GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2011-03-24 22:32:34 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-3 WDC_WD1600JB-00GVC0 rev.08.02D08 Running: ulxl5yml.exe; Driver: C:\DOCUME~1\Arczi\USTAWI~1\Temp\awtoypod.sys ---- System - GMER 1.0.15 ---- SSDT 88286E40 ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9E06360, 0x37388D, 0xE8000020] ? C:\DOCUME~1\Arczi\USTAWI~1\Temp\ALSysIO.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\LEXPPS.EXE[160] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01792310 .text C:\WINDOWS\system32\LEXPPS.EXE[160] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 017925B0 .text C:\WINDOWS\system32\LEXPPS.EXE[160] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0179BE9A .text C:\WINDOWS\system32\LEXPPS.EXE[160] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0179BD56 .text C:\WINDOWS\system32\LEXPPS.EXE[160] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 017911C0 .text C:\WINDOWS\system32\LEXPPS.EXE[160] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01791400 .text C:\WINDOWS\system32\LEXPPS.EXE[160] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01792210 .text C:\WINDOWS\system32\LEXPPS.EXE[160] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 017910A0 .text C:\WINDOWS\system32\LEXPPS.EXE[160] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01791000 .text C:\WINDOWS\system32\LEXPPS.EXE[160] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01792270 .text C:\WINDOWS\system32\LEXPPS.EXE[160] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01792BA0 .text C:\WINDOWS\system32\LEXPPS.EXE[160] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01792A00 .text C:\WINDOWS\system32\LEXPPS.EXE[160] WS2_32.dll!send 71A5428A 5 Bytes JMP 01792D00 .text C:\WINDOWS\system32\LEXPPS.EXE[160] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 01791B60 .text C:\WINDOWS\system32\LEXPPS.EXE[160] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 01792020 .text C:\WINDOWS\system32\LEXPPS.EXE[160] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01791DC0 .text C:\WINDOWS\system32\spoolsv.exe[172] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00F82310 .text C:\WINDOWS\system32\spoolsv.exe[172] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00F825B0 .text C:\WINDOWS\system32\spoolsv.exe[172] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00F8BE9A .text C:\WINDOWS\system32\spoolsv.exe[172] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00F8BD56 .text C:\WINDOWS\system32\spoolsv.exe[172] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00F811C0 .text C:\WINDOWS\system32\spoolsv.exe[172] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00F81400 .text C:\WINDOWS\system32\spoolsv.exe[172] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00F82210 .text C:\WINDOWS\system32\spoolsv.exe[172] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00F810A0 .text C:\WINDOWS\system32\spoolsv.exe[172] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00F81000 .text C:\WINDOWS\system32\spoolsv.exe[172] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00F82270 .text C:\WINDOWS\system32\spoolsv.exe[172] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00F82BA0 .text C:\WINDOWS\system32\spoolsv.exe[172] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00F82A00 .text C:\WINDOWS\system32\spoolsv.exe[172] WS2_32.dll!send 71A5428A 5 Bytes JMP 00F82D00 .text C:\WINDOWS\system32\spoolsv.exe[172] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00F81B60 .text C:\WINDOWS\system32\spoolsv.exe[172] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00F82020 .text C:\WINDOWS\system32\spoolsv.exe[172] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00F81DC0 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 03382310 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 033825B0 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0338BE9A .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0338BD56 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 033811C0 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 03381400 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 03382210 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 033810A0 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 03381000 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 03382270 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 03382BA0 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 03382A00 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] WS2_32.dll!send 71A5428A 5 Bytes JMP 03382D00 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 03381B60 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 03382020 .text C:\Program Files\AVG\AVG9\avgwdsvc.exe[384] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 03381DC0 .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 007C2310 .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 007C25B0 .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 007CBE9A .text C:\WINDOWS\system32\svchost.exe[404] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 007CBD56 .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007C11C0 .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 007C1400 .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 007C2210 .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 007C10A0 .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 007C1000 .text C:\WINDOWS\system32\svchost.exe[404] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 007C2270 .text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 007C2BA0 .text C:\WINDOWS\system32\svchost.exe[404] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 007C2A00 .text C:\WINDOWS\system32\svchost.exe[404] WS2_32.dll!send 71A5428A 5 Bytes JMP 007C2D00 .text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 007C1B60 .text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 007C2020 .text C:\WINDOWS\system32\svchost.exe[404] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 007C1DC0 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00B32310 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B325B0 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00B3BE9A .text C:\WINDOWS\system32\CTsvcCDA.exe[424] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00B3BD56 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B311C0 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00B31400 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00B32210 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00B310A0 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00B31000 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00B32270 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00B32BA0 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00B32A00 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00B31B60 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00B32020 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00B31DC0 .text C:\WINDOWS\system32\CTsvcCDA.exe[424] WS2_32.dll!send 71A5428A 5 Bytes JMP 00B32D00 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01F12310 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01F125B0 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 01F1BE9A .text C:\Program Files\Java\jre6\bin\jqs.exe[524] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01F1BD56 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01F111C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01F11400 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01F12210 