisk \Device\HarddiskVolume4 8AB4B1D8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 hotcore3.sys (Hotbackup helper driver/Paragon Software Group) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis) Device \Driver\NetBT \Device\NetBt_Wins_Export 8A7781D8 Device \Driver\NetBT \Device\NetbiosSmb 8A7781D8 Device ACPI.sys (Sterownik ACPI dla systemu NT/Microsoft Corporation) Device \Driver\USBSTOR \Device\00000087 8A7DF520 Device \Driver\00000057 \Device\0000005c sptd.sys AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\USBSTOR \Device\00000089 8A7DF520 AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \Driver\usbohci \Device\USBFDO-0 8A4CE1D8 Device \Driver\usbohci \Device\USBFDO-1 8A4CE1D8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A75B1D8 Device \Driver\usbehci \Device\USBFDO-2 8A4B71D8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A75B1D8 Device \Driver\Ftdisk \Device\FtControl 8AB4B1D8 Device \Driver\a4w5vvb7 \Device\Scsi\a4w5vvb71 8A4A41D8 Device \Driver\a4w5vvb7 \Device\Scsi\a4w5vvb71Port2Path0Target1Lun0 8A4A41D8 Device \FileSystem\Fastfat \Fat 8AB491D8 AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.) Device \FileSystem\Cdfs \Cdfs 8A882550 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x65 0xCC 0x39 0x7E ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xFB 0xCE 0xB5 0x63 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xEA 0x31 0x46 0x12 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3C 0xB1 0xEA 0xDF ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x71 0x3C 0x3F 0x68 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF3 0xCC 0xAE 0xAB ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xEA 0x31 0x46 0x12 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 41211558 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 1043536189 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3D 0xCC 0xD8 0xD2 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x71 0x3C 0x3F 0x68 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF3 0xCC 0xAE 0xAB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xEA 0x31 0x46 0x12 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAB 0xA3 0xCD 0x8F ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0x6B 0x95 0xCC ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x71 0x3C 0x3F 0x68 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF3 0xCC 0xAE 0xAB ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0x4D 0x82 0x32 0x74 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 52\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x3D 0xCC 0xD8 0xD2 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x71 0x3C 0x3F 0x68 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0xF3 0xCC 0xAE 0xAB ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg41@ujdew 0xEA 0x31 0x46 0x12 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAB 0xA3 0xCD 0x8F ... ---- Disk sectors - GMER 1.0.15 ---- Disk \Device\Harddisk0\DR0 sector 62: copy of MBR ---- EOF - GMER 1.0.15 ----