GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-10 12:02:50 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.2AK1 Running: bzorz5c6.exe; Driver: C:\Users\HP\AppData\Local\Temp\uxldipow.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x889B0F08] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x889B0F32] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x889B0F1E] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x889B0EF4] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 8243F5F5 5 Bytes JMP 889B0EF8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 824513C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8248AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} ? C:\Windows\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[464] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 6DB180B0 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[464] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 6DB181B0 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.) .text C:\Windows\system32\svchost.exe[472] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 005A000A .text C:\Windows\system32\svchost.exe[472] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 005A0025 .text C:\Windows\system32\svchost.exe[472] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 005A0FCA .text C:\Windows\system32\svchost.exe[472] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 005A0FE5 .text C:\Windows\system32\svchost.exe[472] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00A60091 .text C:\Windows\system32\svchost.exe[472] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 00A600F3 .text C:\Windows\system32\svchost.exe[472] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 00A600E2 .text C:\Windows\system32\svchost.exe[472] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 00A6000A .text C:\Windows\system32\svchost.exe[472] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 00A60065 .text C:\Windows\system32\svchost.exe[472] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00A60F8D .text C:\Windows\system32\svchost.exe[472] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00A60054 .text C:\Windows\system32\svchost.exe[472] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 00A60104 .text C:\Windows\system32\svchost.exe[472] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00A60FA8 .text C:\Windows\system32\svchost.exe[472] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 00A600AC .text C:\Windows\system32\svchost.exe[472] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 00A60FDE .text C:\Windows\system32\svchost.exe[472] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 00A60FEF .text C:\Windows\system32\svchost.exe[472] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00A60025 .text C:\Windows\system32\svchost.exe[472] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 00A60F68 .text C:\Windows\system32\svchost.exe[472] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 00A60FC3 .text C:\Windows\system32\svchost.exe[472] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 00A600C7 .text C:\Windows\system32\svchost.exe[472] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 00A60080 .text C:\Windows\system32\svchost.exe[472] msvcrt.dll!_open 77247E48 5 Bytes JMP 00A5000C .text C:\Windows\system32\svchost.exe[472] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 00A50FA3 .text C:\Windows\system32\svchost.exe[472] msvcrt.dll!system 7727B177 5 Bytes JMP 00A5002E .text C:\Windows\system32\svchost.exe[472] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 00A5001D .text C:\Windows\system32\svchost.exe[472] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 00A50FBE .text C:\Windows\system32\svchost.exe[472] msvcrt.dll!_wopen 77280578 5 Bytes JMP 00A50FE3 .text C:\Windows\system32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 00660FEF .text C:\Windows\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 00660FCA .text C:\Windows\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 00660062 .text C:\Windows\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 00660051 .text C:\Windows\system32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 00660000 .text C:\Windows\system32\svchost.exe[472] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 00660FAF .text C:\Windows\system32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 00660036 .text C:\Windows\system32\svchost.exe[472] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 0066001B .text C:\Windows\system32\svchost.exe[472] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 00A40FEF .text C:\Windows\system32\services.exe[652] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 00120000 .text C:\Windows\system32\services.exe[652] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 00120051 .text C:\Windows\system32\services.exe[652] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 00120040 .text C:\Windows\system32\services.exe[652] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 00120025 .text C:\Windows\system32\services.exe[652] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 001A008E .text C:\Windows\system32\services.exe[652] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 001A00D5 .text C:\Windows\system32\services.exe[652] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 001A00C4 .text C:\Windows\system32\services.exe[652] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 001A0FC3 .text C:\Windows\system32\services.exe[652] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 001A0F79 .text C:\Windows\system32\services.exe[652] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 001A0051 .text C:\Windows\system32\services.exe[652] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 001A0F8A .text C:\Windows\system32\services.exe[652] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 001A00FA .text C:\Windows\system32\services.exe[652] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 001A0025 .text C:\Windows\system32\services.exe[652] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 001A009F .text C:\Windows\system32\services.exe[652] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 001A0FE5 .text C:\Windows\system32\services.exe[652] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 001A0000 .text C:\Windows\system32\services.exe[652] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 001A0036 .text C:\Windows\system32\services.exe[652] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 001A007D .text C:\Windows\system32\services.exe[652] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 001A0FD4 .text C:\Windows\system32\services.exe[652] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 001A0F40 .text C:\Windows\system32\services.exe[652] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 001A006C .text C:\Windows\system32\services.exe[652] msvcrt.dll!_open 77247E48 5 Bytes JMP 00190FEF .text C:\Windows\system32\services.exe[652] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 00190F83 .text C:\Windows\system32\services.exe[652] msvcrt.dll!system 7727B177 5 Bytes JMP 00190F9E .text C:\Windows\system32\services.exe[652] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 00190FD4 .text C:\Windows\system32\services.exe[652] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 00190FC3 .text C:\Windows\system32\services.exe[652] msvcrt.dll!_wopen 77280578 5 Bytes JMP 00190018 .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 00170000 .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 0017006C .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 00170FDB .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 0017007D .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 0017001B .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 00170FCA .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 00170051 .text C:\Windows\system32\services.exe[652] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 00170036 .text C:\Windows\system32\services.exe[652] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 00180FEF .text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 00210FE5 .text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 0021000A .text C:\Windows\system32\lsass.exe[684] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 00210FB9 .text C:\Windows\system32\lsass.exe[684] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 00210FCA .text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00640F35 .text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 0064009B .text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 0064008A .text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 00640036 .text C:\Windows\system32\lsass.exe[684] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 00640F72 .text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00640F9E .text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00640F83 .text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 006400AC .text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00640FCA .text C:\Windows\system32\lsass.exe[684] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 00640F10 .text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 00640FEF .text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 00640000 .text C:\Windows\system32\lsass.exe[684] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00640FAF .text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 00640F46 .text C:\Windows\system32\lsass.exe[684] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 00640025 .text C:\Windows\system32\lsass.exe[684] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 00640079 .text C:\Windows\system32\lsass.exe[684] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 00640F57 .text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_open 77247E48 5 Bytes JMP 00240000 .text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 00240042 .text C:\Windows\system32\lsass.exe[684] msvcrt.dll!system 7727B177 5 Bytes JMP 00240FB7 .text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 00240FE3 .text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 00240FD2 .text C:\Windows\system32\lsass.exe[684] msvcrt.dll!