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 01F110A0 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01F11000 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01F12270 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] WS2_32.dll!send 71A5428A 5 Bytes JMP 01F12D00 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01F12BA0 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01F12A00 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 01F11B60 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 01F12020 .text C:\Program Files\Java\jre6\bin\jqs.exe[524] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01F11DC0 .text C:\WINDOWS\system32\nvsvc32.exe[644] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00EF2310 .text C:\WINDOWS\system32\nvsvc32.exe[644] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00EF25B0 .text C:\WINDOWS\system32\nvsvc32.exe[644] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00EFBE9A .text C:\WINDOWS\system32\nvsvc32.exe[644] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00EFBD56 .text C:\WINDOWS\system32\nvsvc32.exe[644] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00EF11C0 .text C:\WINDOWS\system32\nvsvc32.exe[644] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00EF1400 .text C:\WINDOWS\system32\nvsvc32.exe[644] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00EF2210 .text C:\WINDOWS\system32\nvsvc32.exe[644] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00EF10A0 .text C:\WINDOWS\system32\nvsvc32.exe[644] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00EF1000 .text C:\WINDOWS\system32\nvsvc32.exe[644] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00EF2270 .text C:\WINDOWS\system32\nvsvc32.exe[644] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00EF2BA0 .text C:\WINDOWS\system32\nvsvc32.exe[644] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00EF2A00 .text C:\WINDOWS\system32\nvsvc32.exe[644] WS2_32.dll!send 71A5428A 5 Bytes JMP 00EF2D00 .text C:\WINDOWS\system32\nvsvc32.exe[644] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00EF1B60 .text C:\WINDOWS\system32\nvsvc32.exe[644] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00EF2020 .text C:\WINDOWS\system32\nvsvc32.exe[644] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00EF1DC0 .text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00872310 .text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008725B0 .text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0087BE9A .text C:\WINDOWS\system32\svchost.exe[728] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0087BD56 .text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008711C0 .text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00871400 .text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00872210 .text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 008710A0 .text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00871000 .text C:\WINDOWS\system32\svchost.exe[728] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00872270 .text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00872BA0 .text C:\WINDOWS\system32\svchost.exe[728] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00872A00 .text C:\WINDOWS\system32\svchost.exe[728] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00871B60 .text C:\WINDOWS\system32\svchost.exe[728] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00872020 .text C:\WINDOWS\system32\svchost.exe[728] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00871DC0 .text C:\WINDOWS\system32\svchost.exe[728] WS2_32.dll!send 71A5428A 5 Bytes JMP 00872D00 .text C:\WINDOWS\system32\wdfmgr.exe[768] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 008A2310 .text C:\WINDOWS\system32\wdfmgr.exe[768] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 008A25B0 .text C:\WINDOWS\system32\wdfmgr.exe[768] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 008ABE9A .text C:\WINDOWS\system32\wdfmgr.exe[768] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 008ABD56 .text C:\WINDOWS\system32\wdfmgr.exe[768] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A11C0 .text C:\WINDOWS\system32\wdfmgr.exe[768] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008A1400 .text C:\WINDOWS\system32\wdfmgr.exe[768] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 008A2210 .text C:\WINDOWS\system32\wdfmgr.exe[768] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 008A10A0 .text C:\WINDOWS\system32\wdfmgr.exe[768] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 008A1000 .text C:\WINDOWS\system32\wdfmgr.exe[768] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 008A2270 .text C:\WINDOWS\system32\wdfmgr.exe[768] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 008A2BA0 .text C:\WINDOWS\system32\wdfmgr.exe[768] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 008A2A00 .text C:\WINDOWS\system32\wdfmgr.exe[768] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 008A1B60 .text C:\WINDOWS\system32\wdfmgr.exe[768] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 008A2020 .text C:\WINDOWS\system32\wdfmgr.exe[768] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 008A1DC0 .text C:\WINDOWS\system32\wdfmgr.exe[768] WS2_32.dll!send 71A5428A 5 Bytes JMP 008A2D00 .text C:\WINDOWS\system32\csrss.exe[908] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01582310 .text C:\WINDOWS\system32\csrss.exe[908] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 015825B0 .text C:\WINDOWS\system32\csrss.exe[908] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0158BE9A .text C:\WINDOWS\system32\csrss.exe[908] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0158BD56 .text C:\WINDOWS\system32\csrss.exe[908] KERNEL32.dll!CreateFileA 7C801A24 5 Bytes JMP 015811C0 .text C:\WINDOWS\system32\csrss.exe[908] KERNEL32.dll!CreateFileW 7C810976 5 Bytes JMP 01581400 .text C:\WINDOWS\system32\csrss.exe[908] KERNEL32.dll!MoveFileA 7C822294 5 Bytes JMP 01582210 .text C:\WINDOWS\system32\csrss.exe[908] KERNEL32.dll!CopyFileW 7C825779 5 Bytes JMP 015810A0 .text C:\WINDOWS\system32\csrss.exe[908] KERNEL32.dll!CopyFileA 7C830053 5 Bytes JMP 01581000 .text C:\WINDOWS\system32\csrss.exe[908] KERNEL32.dll!MoveFileW 7C839659 5 Bytes JMP 01582270 .text C:\WINDOWS\system32\csrss.exe[908] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01582BA0 .text C:\WINDOWS\system32\csrss.exe[908] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01582A00 .text C:\WINDOWS\system32\csrss.exe[908] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 01581B60 .text C:\WINDOWS\system32\csrss.exe[908] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 01582020 .text C:\WINDOWS\system32\csrss.exe[908] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01581DC0 .text C:\WINDOWS\system32\csrss.exe[908] WS2_32.dll!send 71A5428A 5 Bytes JMP 01582D00 .text C:\WINDOWS\system32\winlogon.exe[936] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01162310 .text C:\WINDOWS\system32\winlogon.exe[936] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011625B0 .text C:\WINDOWS\system32\winlogon.exe[936] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0116BE9A .text C:\WINDOWS\system32\winlogon.exe[936] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0116BD56 .text C:\WINDOWS\system32\winlogon.exe[936] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011611C0 .text C:\WINDOWS\system32\winlogon.exe[936] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01161400 .text C:\WINDOWS\system32\winlogon.exe[936] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01162210 .text C:\WINDOWS\system32\winlogon.exe[936] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 011610A0 .text C:\WINDOWS\system32\winlogon.exe[936] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01161000 .text C:\WINDOWS\system32\winlogon.exe[936] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01162270 .text C:\WINDOWS\system32\winlogon.exe[936] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01162BA0 .text C:\WINDOWS\system32\winlogon.exe[936] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01162A00 .text C:\WINDOWS\system32\winlogon.exe[936] WS2_32.dll!send 71A5428A 5 Bytes JMP 01162D00 .text C:\WINDOWS\system32\winlogon.exe[936] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 01161B60 .text C:\WINDOWS\system32\winlogon.exe[936] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 01162020 .text C:\WINDOWS\system32\winlogon.exe[936] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01161DC0 .