GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-14 13:41:23 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST980815A rev.3.ALD Running: e2dm0uz6.exe; Driver: C:\DOCUME~1\Baran\LOCALS~1\Temp\uwkdipoc.sys ---- System - GMER 1.0.15 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xF15440C0] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xF15440D4] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xF1544100] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xF1544156] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xF15440AC] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xF1544084] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xF1544098] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xF15440EA] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xF154412C] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xF1544116] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xF1544180] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xF154416C] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xF1544140] Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwYieldExecution 804F0EB6 7 Bytes JMP F1544144 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwOpenKey 80568F68 5 Bytes JMP F15440B0 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwCreateKey 8057376F 5 Bytes JMP F15440C4 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtOpenProcess 80574AA9 5 Bytes JMP F1544088 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwUnmapViewOfSection 8057A81E 5 Bytes JMP F1544170 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtMapViewOfSection 8057AC99 7 Bytes JMP F154415A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwSetValueKey 8057BC5B 7 Bytes JMP F154411A \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwTerminateProcess 805839B9 5 Bytes JMP F1544184 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtOpenThread 8059323B 5 Bytes JMP F154409C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwDeleteValueKey 80595C1A 7 Bytes JMP F1544104 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwDeleteKey 80597FFA 7 Bytes JMP F15440D8 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!NtSetSecurityObject 8059D2BD 5 Bytes JMP F1544130 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) PAGE ntoskrnl.exe!ZwRenameKey 8064F526 7 Bytes JMP F15440EE \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes JMP 00910FE5 .text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtCreateFile + 4 7C90D0B2 1 Byte [84] .text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtCreateProcess 7C90D14E 3 Bytes JMP 00910011 .text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtCreateProcess + 4 7C90D152 1 Byte [84] .text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 3 Bytes JMP 00910000 .text C:\WINDOWS\system32\svchost.exe[288] ntdll.dll!NtProtectVirtualMemory + 4 7C90D6F2 1 Byte [84] .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00900FEF .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00900F97 .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00900FA8 .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00900FB9 .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0090006C .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00900FCA .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009000D5 .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009000C4 .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00900F57 .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00900F72 .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00900F46 .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0090005B .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0090000A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009000A7 .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00900036 .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0090001B .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009000F0 .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A50FC3 .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A50080 .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A50FD4 .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A5000A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A5006F .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A50FE5 .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A5004A .text C:\WINDOWS\system32\svchost.exe[288] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A50039 .text C:\WINDOWS\system32\svchost.exe[288] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A40F9C .text C:\WINDOWS\system32\svchost.exe[288] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A40027 .text C:\WINDOWS\system32\svchost.exe[288] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A40FC8 .text C:\WINDOWS\system32\svchost.exe[288] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A40FEF .text C:\WINDOWS\system32\svchost.exe[288] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A40FB7 .text C:\WINDOWS\system32\svchost.exe[288] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A40000 .text C:\WINDOWS\system32\svchost.exe[288] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 0093000A .text C:\WINDOWS\system32\svchost.exe[288] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 00930FEF .text C:\WINDOWS\system32\svchost.exe[288] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 00930FD4 .text C:\WINDOWS\system32\svchost.exe[288] WININET.dll!InternetOpenUrlW 771D5BC2 5 Bytes JMP 00930FC3 .text C:\WINDOWS\system32\svchost.exe[288] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00920000 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 02B7000A .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02B7001B .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02B70FE5 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02B50000 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02B50F99 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02B5008E .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02B5007D .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02B5006C .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02B50047 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02B500BF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02B50F77 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02B500E1 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02B500D0 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02B500F2 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02B50FC0 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02B50FE5 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02B50F88 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02B50036 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02B50025 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02B50F52 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02BA0FCD .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02BA006F .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02BA0FDE .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02BA0FEF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02BA0FB2 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02BA000A .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02BA0054 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02BA0043 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02B90033 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] msvcrt.dll!system 77C293C7 5 Bytes JMP 02B90FA8 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02B90022 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02B90FEF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02B90FCD .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02B90FDE .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[444] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02B80FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00E90000 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00E90011 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00E90FDB .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E80FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E80F4B .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E80040 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E80F72 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E80F83 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E80025 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E80F18 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E80F29 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E800AA .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E80F07 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E800BB .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E80F94 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E80FD4 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E80F3A .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E80FC3 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E80014 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E80085 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01470FC3 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01470F90 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0147000A .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01470FD4 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01470FA1 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01470FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01470043 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01470FB2 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01460FB9 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] msvcrt.dll!system 77C293C7 5 Bytes JMP 01460044 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01460FDE .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0146000C .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01460033 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01460FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01450000 .text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 006C0000 .text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 006C0036 .text C:\WINDOWS\system32\services.exe[916] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006C001B .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006B0000 .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006B0076 .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006B005B .