_wopen 77280578 5 Bytes JMP 0024001D .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 00220FE5 .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 00220025 .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 00220036 .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 00220F94 .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 00220FCA .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 00220051 .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 00220FB9 .text C:\Windows\system32\lsass.exe[684] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 00220000 .text C:\Windows\system32\lsass.exe[684] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 00230FEF .text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 00290FEF .text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 00290FCD .text C:\Windows\system32\svchost.exe[804] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 00290014 .text C:\Windows\system32\svchost.exe[804] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 00290FDE .text C:\Windows\system32\svchost.exe[804] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00340F6F .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 00340F2F .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 00340F40 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 0034001B .text C:\Windows\system32\svchost.exe[804] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 0034006C .text C:\Windows\system32\svchost.exe[804] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00340051 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00340F94 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 003400DF .text C:\Windows\system32\svchost.exe[804] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00340FAF .text C:\Windows\system32\svchost.exe[804] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 003400B3 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 00340FEF .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 0034000A .text C:\Windows\system32\svchost.exe[804] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00340040 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 00340098 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 00340FD4 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 003400C4 .text C:\Windows\system32\svchost.exe[804] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 0034007D .text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_open 77247E48 5 Bytes JMP 00330000 .text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 0033003D .text C:\Windows\system32\svchost.exe[804] msvcrt.dll!system 7727B177 5 Bytes JMP 00330FB2 .text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 00330022 .text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 00330FCD .text C:\Windows\system32\svchost.exe[804] msvcrt.dll!_wopen 77280578 5 Bytes JMP 00330011 .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 00310FEF .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 00310FAF .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 00310040 .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 00310F9E .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 0031000A .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 00310051 .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 0031001B .text C:\Windows\system32\svchost.exe[804] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 00310FD4 .text C:\Windows\system32\svchost.exe[804] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 00320FEF .text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 00140FE5 .text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 00140036 .text C:\Windows\system32\svchost.exe[884] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 0014001B .text C:\Windows\system32\svchost.exe[884] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 00140000 .text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00210F3C .text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 002100B6 .text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 0021009B .text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 00210FCA .text C:\Windows\system32\svchost.exe[884] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 00210F72 .text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00210F94 .text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00210F83 .text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 002100C7 .text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00210FAF .text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 00210080 .text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 00210FE5 .text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 00210000 .text C:\Windows\system32\svchost.exe[884] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00210036 .text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 00210F57 .text C:\Windows\system32\svchost.exe[884] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 0021001B .text C:\Windows\system32\svchost.exe[884] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 00210F21 .text C:\Windows\system32\svchost.exe[884] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 0021006F .text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_open 77247E48 5 Bytes JMP 00170FEF .text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 00170FCD .text C:\Windows\system32\svchost.exe[884] msvcrt.dll!system 7727B177 5 Bytes JMP 00170FDE .text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 00170029 .text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 0017004E .text C:\Windows\system32\svchost.exe[884] msvcrt.dll!_wopen 77280578 5 Bytes JMP 0017000C .text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 00150FEF .text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 00150FAF .text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 00150F94 .text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 00150036 .text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 00150000 .text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 00150051 .text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 00150FC0 .text C:\Windows\system32\svchost.exe[884] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 00150011 .text C:\Windows\system32\svchost.exe[884] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 00160FEF .text C:\Windows\System32\svchost.exe[960] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 00A80000 .text C:\Windows\System32\svchost.exe[960] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 00A80FAF .text C:\Windows\System32\svchost.exe[960] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 00A80FCA .text C:\Windows\System32\svchost.exe[960] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 00A80FE5 .text C:\Windows\System32\svchost.exe[960] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 01090F8A .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 01090F39 .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 01090F4A .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 01090047 .text C:\Windows\System32\svchost.exe[960] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 01090FB6 .text C:\Windows\System32\svchost.exe[960] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 0109007D .text C:\Windows\System32\svchost.exe[960] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 0109008E .text C:\Windows\System32\svchost.exe[960] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 01090F1E .text C:\Windows\System32\svchost.exe[960] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 01090FDB .text C:\Windows\System32\svchost.exe[960] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 01090F6F .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 0109001B .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 01090000 .text C:\Windows\System32\svchost.exe[960] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 01090062 .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 01090F9B .text C:\Windows\System32\svchost.exe[960] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 0109002C .text C:\Windows\System32\svchost.exe[960] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 010900C4 .text C:\Windows\System32\svchost.exe[960] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 010900A9 .text C:\Windows\System32\svchost.exe[960] msvcrt.dll!_open 77247E48 5 Bytes JMP 01080FEF .text C:\Windows\System32\svchost.exe[960] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 0108007A .text C:\Windows\System32\svchost.exe[960] msvcrt.dll!system 7727B177 5 Bytes JMP 01080069 .text C:\Windows\System32\svchost.exe[960] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 01080033 .text C:\Windows\System32\svchost.exe[960] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 01080044 .text C:\Windows\System32\svchost.exe[960] msvcrt.dll!_wopen 77280578 5 Bytes JMP 01080018 .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 00AA000A .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 00AA0FD1 .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 00AA0FAC .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 00AA0058 .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 00AA001B .