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 007B2310 .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 007B25B0 .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 007BBE9A .text C:\WINDOWS\system32\services.exe[980] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 007BBD56 .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007B11C0 .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 007B1400 .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 007B2210 .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 007B10A0 .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 007B1000 .text C:\WINDOWS\system32\services.exe[980] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 007B2270 .text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 007B2BA0 .text C:\WINDOWS\system32\services.exe[980] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 007B2A00 .text C:\WINDOWS\system32\services.exe[980] WS2_32.dll!send 71A5428A 5 Bytes JMP 007B2D00 .text C:\WINDOWS\system32\services.exe[980] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 007B1B60 .text C:\WINDOWS\system32\services.exe[980] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 007B2020 .text C:\WINDOWS\system32\services.exe[980] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 007B1DC0 .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 006F2310 .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 006F25B0 .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 006FBE9A .text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 006FBD56 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 006F11C0 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 006F1400 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 006F2210 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 006F10A0 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 006F1000 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 006F2270 .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 006F2BA0 .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 006F2A00 .text C:\WINDOWS\system32\svchost.exe[1136] WS2_32.dll!send 71A5428A 5 Bytes JMP 006F2D00 .text C:\WINDOWS\system32\svchost.exe[1136] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 006F1B60 .text C:\WINDOWS\system32\svchost.exe[1136] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 006F2020 .text C:\WINDOWS\system32\svchost.exe[1136] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 006F1DC0 .text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00782310 .text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 007825B0 .text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0078BE9A .text C:\WINDOWS\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0078BD56 .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007811C0 .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00781400 .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00782210 .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 007810A0 .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00781000 .text C:\WINDOWS\system32\svchost.exe[1200] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00782270 .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00782BA0 .text C:\WINDOWS\system32\svchost.exe[1200] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00782A00 .text C:\WINDOWS\system32\svchost.exe[1200] WS2_32.dll!send 71A5428A 5 Bytes JMP 00782D00 .text C:\WINDOWS\system32\svchost.exe[1200] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00781B60 .text C:\WINDOWS\system32\svchost.exe[1200] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00782020 .text C:\WINDOWS\system32\svchost.exe[1200] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00781DC0 .text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 025D2310 .text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 025D25B0 .text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 025DBE9A .text C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 025DBD56 .text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 025D11C0 .text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 025D1400 .text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 025D2210 .text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 025D10A0 .text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 025D1000 .text C:\WINDOWS\System32\svchost.exe[1232] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 025D2270 .text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 025D2BA0 .text C:\WINDOWS\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 025D2A00 .text C:\WINDOWS\System32\svchost.exe[1232] WS2_32.dll!send 71A5428A 5 Bytes JMP 025D2D00 .text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 025D1B60 .text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 025D2020 .text C:\WINDOWS\System32\svchost.exe[1232] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 025D1DC0 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00722310 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 007225B0 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0072BE9A .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0072BD56 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007211C0 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00721400 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00722210 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 007210A0 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00721000 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00722270 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00722BA0 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00722A00 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00721B60 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00722020 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00721DC0 .text C:\WINDOWS\system32\MsPMSPSv.exe[1260] WS2_32.dll!send 71A5428A 5 Bytes JMP 00722D00 .text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00942310 .text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 009425B0 .text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0094BE9A .text C:\WINDOWS\system32\svchost.exe[1364] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0094BD56 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 009411C0 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00941400 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00942210 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 009410A0 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00941000 .text C:\WINDOWS\system32\svchost.exe[1364] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00942270 .text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00942BA0 .text C:\WINDOWS\system32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00942A00 .text C:\WINDOWS\system32\svchost.exe[1364] WS2_32.dll!send 71A5428A 5 Bytes JMP 00942D00 .text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00941B60 .text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00942020 .text C:\WINDOWS\system32\svchost.exe[1364] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00941DC0 .