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 00AA0069 .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 00AA003D .text C:\Windows\System32\svchost.exe[960] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 00AA002C .text C:\Windows\System32\svchost.exe[960] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 00E50000 .text C:\Windows\System32\svchost.exe[1028] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 009C0FEF .text C:\Windows\System32\svchost.exe[1028] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 009C0FA8 .text C:\Windows\System32\svchost.exe[1028] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 009C0FB9 .text C:\Windows\System32\svchost.exe[1028] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 009C0FCA .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00A400C0 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 00A40F50 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 00A40F61 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 00A4004A .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 00A40FB2 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00A4008A .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00A40FC3 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 00A40100 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00A40065 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 00A400D1 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 00A4001B .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 00A4000A .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00A40FDE .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 00A40FA1 .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 00A40FEF .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 00A40F7C .text C:\Windows\System32\svchost.exe[1028] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 00A400AF .text C:\Windows\System32\svchost.exe[1028] msvcrt.dll!_open 77247E48 5 Bytes JMP 009F0FEF .text C:\Windows\System32\svchost.exe[1028] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 009F0036 .text C:\Windows\System32\svchost.exe[1028] msvcrt.dll!system 7727B177 5 Bytes JMP 009F0FAB .text C:\Windows\System32\svchost.exe[1028] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 009F0FC6 .text C:\Windows\System32\svchost.exe[1028] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 009F001B .text C:\Windows\System32\svchost.exe[1028] msvcrt.dll!_wopen 77280578 5 Bytes JMP 009F0000 .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 009D0FE5 .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 009D0025 .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 009D0F8D .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 009D0FA8 .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 009D0FD4 .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 009D0054 .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 009D0FB9 .text C:\Windows\System32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 009D000A .text C:\Windows\System32\svchost.exe[1028] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 009E0FEF .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 00A00000 .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 00A0001B .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 00A00FCA .text C:\Windows\system32\svchost.exe[1068] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 00A00FE5 .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00A40080 .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 00A40F17 .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 00A400AC .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 00A40FA8 .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 00A4004A .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00A40F7C .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00A40039 .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 00A40F06 .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00A4001E .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 00A40091 .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 00A40FDE .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 00A40FEF .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00A40F97 .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 00A40F4D .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 00A40FC3 .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 00A40F3C .text C:\Windows\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 00A4005B .text C:\Windows\system32\svchost.exe[1068] msvcrt.dll!_open 77247E48 5 Bytes JMP 00A30000 .text C:\Windows\system32\svchost.exe[1068] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 00A30FC3 .text C:\Windows\system32\svchost.exe[1068] msvcrt.dll!system 7727B177 5 Bytes JMP 00A30FD4 .text C:\Windows\system32\svchost.exe[1068] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 00A30FEF .text C:\Windows\system32\svchost.exe[1068] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 00A30044 .text C:\Windows\system32\svchost.exe[1068] msvcrt.dll!_wopen 77280578 5 Bytes JMP 00A3001D .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 00A10FEF .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 00A10F9E .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 00A10F8D .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 00A10025 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 00A10FD4 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 00A10F72 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 00A10FB9 .text C:\Windows\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 00A1000A .text C:\Windows\system32\svchost.exe[1068] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 00A20000 .text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 002E000A .text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 002E002C .text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 002E001B .text C:\Windows\system32\svchost.exe[1376] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 002E0FE5 .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00A20F3C .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 00A200C0 .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 00A20F2B .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 00A20FC3 .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 00A2005B .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00A20F83 .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00A2004A .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 00A20F1A .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00A20F9E .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 00A20080 .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 00A20FE5 .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 00A20000 .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00A20025 .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 00A20F57 .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 00A20FD4 .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 00A2009B .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 00A20F68 .text C:\Windows\system32\svchost.exe[1376] msvcrt.dll!_open 77247E48 5 Bytes JMP 009D0FEF .text C:\Windows\system32\svchost.exe[1376] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 009D0FB7 .text C:\Windows\system32\svchost.exe[1376] msvcrt.dll!system 7727B177 5 Bytes JMP 009D0038 .text C:\Windows\system32\svchost.exe[1376] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 009D000C .text C:\Windows\system32\svchost.exe[1376] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 009D0027 .text C:\Windows\system32\svchost.exe[1376] msvcrt.dll!_wopen 77280578 5 Bytes JMP 009D0FD2 .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 009A0FEF .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 009A0FCD .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 009A0F97 .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 009A0FA8 .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 009A000A .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 009A005E .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 009A002F .text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 009A0FDE .text C:\Windows\system32\svchost.exe[1376] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 009B0000 .text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 00A80000 .text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 00A80FCA .text C:\Windows\system32\svchost.exe[1472] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 00A80FE5 .text C:\Windows\system32\svchost.exe[1472] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 00A80011 .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00EA0F50 .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 00EA0F09 .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 00EA009E .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 00EA0FB2 .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 00EA0054 .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00EA001E .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00EA0039 .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 00EA0EF8 .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00EA0FA1 .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 00EA0F3F .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 00EA0FDE .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 00EA0FEF .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00EA0F7C .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 00EA0F61 .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 00EA0FCD .