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00B52310 .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00B525B0 .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00B5BE9A .text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00B5BD56 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B511C0 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00B51400 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00B52210 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00B510A0 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00B51000 .text C:\WINDOWS\system32\svchost.exe[1400] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00B52270 .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00B52BA0 .text C:\WINDOWS\system32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00B52A00 .text C:\WINDOWS\system32\svchost.exe[1400] WS2_32.dll!send 71A5428A 5 Bytes JMP 00B52D00 .text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00B51B60 .text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00B52020 .text C:\WINDOWS\system32\svchost.exe[1400] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00B51DC0 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 022B2310 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 022B25B0 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 022BBE9A .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 022BBD56 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 022B11C0 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 022B1400 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 022B2210 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 022B10A0 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 022B1000 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 022B2270 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 022B2BA0 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 022B2A00 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] WS2_32.dll!send 71A5428A 5 Bytes JMP 022B2D00 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 022B1B60 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 022B2020 .text C:\Program Files\AVG\AVG9\avgemc.exe[1640] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 022B1DC0 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 02272310 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 022725B0 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0227BE9A .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0227BD56 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 022711C0 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 02271400 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 02272210 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 022710A0 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 02271000 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 02272270 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 02272BA0 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 02272A00 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 02271B60 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 02272020 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 02271DC0 .text C:\Program Files\AVG\AVG9\avgchsvx.exe[1656] WS2_32.dll!send 71A5428A 5 Bytes JMP 02272D00 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 02092310 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 020925B0 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0209BE9A .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0209BD56 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 020911C0 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 02091400 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 02092210 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 020910A0 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 02091000 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 02092270 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 02092BA0 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 02092A00 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 02091B60 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 02092020 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 02091DC0 .text C:\Program Files\AVG\AVG9\avgrsx.exe[1664] WS2_32.dll!send 71A5428A 5 Bytes JMP 02092D00 .text C:\WINDOWS\system32\ctfmon.exe[1680] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000B2310 .text C:\WINDOWS\system32\ctfmon.exe[1680] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000B25B0 .text C:\WINDOWS\system32\ctfmon.exe[1680] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000BBE9A .text C:\WINDOWS\system32\ctfmon.exe[1680] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000BBD56 .text C:\WINDOWS\system32\ctfmon.exe[1680] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000B11C0 .text C:\WINDOWS\system32\ctfmon.exe[1680] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 000B1400 .text C:\WINDOWS\system32\ctfmon.exe[1680] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 000B2210 .text C:\WINDOWS\system32\ctfmon.exe[1680] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 000B10A0 .text C:\WINDOWS\system32\ctfmon.exe[1680] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 000B1000 .text C:\WINDOWS\system32\ctfmon.exe[1680] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 000B2270 .text C:\WINDOWS\system32\ctfmon.exe[1680] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 000B2BA0 .text C:\WINDOWS\system32\ctfmon.exe[1680] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 000B2A00 .text C:\WINDOWS\system32\ctfmon.exe[1680] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 000B1B60 .text C:\WINDOWS\system32\ctfmon.exe[1680] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 000B2020 .text C:\WINDOWS\system32\ctfmon.exe[1680] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 000B1DC0 .text C:\WINDOWS\system32\ctfmon.exe[1680] WS2_32.dll!send 71A5428A 5 Bytes JMP 000B2D00 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01B72310 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 01B725B0 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 01B7BE9A .text C:\WINDOWS\system32\LEXBCES.EXE[2028] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 01B7BD56 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01B711C0 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01B71400 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01B72210 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 01B710A0 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01B71000 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01B72270 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01B72BA0 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01B72A00 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] WS2_32.dll!send 71A5428A 5 Bytes JMP 01B72D00 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 01B71B60 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 01B72020 .text C:\WINDOWS\system32\LEXBCES.EXE[2028] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01B71DC0 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 01132310 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 011325B0 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0113BE9A .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0113BD56 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 011311C0 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01131400 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 01132210 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 011310A0 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 01131000 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 01132270 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 01132BA0 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 01132A00 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 01131B60 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 01132020 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 01131DC0 .text C:\Program Files\AVG\AVG9\avgnsx.exe[2052] WS2_32.dll!send 71A5428A 5 Bytes JMP 01132D00 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 082C2310 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 082C25B0 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 082CBE9A .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 082CBD56 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 082C11C0 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 082C1400 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 082C2210 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 082C10A0 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 082C1000 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 082C2270 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 082C2BA0 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 082C2A00 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 082C1B60 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 082C2020 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 082C1DC0 .text C:\Program Files\AVG\AVG9\avgcsrvx.exe[2264] WS2_32.dll!send 71A5428A 5 Bytes JMP 082C2D00 ? C:\WINDOWS\System32\svchost.exe[2620] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dllunknown module: gdiplus.dll .text C:\WINDOWS\System32\svchost.exe[2620] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00092310 .text C:\WINDOWS\System32\svchost.exe[2620] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000925B0 .text C:\WINDOWS\System32\svchost.exe[2620] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0009BE9A .text C:\WINDOWS\System32\svchost.exe[2620] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0009BD56 .text C:\WINDOWS\System32\svchost.exe[2620] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000911C0 .text C:\WINDOWS\System32\svchost.exe[2620] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00091400 .text C:\WINDOWS\System32\svchost.exe[2620] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00092210 .text C:\WINDOWS\System32\svchost.exe[2620] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 000910A0 .text C:\WINDOWS\System32\svchost.exe[2620] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00091000 .text C:\WINDOWS\System32\svchost.exe[2620] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00092270 .text C:\WINDOWS\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00092BA0 .text C:\WINDOWS\System32\svchost.exe[2620] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00092A00 .text C:\WINDOWS\System32\svchost.exe[2620] WS2_32.dll!send 71A5428A 5 Bytes JMP 00092D00 .text C:\WINDOWS\System32\svchost.exe[2620] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00091B60 .text C:\WINDOWS\System32\svchost.exe[2620] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00092020 .text C:\WINDOWS\System32\svchost.exe[2620] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00091DC0 .text C:\WINDOWS\Explorer.exe[2900] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 000A2310 .text C:\WINDOWS\Explorer.exe[2900] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 000A25B0 .text C:\WINDOWS\Explorer.exe[2900] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 000ABE9A .text C:\WINDOWS\Explorer.exe[2900] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 000ABD56 .text C:\WINDOWS\Explorer.exe[2900] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 000A11C0 .text C:\WINDOWS\Explorer.exe[2900] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 000A1400 .text C:\WINDOWS\Explorer.exe[2900] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 000A2210 .text C:\WINDOWS\Explorer.exe[2900] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 000A10A0 .text C:\WINDOWS\Explorer.exe[2900] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 000A1000 .text C:\WINDOWS\Explorer.exe[2900] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 000A2270 .text C:\WINDOWS\Explorer.exe[2900] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 000A2BA0 .text C:\WINDOWS\Explorer.exe[2900] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 000A2A00 .text C:\WINDOWS\Explorer.exe[2900] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 000A1B60 .text C:\WINDOWS\Explorer.exe[2900] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 000A2020 .text C:\WINDOWS\Explorer.exe[2900] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 000A1DC0 .text C:\WINDOWS\Explorer.exe[2900] WS2_32.dll!send 71A5428A 5 Bytes JMP 000A2D00 ? C:\WINDOWS\System32\svchost.exe[3100] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: DNSAPI.dll .text C:\WINDOWS\system32\CTHELPER.EXE[3352] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 012D2310 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 012D25B0 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 012DBE9A .text C:\WINDOWS\system32\CTHELPER.EXE[3352] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 012DBD56 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 012D11C0 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 012D1400 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 012D2210 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 012D10A0 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 012D1000 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 012D2270 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 012D2BA0 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 012D2A00 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 012D1B60 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 012D2020 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 012D1DC0 .text C:\WINDOWS\system32\CTHELPER.EXE[3352] WS2_32.dll!send 71A5428A 5 Bytes JMP 012D2D00 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 019D2310 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 019D25B0 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 019DBE9A .