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 00EA0F24 .text C:\Windows\system32\svchost.exe[1472] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 00EA0065 .text C:\Windows\system32\svchost.exe[1472] msvcrt.dll!_open 77247E48 5 Bytes JMP 00AB0000 .text C:\Windows\system32\svchost.exe[1472] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 00AB0FBC .text C:\Windows\system32\svchost.exe[1472] msvcrt.dll!system 7727B177 5 Bytes JMP 00AB0047 .text C:\Windows\system32\svchost.exe[1472] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 00AB0FD7 .text C:\Windows\system32\svchost.exe[1472] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 00AB002C .text C:\Windows\system32\svchost.exe[1472] msvcrt.dll!_wopen 77280578 5 Bytes JMP 00AB0011 .text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 00A90FEF .text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 00A90FA1 .text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 00A90F6B .text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 00A90F86 .text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 00A90FDE .text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 00A90028 .text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 00A90FB2 .text C:\Windows\system32\svchost.exe[1472] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 00A90FC3 .text C:\Windows\system32\svchost.exe[1472] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 00AA0FEF .text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 008A0FEF .text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 008A001E .text C:\Windows\system32\svchost.exe[1592] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 008A0FC3 .text C:\Windows\system32\svchost.exe[1592] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 008A0FDE .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 009A0F5A .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 009A00B9 .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 009A0F24 .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 009A0FB2 .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 009A005E .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 009A0039 .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 009A0F86 .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 009A0F09 .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 009A0FA1 .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 009A009E .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 009A0FD4 .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 009A0FEF .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 009A001E .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 009A0F6B .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 009A0FC3 .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 009A0F3F .text C:\Windows\system32\svchost.exe[1592] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 009A006F .text C:\Windows\system32\svchost.exe[1592] msvcrt.dll!_open 77247E48 5 Bytes JMP 008D0FEF .text C:\Windows\system32\svchost.exe[1592] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 008D0F8E .text C:\Windows\system32\svchost.exe[1592] msvcrt.dll!system 7727B177 5 Bytes JMP 008D0F9F .text C:\Windows\system32\svchost.exe[1592] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 008D0FC1 .text C:\Windows\system32\svchost.exe[1592] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 008D0FB0 .text C:\Windows\system32\svchost.exe[1592] msvcrt.dll!_wopen 77280578 5 Bytes JMP 008D0FD2 .text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 008B0FEF .text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 008B002C .text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 008B0F8A .text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 008B0F9B .text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 008B000A .text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 008B0051 .text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 008B0FC0 .text C:\Windows\system32\svchost.exe[1592] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 008B001B .text C:\Windows\system32\svchost.exe[1592] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 008C0FEF .text C:\Windows\system32\svchost.exe[2312] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 00290000 .text C:\Windows\system32\svchost.exe[2312] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 0029002F .text C:\Windows\system32\svchost.exe[2312] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 00290FDE .text C:\Windows\system32\svchost.exe[2312] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 00290FEF .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00110F86 .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 00110F5A .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 00110F6B .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 00110040 .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 00110094 .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00110FC3 .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00110FB2 .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 0011010A .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00110051 .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 001100CA .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 00110FEF .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 0011000A .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00110FD4 .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 00110FA1 .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 0011002F .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 001100E5 .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 001100A5 .text C:\Windows\system32\svchost.exe[2312] msvcrt.dll!_open 77247E48 5 Bytes JMP 002C0000 .text C:\Windows\system32\svchost.exe[2312] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 002C0033 .text C:\Windows\system32\svchost.exe[2312] msvcrt.dll!system 7727B177 5 Bytes JMP 002C0FB2 .text C:\Windows\system32\svchost.exe[2312] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 002C0FD7 .text C:\Windows\system32\svchost.exe[2312] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 002C0022 .text C:\Windows\system32\svchost.exe[2312] msvcrt.dll!_wopen 77280578 5 Bytes JMP 002C0011 .text C:\Windows\system32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 002B0FE5 .text C:\Windows\system32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 002B0F94 .text C:\Windows\system32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 002B0040 .text C:\Windows\system32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 002B001B .text C:\Windows\system32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 002B0FCA .text C:\Windows\system32\svchost.exe[2312] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 002B0051 .text C:\Windows\system32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 002B0FA5 .text C:\Windows\system32\svchost.exe[2312] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 002B0000 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 00040000 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 00040FDB .text C:\Program Files\Internet Explorer\iexplore.exe[2764] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 0004002C .text C:\Program Files\Internet Explorer\iexplore.exe[2764] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 00040011 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00010F65 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 00010F1B .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 000100B0 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 00010047 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 0001008E .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00010FD1 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00010FB6 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 000100C1 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00010062 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 00010F4A .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 0001001B .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 00010000 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00010073 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 00010F76 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 00010036 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 0001009F .text C:\Program Files\Internet Explorer\iexplore.exe[2764] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 00010F9B .text C:\Program Files\Internet Explorer\iexplore.exe[2764] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 00060FEF .text C:\Program Files\Internet Explorer\iexplore.exe[2764] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 00060054 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 00060FA8 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 00060FC3 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 0006000A .text C:\Program Files\Internet Explorer\iexplore.exe[2764] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 00060065 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 00060039 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 00060FDE .text C:\Program Files\Internet Explorer\iexplore.exe[2764] msvcrt.dll!_open 77247E48 5 Bytes JMP 00070000 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 00070FC3 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] msvcrt.dll!system 7727B177 5 Bytes JMP 00070044 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 00070022 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 00070033 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] msvcrt.dll!_wopen 77280578 5 Bytes JMP 00070011 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!EnableWindow 758F8D02 5 Bytes JMP 71F09EB4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2764] USER32.dll!DialogBoxParamW 75913B9B 5 Bytes JMP 71E61893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2764] WININET.dll!InternetOpenA 75DAD5E8 5 Bytes JMP 00080FEF .text C:\Program Files\Internet Explorer\iexplore.exe[2764] WININET.dll!InternetOpenUrlA 75DBE1C6 5 Bytes JMP 0008001B .text C:\Program Files\Internet Explorer\iexplore.exe[2764] WININET.dll!InternetOpenW 75DCC596 5 Bytes JMP 0008000A .text C:\Program Files\Internet Explorer\iexplore.exe[2764] WININET.dll!InternetOpenUrlW 75E1DBF8 5 Bytes JMP 00080036 .text C:\Program Files\Internet Explorer\iexplore.exe[2764] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 011B0000 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 00040FEF .text C:\Program Files\Internet Explorer\iexplore.exe[3328] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 0004002F .text C:\Program Files\Internet Explorer\iexplore.exe[3328] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 00040FD4 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 0004000A .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00010F3C .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 00010091 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 00010F06 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 00010025 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 0001005B .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00010FA8 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00010F83 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 000100AC .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00010040 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!CreateThread 7731DCC2 5 Bytes JMP 71EC75E3 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 00010F21 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 00010FD4 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 00010FEF .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00010FB9 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 00010F4D .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 00010014 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 00010080 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 00010F68 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 000D0FEF .text C:\Program Files\Internet Explorer\iexplore.exe[3328] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 000D0047 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 000D007D .text C:\Program Files\Internet Explorer\iexplore.exe[3328] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 000D0062 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 000D000A .text C:\Program Files\Internet Explorer\iexplore.exe[3328] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 000D0FB6 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 000D0036 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 000D0025 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] msvcrt.dll!_open 77247E48 5 Bytes JMP 000E0FEF .text C:\Program Files\Internet Explorer\iexplore.exe[3328] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 000E0FB0 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] msvcrt.dll!system 7727B177 5 Bytes JMP 000E003B .text C:\Program Files\Internet Explorer\iexplore.exe[3328] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 000E0FD2 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 000E0FC1 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] msvcrt.dll!_wopen 77280578 5 Bytes JMP 000E000C .text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!EnableWindow 758F8D02 5 Bytes JMP 71F09EB4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!GetAsyncKeyState 758FA256 5 Bytes JMP 71EADEDD C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!CallNextHookEx 758FABE1 5 Bytes JMP 71F27FDF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!UnhookWindowsHookEx 758FADF9 5 Bytes JMP 71F4ECE0 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!DefWindowProcA 758FBB1C 7 Bytes JMP 71EC980D C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!CreateWindowExA 758FBF40 5 Bytes JMP 71ED3643 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!SetWindowsHookExW 758FE30C 5 Bytes JMP 71F025B4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!CreateWindowExW 758FEC7C 5 Bytes JMP 71F303B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!GetKeyState 75902B4D 5 Bytes JMP 71EADDB3 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!DefWindowProcW 7590507D 7 Bytes JMP 71F28042 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] USER32.dll!DialogBoxParamW 75913B9B 5 Bytes JMP 71E61893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] SHELL32.dll!RealDriveType + 173D 7666FE30 4 Bytes [CF, 01, 94, 5E] .text C:\Program Files\Internet Explorer\iexplore.exe[3328] SHELL32.dll!RealDriveType + 1745 7666FE38 8 Bytes [E0, 61, 93, 5E, 79, F7, 93, ...] {LOOPNZ 0x63; XCHG EBX, EAX; POP ESI; JNS 0xfffffffffffffffd; XCHG EBX, EAX; POP ESI} .text C:\Program Files\Internet Explorer\iexplore.exe[3328] WININET.dll!InternetCloseHandle 75D9C664 5 Bytes JMP 5E8852A0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] WININET.dll!InternetReadFile 75D9F8D8 5 Bytes JMP 5E8853C0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] WININET.dll!InternetQueryDataAvailable 75DA3184 5 Bytes JMP 5E884D40 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] WININET.dll!InternetOpenA 75DAD5E8 5 Bytes JMP 000F000A .text C:\Program Files\Internet Explorer\iexplore.exe[3328] WININET.dll!InternetOpenUrlA 75DBE1C6 5 Bytes JMP 000F0FEF .text C:\Program Files\Internet Explorer\iexplore.exe[3328] WININET.dll!InternetConnectA 75DC567E 5 Bytes JMP 5E8856C0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] WININET.dll!HttpOpenRequestA 75DC5761 5 Bytes JMP 5E885500 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[3328] WININET.dll!InternetOpenW 75DCC596 5 Bytes JMP 000F0025 .text C:\Program Files\Internet Explorer\iexplore.exe[3328] WININET.dll!InternetOpenUrlW 75E1DBF8 5 Bytes JMP 000F004A .text C:\Program Files\Internet Explorer\iexplore.exe[3328] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 005B0FE5 .text C:\Windows\Explorer.exe[3492] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 064C0000 .text C:\Windows\Explorer.exe[3492] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 064C003D .text C:\Windows\Explorer.exe[3492] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 064C002C .text C:\Windows\Explorer.exe[3492] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 064C0011 .text C:\Windows\Explorer.exe[3492] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 064B0F57 .text C:\Windows\Explorer.exe[3492] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 064B00DB .text C:\Windows\Explorer.exe[3492] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 064B0F3C .text C:\Windows\Explorer.exe[3492] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 064B0FC3 .text C:\Windows\Explorer.exe[3492] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 064B0F72 .text C:\Windows\Explorer.exe[3492] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 064B0F9E .text C:\Windows\Explorer.exe[3492] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 064B0F83 .text C:\Windows\Explorer.exe[3492] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 064B00EC .text C:\Windows\Explorer.exe[3492] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 064B002F .text C:\Windows\Explorer.exe[3492] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 064B00A5 .text C:\Windows\Explorer.exe[3492] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 064B0FE5 .text C:\Windows\Explorer.exe[3492] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 064B000A .text C:\Windows\Explorer.exe[3492] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 064B004A .text C:\Windows\Explorer.exe[3492] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 064B008A .text C:\Windows\Explorer.exe[3492] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 064B0FD4 .text C:\Windows\Explorer.exe[3492] kernel32.dll!WinExec 7735EDB2 1 Byte [E9] .text C:\Windows\Explorer.exe[3492] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 064B00B6 .text C:\Windows\Explorer.exe[3492] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 064B006F .text C:\Windows\Explorer.exe[3492] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 06630000 .text C:\Windows\Explorer.exe[3492] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 06630051 .text C:\Windows\Explorer.exe[3492] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 06630076 .text C:\Windows\Explorer.exe[3492] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 06630FCA .text C:\Windows\Explorer.exe[3492] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 0663001B .text C:\Windows\Explorer.exe[3492] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 06630FAF .text C:\Windows\Explorer.exe[3492] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 06630040 .text C:\Windows\Explorer.exe[3492] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 06630FEF .text C:\Windows\Explorer.exe[3492] msvcrt.dll!_open 77247E48 5 Bytes JMP 06AB0FE3 .text C:\Windows\Explorer.exe[3492] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 06AB0FAD .text C:\Windows\Explorer.exe[3492] msvcrt.dll!system 7727B177 5 Bytes JMP 06AB0038 .text C:\Windows\Explorer.exe[3492] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 06AB0027 .text C:\Windows\Explorer.exe[3492] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 06AB0FD2 .text C:\Windows\Explorer.exe[3492] msvcrt.dll!