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 019DBD56 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 019D11C0 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 019D1400 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 019D2210 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 019D10A0 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 019D1000 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 019D2270 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 019D2BA0 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 019D2A00 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] WS2_32.dll!send 71A5428A 5 Bytes JMP 019D2D00 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 019D1B60 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 019D2020 .text C:\PROGRA~1\AVG\AVG9\avgtray.exe[3376] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 019D1DC0 ? C:\WINDOWS\system32\svchost.exe[3520] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; .text C:\WINDOWS\system32\svchost.exe[3520] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00742310 .text C:\WINDOWS\system32\svchost.exe[3520] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 007425B0 .text C:\WINDOWS\system32\svchost.exe[3520] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0074BE9A .text C:\WINDOWS\system32\svchost.exe[3520] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0074BD56 .text C:\WINDOWS\system32\svchost.exe[3520] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 007411C0 .text C:\WINDOWS\system32\svchost.exe[3520] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00741400 .text C:\WINDOWS\system32\svchost.exe[3520] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00742210 .text C:\WINDOWS\system32\svchost.exe[3520] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 007410A0 .text C:\WINDOWS\system32\svchost.exe[3520] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00741000 .text C:\WINDOWS\system32\svchost.exe[3520] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00742270 .text C:\WINDOWS\system32\svchost.exe[3520] WS2_32.dll!send 71A5428A 5 Bytes JMP 00742D00 .text C:\WINDOWS\system32\svchost.exe[3520] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00742BA0 .text C:\WINDOWS\system32\svchost.exe[3520] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00742A00 .text C:\WINDOWS\system32\svchost.exe[3520] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00741B60 .text C:\WINDOWS\system32\svchost.exe[3520] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00742020 .text C:\WINDOWS\system32\svchost.exe[3520] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00741DC0 .text C:\Program Files\Core Temp\Core Temp.exe[3632] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00DA2310 .text C:\Program Files\Core Temp\Core Temp.exe[3632] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 00DA25B0 .text C:\Program Files\Core Temp\Core Temp.exe[3632] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 00DABE9A .text C:\Program Files\Core Temp\Core Temp.exe[3632] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 00DABD56 .text C:\Program Files\Core Temp\Core Temp.exe[3632] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00DA11C0 .text C:\Program Files\Core Temp\Core Temp.exe[3632] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00DA1400 .text C:\Program Files\Core Temp\Core Temp.exe[3632] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00DA2210 .text C:\Program Files\Core Temp\Core Temp.exe[3632] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 00DA10A0 .text C:\Program Files\Core Temp\Core Temp.exe[3632] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00DA1000 .text C:\Program Files\Core Temp\Core Temp.exe[3632] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00DA2270 .text C:\Program Files\Core Temp\Core Temp.exe[3632] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00DA2BA0 .text C:\Program Files\Core Temp\Core Temp.exe[3632] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00DA2A00 .text C:\Program Files\Core Temp\Core Temp.exe[3632] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00DA1B60 .text C:\Program Files\Core Temp\Core Temp.exe[3632] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00DA2020 .text C:\Program Files\Core Temp\Core Temp.exe[3632] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00DA1DC0 .text C:\Program Files\Core Temp\Core Temp.exe[3632] WS2_32.dll!send 71A5428A 5 Bytes JMP 00DA2D00 .text C:\Program Files\Opera\opera.exe[5088] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00162310 .text C:\Program Files\Opera\opera.exe[5088] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001625B0 .text C:\Program Files\Opera\opera.exe[5088] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0016BE9A .text C:\Program Files\Opera\opera.exe[5088] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0016BD56 .text C:\Program Files\Opera\opera.exe[5088] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Program Files\Opera\opera.exe[5088] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00161400 .text C:\Program Files\Opera\opera.exe[5088] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00162210 .text C:\Program Files\Opera\opera.exe[5088] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001610A0 .text C:\Program Files\Opera\opera.exe[5088] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00161000 .text C:\Program Files\Opera\opera.exe[5088] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00162270 .text C:\Program Files\Opera\opera.exe[5088] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00162BA0 .text C:\Program Files\Opera\opera.exe[5088] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00162A00 .text C:\Program Files\Opera\opera.exe[5088] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00161B60 .text C:\Program Files\Opera\opera.exe[5088] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00162020 .text C:\Program Files\Opera\opera.exe[5088] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00161DC0 .text C:\Program Files\Opera\opera.exe[5088] WS2_32.dll!send 71A5428A 5 Bytes JMP 00162D00 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] ntdll.dll!NtEnumerateValueKey 7C90D976 5 Bytes JMP 00162310 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] ntdll.dll!NtQueryDirectoryFile 7C90DF5E 5 Bytes JMP 001625B0 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] ntdll.dll!NtResumeThread 7C90E45F 5 Bytes JMP 0016BE9A .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] ntdll.dll!LdrLoadDll 7C9161CA 5 Bytes JMP 0016BD56 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001611C0 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00161400 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] kernel32.dll!MoveFileA 7C822294 5 Bytes JMP 00162210 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] kernel32.dll!CopyFileW 7C825779 5 Bytes JMP 001610A0 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] kernel32.dll!CopyFileA 7C830053 5 Bytes JMP 00161000 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] kernel32.dll!MoveFileW 7C839659 5 Bytes JMP 00162270 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] ADVAPI32.dll!RegCreateKeyExW 77DC7535 5 Bytes JMP 00162BA0 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] ADVAPI32.dll!RegCreateKeyExA 77DCEAF4 5 Bytes JMP 00162A00 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] WININET.dll!HttpSendRequestA 771B76B8 5 Bytes JMP 00161B60 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] WININET.dll!InternetWriteFile 771E7953 5 Bytes JMP 00162020 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] WININET.dll!HttpSendRequestW 77201808 5 Bytes JMP 00161DC0 .text C:\Documents and Settings\Arczi\Pulpit\ulxl5yml.exe[7260] WS2_32.dll!send 71A5428A 5 Bytes JMP 00162D00 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [77DEC534] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] [77DED11B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] [77DC7753] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [77DC6BF0] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] [77DC7883] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] [77DC761B] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] [77DCEBE7] C:\WINDOWS\system32\ADVAPI32.dll (Advanced Windows 32 Base API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] 