_wopen 77280578 5 Bytes JMP 06AB0000 .text C:\Windows\Explorer.exe[3492] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 06650000 .text C:\Windows\Explorer.exe[3492] WININET.dll!InternetOpenA 75DAD5E8 5 Bytes JMP 06640FE5 .text C:\Windows\Explorer.exe[3492] WININET.dll!InternetOpenUrlA 75DBE1C6 5 Bytes JMP 0664001B .text C:\Windows\Explorer.exe[3492] WININET.dll!InternetOpenW 75DCC596 5 Bytes JMP 06640000 .text C:\Windows\Explorer.exe[3492] WININET.dll!InternetOpenUrlW 75E1DBF8 5 Bytes JMP 0664002C .text C:\Windows\system32\svchost.exe[3928] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 001D0FEF .text C:\Windows\system32\svchost.exe[3928] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 001D0FC0 .text C:\Windows\system32\svchost.exe[3928] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 001D0011 .text C:\Windows\system32\svchost.exe[3928] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 001D0000 .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 001C00CE .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 001C0F54 .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 001C00DF .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 001C0047 .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 001C0FAC .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 001C0084 .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 001C0FC7 .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 001C0104 .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 001C0062 .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 001C0F80 .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 001C0025 .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 001C0000 .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 001C0073 .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 001C0F9B .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 001C0036 .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 001C0F6F .text C:\Windows\system32\svchost.exe[3928] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 001C009F .text C:\Windows\system32\svchost.exe[3928] msvcrt.dll!_open 77247E48 5 Bytes JMP 001F0FEF .text C:\Windows\system32\svchost.exe[3928] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 001F0042 .text C:\Windows\system32\svchost.exe[3928] msvcrt.dll!system 7727B177 5 Bytes JMP 001F0FB7 .text C:\Windows\system32\svchost.exe[3928] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 001F0FD2 .text C:\Windows\system32\svchost.exe[3928] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 001F0027 .text C:\Windows\system32\svchost.exe[3928] msvcrt.dll!_wopen 77280578 5 Bytes JMP 001F000C .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 001E0FEF .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 001E0025 .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 001E0F9E .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 001E0040 .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 001E0FD4 .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 001E0F83 .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 001E0014 .text C:\Windows\system32\svchost.exe[3928] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 001E0FC3 .text C:\Windows\system32\svchost.exe[4076] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 002B0FEF .text C:\Windows\system32\svchost.exe[4076] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 002B0FB9 .text C:\Windows\system32\svchost.exe[4076] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 002B0FDE .text C:\Windows\system32\svchost.exe[4076] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 002B000A .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00290FA1 .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 00290F50 .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 00290F61 .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 00290040 .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 0029008A .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00290079 .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00290FBC .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 00290F3F .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00290FDE .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 002900DB .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 00290014 .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 00290FEF .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00290FCD .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 002900C0 .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 00290025 .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 00290F7C .text C:\Windows\system32\svchost.exe[4076] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 002900A5 .text C:\Windows\system32\svchost.exe[4076] msvcrt.dll!_open 77247E48 5 Bytes JMP 00330FE3 .text C:\Windows\system32\svchost.exe[4076] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 0033003B .text C:\Windows\system32\svchost.exe[4076] msvcrt.dll!system 7727B177 5 Bytes JMP 0033002A .text C:\Windows\system32\svchost.exe[4076] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 00330FC1 .text C:\Windows\system32\svchost.exe[4076] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 00330FB0 .text C:\Windows\system32\svchost.exe[4076] msvcrt.dll!_wopen 77280578 5 Bytes JMP 00330FD2 .text C:\Windows\system32\svchost.exe[4076] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 002C0000 .text C:\Windows\system32\svchost.exe[4076] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 002C0FC3 .text C:\Windows\system32\svchost.exe[4076] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 002C0F9E .text C:\Windows\system32\svchost.exe[4076] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 002C004A .text C:\Windows\system32\svchost.exe[4076] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 002C0025 .text C:\Windows\system32\svchost.exe[4076] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 002C005B .text C:\Windows\system32\svchost.exe[4076] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 002C0FD4 .text C:\Windows\system32\svchost.exe[4076] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 002C0FEF .text C:\Windows\system32\svchost.exe[4076] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 00320FEF .text C:\Program Files\Internet Explorer\iexplore.exe[5904] ntdll.dll!NtCreateFile 773F55C8 5 Bytes JMP 0014000A .text C:\Program Files\Internet Explorer\iexplore.exe[5904] ntdll.dll!NtCreateProcess 773F5698 5 Bytes JMP 00140FCA .text C:\Program Files\Internet Explorer\iexplore.exe[5904] ntdll.dll!NtProtectVirtualMemory 773F5F18 5 Bytes JMP 0014001B .text C:\Program Files\Internet Explorer\iexplore.exe[5904] ntdll.dll!KiUserExceptionDispatcher 773F6FE8 5 Bytes JMP 00140FEF .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!GetStartupInfoA 772D1E10 5 Bytes JMP 00010F46 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!CreateProcessW 772D204D 5 Bytes JMP 000100A5 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!CreateProcessA 772D2082 5 Bytes JMP 00010F1A .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!CreateNamedPipeW 77302D47 5 Bytes JMP 00010014 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!VirtualProtect 77312BCD 5 Bytes JMP 00010065 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!LoadLibraryExA 77314466 5 Bytes JMP 00010F8D .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!LoadLibraryExW 77315079 5 Bytes JMP 00010054 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!GetProcAddress 7731CC94 5 Bytes JMP 00010EEB .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!LoadLibraryA 7731DC65 5 Bytes JMP 00010025 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!CreateThread 7731DCC2 5 Bytes JMP 71EC75E3 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!GetStartupInfoW 7731E2DD 5 Bytes JMP 0001008A .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!CreateFileW 7731E8A5 5 Bytes JMP 00010FD4 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!CreateFileA 7731EA61 5 Bytes JMP 00010FE5 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!LoadLibraryW 7731EF42 5 Bytes JMP 00010FA8 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!CreatePipe 773312A6 5 Bytes JMP 00010F57 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!CreateNamedPipeA 7735DBA8 5 Bytes JMP 00010FC3 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!WinExec 7735EDB2 5 Bytes JMP 00010F2B .text C:\Program Files\Internet Explorer\iexplore.exe[5904] kernel32.dll!VirtualProtectEx 7735FD51 5 Bytes JMP 00010F72 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] ADVAPI32.dll!RegOpenKeyA 759CCC15 5 Bytes JMP 001D0000 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] ADVAPI32.dll!RegCreateKeyA 759CCD01 5 Bytes JMP 001D0011 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] ADVAPI32.dll!RegCreateKeyExA 759D1469 5 Bytes JMP 001D0047 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] ADVAPI32.dll!RegCreateKeyW 759D1514 5 Bytes JMP 001D002C .text C:\Program Files\Internet Explorer\iexplore.exe[5904] ADVAPI32.dll!RegOpenKeyW 759D2459 5 Bytes JMP 001D0FE5 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] ADVAPI32.dll!RegCreateKeyExW 759D40FE 5 Bytes JMP 001D0058 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] ADVAPI32.dll!RegOpenKeyExW 759D468D 5 Bytes JMP 001D0FA5 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] ADVAPI32.dll!RegOpenKeyExA 759D4907 5 Bytes JMP 001D0FCA .text C:\Program Files\Internet Explorer\iexplore.exe[5904] msvcrt.dll!_open 77247E48 5 Bytes JMP 001E0FE3 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] msvcrt.dll!_wsystem 7727B057 5 Bytes JMP 001E0047 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] msvcrt.dll!system 7727B177 5 Bytes JMP 001E0036 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] msvcrt.dll!_creat 7727ED31 5 Bytes JMP 001E0FC6 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] msvcrt.dll!_wcreat 77280396 5 Bytes JMP 001E0025 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] msvcrt.dll!_wopen 77280578 5 Bytes JMP 001E0000 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] USER32.dll!EnableWindow 758F8D02 5 Bytes JMP 71F09EB4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] USER32.dll!GetAsyncKeyState 758FA256 5 Bytes JMP 71EADEDD C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] USER32.dll!CallNextHookEx 758FABE1 5 Bytes JMP 71F27FDF C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] USER32.dll!UnhookWindowsHookEx 758FADF9 5 Bytes JMP 71F4ECE0 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] USER32.dll!DefWindowProcA 758FBB1C 7 Bytes JMP 71EC980D C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] USER32.dll!CreateWindowExA 758FBF40 5 Bytes JMP 71ED3643 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] USER32.dll!SetWindowsHookExW 758FE30C 5 Bytes JMP 71F025B4 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] USER32.dll!CreateWindowExW 758FEC7C 5 Bytes JMP 71F303B7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] USER32.dll!GetKeyState 75902B4D 5 Bytes JMP 71EADDB3 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] USER32.dll!DefWindowProcW 7590507D 7 Bytes JMP 71F28042 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] USER32.dll!DialogBoxParamW 75913B9B 5 Bytes JMP 71E61893 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] SHELL32.dll!RealDriveType + 173D 7666FE30 4 Bytes [CF, 01, 94, 5E] .text C:\Program Files\Internet Explorer\iexplore.exe[5904] SHELL32.dll!RealDriveType + 1745 7666FE38 8 Bytes [E0, 61, 93, 5E, 79, F7, 93, ...] {LOOPNZ 0x63; XCHG EBX, EAX; POP ESI; JNS 0xfffffffffffffffd; XCHG EBX, EAX; POP ESI} .text C:\Program Files\Internet Explorer\iexplore.exe[5904] WININET.dll!InternetCloseHandle 75D9C664 5 Bytes JMP 5E8852A0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] WININET.dll!InternetReadFile 75D9F8D8 5 Bytes JMP 5E8853C0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] WININET.dll!InternetQueryDataAvailable 75DA3184 5 Bytes JMP 5E884D40 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] WININET.dll!InternetOpenA 75DAD5E8 5 Bytes JMP 001F0FE5 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] WININET.dll!InternetOpenUrlA 75DBE1C6 5 Bytes JMP 001F0FB9 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] WININET.dll!InternetConnectA 75DC567E 5 Bytes JMP 5E8856C0 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] WININET.dll!HttpOpenRequestA 75DC5761 5 Bytes JMP 5E885500 c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll (SiteAdvisor/McAfee, Inc.) .text C:\Program Files\Internet Explorer\iexplore.exe[5904] WININET.dll!InternetOpenW 75DCC596 5 Bytes JMP 001F0FD4 .text C:\Program Files\Internet Explorer\iexplore.exe[5904] WININET.dll!InternetOpenUrlW 75E1DBF8 5 Bytes JMP 001F000A .text C:\Program Files\Internet Explorer\iexplore.exe[5904] WS2_32.dll!socket 75EB3EB8 5 Bytes JMP 011C0000 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\system32\mfevtps.exe[1288] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00D2A070] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) IAT C:\Windows\system32\rundll32.exe[1516] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7544FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1516] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7544FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1516] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7544FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\system32\rundll32.exe[1516] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7544FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [5E94029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [5E935EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [5E947F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [5E94F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [5E94F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [5E9507CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [5E94FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [5E935E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [5E94ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [5E934E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [5E9363E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [5E94B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [5E936D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [5E94BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [5E94C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [5E94029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [5E934E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [5E935EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [5E9363E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [5E934E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [5E94C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [5E94E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [5E94AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [5E94ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [5E94B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [5E936D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [5E935EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [5E94FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [5E9507CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [5E94939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [5E9363E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [5E94029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [5E935F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [5E949229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [5E93F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [5E935E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [5E940ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [5E94F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [5E94F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [5E95072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [5E94F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [5E951542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [5E951C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [5E93FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [5E951191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [5E93F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [5E93FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [5E951095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [5E951F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [5E9512D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [5E950DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [5E940178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [5E951B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [5E95194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [5E951233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [5E93F86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [5E93F472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [5E9527C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [5E95136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [5E951284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [5E950F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [5E952769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [5E93F9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [5E952937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [5E937430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [5E93F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [5E93E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [5E935D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [5E95140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [5E951590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [5E951F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [5E940123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [5E95218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [5E951BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [5E93FACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [5E9519EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [5E93FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [5E9520D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [5E952B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [5E952028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [5E950F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [5E934927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [5E950D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [5E93FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [5E9518A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [5E951CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [5E95171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [5E9517B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [5E934984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [5E948C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [5E94CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [5E94D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [5E94D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [5E936D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [5E94C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [5E94B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [5E94B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [5E94A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [5E94E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [5E934E