00000000 IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] [76F26BFB] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] [76F24FA2] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [76F15B6B] C:\WINDOWS\System32\DNSAPI.dll (DNS Client API DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] 00000000 IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] [77F1D73B] C:\WINDOWS\system32\GDI32.dll (GDI Client DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 00000000 IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] [7C80A480] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] [7C838CB9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] [7C80D47E] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] [7C81E82A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] [7C809943] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C812BE6] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C937A40] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [7C910340] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [7C80977B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [7C809BF5] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [7C80C6E0] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [7C812C8D] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [7C8114AB] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [7C802442] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] [7C81082F] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [7C809737] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [7C80EB3F] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] [7C809FA1] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] [7C809B77] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] [7C80EC1B] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C81CAA2] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] [7C80CCA9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] [7C81CACB] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] [7C838403] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [7C81EE79] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] [7C809A39] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7C809EB3] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] [7C80B929] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] [7C910331] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] [7C8092AC] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] [7C810F9F] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] [7C826B99] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [7C80AA49] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] [7C812929] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [7C91043D] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [7C809F29] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] [7C901005] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] [7C9010ED] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] [7C9105D4] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [7C9179FD] C:\WINDOWS\system32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] [7C809AA2] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] [7C810626] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] [7C80220F] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] [7C801E16] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] [7C802367] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] [7C81486A] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] [7C801A24] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] [7C80AA66] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] [7C80AC28] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] [7C801D77] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] [7C80B529] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] [7C809A81] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] [7C809B14] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] [7C8017E5] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] [7C801D4F] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] [7C810D34] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] [7C8394AE] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] [7C838FB9] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] [7C80C729] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[2620] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] [7C814C63] C:\WINDOWS\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 56EC8B55 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 0364C033 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 408B3040 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 1C708B0C IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 08408BAD IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] CCC35D5E IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] CCCCCCCC IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] CCCCCCCC IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 53EC8B55 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 558B5756 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 8BDA8B08 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] FA033C7A IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 503F8166 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 03547545 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] FCFA03F2 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 0C6D8B55 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 96C203AD IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 3351FD87 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0FC180C9 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 0C72A6F3 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] FD875996 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 8166EEC5 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 2BEEB6EE IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] EBFE2BF1 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 66C033E3 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] E0C1078B IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] 1C738B02 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] F003F203 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 5DC203AD IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] [5D5B5E5F] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] CCCCCCC3 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] CCCCCCCC IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] CCCCCCCC IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] CCCCCCCC IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 83EC8B55 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 45C754EC IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 140000D8 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] FF4EE813 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 4589FFFF IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 91C468C8 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 458B1314 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 5DE850C8 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 83FFFFFF IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 458908C4 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] D40D8BD0 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 158BF04D IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] [131491D8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] A1F45589 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] [131491DC] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] 