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [5E94ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [5E94A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [5E949AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [5E94E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [5E94E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [5E949F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [5E94BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [5E94A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [5E934E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [5E936D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [5E93F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [5E951F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [5E952028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [5E952B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [5E952B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [5E940178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [5E9364C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [5E934CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [5E934927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [5E934984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [5E936528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[3328] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [5E94029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [5E935EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [5E947F4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [5E94F500] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [5E94F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [5E9507CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [5E94FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [5E935E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [5E94ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [5E934E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [5E9363E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [5E94B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [5E936D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [5E94BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [5E94C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [5E94029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [5E934E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [5E935EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [5E9363E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [5E934E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [5E94C811] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [5E94E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [5E94AA37] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [5E94ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [5E94B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [5E936D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [5E935EC7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [5E94FCF6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [5E9507CA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [5E94939B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [5E9363E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [5E94029E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [5E935F62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [5E949229] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [5E93F1F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [5E935E4F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [5E940ADF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [5E94F2BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [5E94F94D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [5E95072B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [5E94F9A0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [5E951542] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [5E951C5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [5E93FA79] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [5E951191] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [5E93F725] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [5E93FB25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [5E951095] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [5E951F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [5E9512D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [5E950DFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [5E940178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [5E951B2E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [5E95194A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [5E951233] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [5E93F86E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [5E93F472] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [5E9527C3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [5E95136E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [5E951284] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [5E950F4E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [5E952769] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [5E93F9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [5E952937] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [5E937430] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [5E93F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [5E93E265] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [5E935D08] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [5E95140A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [5E951590] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [5E951F83] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [5E940123] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [5E95218A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [5E951BC6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [5E93FACB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [5E9519EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [5E93FC0B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [5E9520D3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [5E952B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [5E952028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [5E950F9F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [5E934927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [5E950D47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [5E93FA2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [5E9518A2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [5E951CAC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [5E95171C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [5E9517B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [5E934984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [5E948C1A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [5E94CB0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [5E94D6BF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [5E94D11F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [5E936D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [5E94C49D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [5E94B56B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [5E94B245] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [5E94A89F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [5E94E0C1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [5E934E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [5E94ABDB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [5E94A249] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [5E949AF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [5E94E457] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [5E94E089] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [5E949F4B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [5E94BC51] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [5E94A56D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [5E934E2B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [5E936D22] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [5E93F6D1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [5E951F32] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [5E952028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [5E952B05] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [5E952B62] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [5E940178] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetUSValueA] [5E9364C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [5E934CAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [5E934927] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [5E934984] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [5E936528] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) IAT C:\Program Files\Internet Explorer\iexplore.exe[5904] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [5E9347BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (Sterownik systemu plików NT/Microsoft Corporation) AttachedDevice MOBK.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.) Device Sftfslh.sys (Microsoft Application Virtualization File System/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a828e3f40 Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a828e3f40@002547184bd2 0x1E 0x20 0xBA 0xCE ... Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a828e3f40@000d927f1fd1 0x24 0x15 0x0B 0x37 ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a828e3f40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a828e3f40@002547184bd2 0x1E 0x20 0xBA 0xCE ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a828e3f40@000d927f1fd1 0x24 0x15 0x0B 0x37 ... ---- EOF - GMER 1.0.15 ----