66F84589 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 91E00D8B IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 89661314 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 158AFC4D IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] [131491E2] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 8DFE5588 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 8B50F045 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] FF50C845 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 4589D055 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] CC45C7EC IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 00000000 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 00D445C7 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 8B000000 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] 4589D845 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] D44D8BD4 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] 893C518B IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 04C083E8 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 8BE84589 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] C183E84D IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] E84D8914 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 03D8558B IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 5589E855 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] E4458BE4 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 8BCC4589 IAT C:\WINDOWS\System32\svchost.exe[3100] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 558BCC4D IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 64C03356 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 000030A1 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 0C408B00 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] AD1C708B IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 5E08408B IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] CCCCCCC3 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!GetTokenInformation] CCCCCCCC IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenProcessToken] CCCCCCCC IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 53EC8B55 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 558B5756 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] 8BDA8B08 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegCloseKey] FA033C7A IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 503F8166 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 03547545 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] FCFA03F2 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrlenW] 0C6D8B55 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalFree] 96C203AD IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 3351FD87 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThread] 0FC180C9 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 0C72A6F3 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] FD875996 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LCMapStringW] 8166EEC5 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!FreeLibrary] 2BEEB6EE IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcpyW] EBFE2BF1 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 66C033E3 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpiW] E0C1078B IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!ExitProcess] 1C738B02 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCommandLineW] F003F203 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 5DC203AD IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcessHeap] [5D5B5E5F] C:\WINDOWS\system32\comctl32.dll (Common Controls Library/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetErrorMode] CCCCCCC3 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] CCCCCCCC IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] CCCCCCCC IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] CCCCCCCC IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 83EC8B55 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 565330EC IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetTickCount] FF52E857 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 1C68FFFF IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] 50000841 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] E8E04589 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!TerminateProcess] FFFFFF64 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 41100D8B IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LocalAlloc] 158B0008 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!lstrcmpW] [00084114] C:\WINDOWS\system32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation) IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] A1EC4589 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 66D04589 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlFreeHeap] 084118A1 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtOpenKey] D44D8900 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscat] 411A0D8A IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcscpy] C4830008 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlAllocateHeap] D8558908 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] DC458966 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitUnicodeString] 8DDE4D88 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlInitializeSid] 8B50D045 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] FF50E045 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 4589EC55 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!NtClose] 08558BFC IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 8B3C428B IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 0080108C IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] CA030000 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlGetAce] 00047983 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlImageNtHeader] 75E84D89 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!wcslen] 0C79830A IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 9C840F00 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [ntdll.dll!RtlCopySid] 8B000000 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] C203F203 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] 8BE07589 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] 89F68530 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 7F74E445 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerListen] 83FFCF83 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] F685FFCB IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] B70F0579 IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 8BDB33FE IAT C:\WINDOWS\system32\svchost.exe[3520] @ C:\WINDOWS\system32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] CA030C49 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\BTHUSB \Device\00000072 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000074 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Threads - GMER 1.0.15 ---- Thread System [4:572] 88286B60 Thread System [4:576] 88286180 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b2cea9 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272b2cea9@60d0a9cb7629 0x54 0x79 0x1D 0x5C ... Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b2cea9 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000272b2cea9@60d0a9cb7629 0x54 0x79 0x1D 0x5C ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Arczi\Dane aplikacji\Alrvrv.exe ---- EOF - GMER 1.0.15 ----