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006B0F81 .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006B0F9E .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006B0040 .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006B0F5C .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006B00AE .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006B00E1 .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006B00D0 .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 006B00FC .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 006B0FAF .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 006B0011 .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006B0091 .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 006B0FCA .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 006B0FE5 .text C:\WINDOWS\system32\services.exe[916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006B00BF .text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0074000A .text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00740F5E .text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00740FC3 .text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00740FDE .text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00740F79 .text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00740FEF .text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0074001B .text C:\WINDOWS\system32\services.exe[916] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00740F9E .text C:\WINDOWS\system32\services.exe[916] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 006E006E .text C:\WINDOWS\system32\services.exe[916] msvcrt.dll!system 77C293C7 5 Bytes JMP 006E0053 .text C:\WINDOWS\system32\services.exe[916] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 006E0FE3 .text C:\WINDOWS\system32\services.exe[916] msvcrt.dll!_open 77C2F566 5 Bytes JMP 006E0000 .text C:\WINDOWS\system32\services.exe[916] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 006E0042 .text C:\WINDOWS\system32\services.exe[916] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 006E001D .text C:\WINDOWS\system32\services.exe[916] WS2_32.dll!socket 71AB4211 5 Bytes JMP 006D0000 .text C:\WINDOWS\system32\lsass.exe[928] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00050FE5 .text C:\WINDOWS\system32\lsass.exe[928] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00050FCA .text C:\WINDOWS\system32\lsass.exe[928] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0005000A .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00040000 .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0004009A .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00040FA5 .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00040089 .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00040FC0 .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0004003D .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 000400D2 .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 000400B5 .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00040F4D .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00040F5E .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00040F3C .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00040062 .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00040011 .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00040F94 .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0004002C .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00040FDB .text C:\WINDOWS\system32\lsass.exe[928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00040F6F .text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 008D0FC3 .text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 008D0054 .text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 008D0FD4 .text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 008D000A .text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 008D0F97 .text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 008D0FEF .text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 008D0039 .text C:\WINDOWS\system32\lsass.exe[928] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 008D0FA8 .text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00070FA1 .text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!system 77C293C7 5 Bytes JMP 0007002C .text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00070FC6 .text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00070000 .text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0007001B .text C:\WINDOWS\system32\lsass.exe[928] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00070FE3 .text C:\WINDOWS\system32\lsass.exe[928] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00060000 .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00640000 .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00640011 .text C:\WINDOWS\system32\svchost.exe[1088] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00640FDB .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0063000A .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00630093 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00630F9E .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00630FAF .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0063006C .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0063002C .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00630F61 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00630F72 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00630F32 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006300CB .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00630F17 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00630047 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0063001B .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00630F8D .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00630FCA .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00630FE5 .text C:\WINDOWS\system32\svchost.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006300BA .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00980FCD .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00980057 .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00980FDE .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00980FEF .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00980F9A .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00980000 .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00980FAB .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B8, 88] .text C:\WINDOWS\system32\svchost.exe[1088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00980FBC .text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00660058 .text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!system 77C293C7 5 Bytes JMP 00660047 .text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00660011 .text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00660FEF .text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0066002C .text C:\WINDOWS\system32\svchost.exe[1088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00660000 .text C:\WINDOWS\system32\svchost.exe[1088] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00650000 .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00A50FEF .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00A50FB9 .text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00A50FCA .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A40000 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A400BF .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A40FCA .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A400A4 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A40087 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A40051 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A400E6 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A40F9E .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A4011C .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A40F83 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A40F72 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A4006C .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A40025 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A40FAF .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A40040 .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A40FEF .text C:\WINDOWS\system32\svchost.exe[1188] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A40101 .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B3001E .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B3005E .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B30FCD .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B30FDE .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B30043 .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B30FEF .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B30FA1 .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D3, 88] .text C:\WINDOWS\system32\svchost.exe[1188] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B30FBC .text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A70049 .text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A70FBE .text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A7001D .text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A70FE3 .text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A70038 .text C:\WINDOWS\system32\svchost.exe[1188] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A7000C .text C:\WINDOWS\system32\svchost.exe[1188] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A60FE5 .text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0112000A .text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01120FE5 .text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0112001B .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0111000A .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01110093 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01110082 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01110F9E .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01110FAF .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01110FD4 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01110F66 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01110F83 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011100C9 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01110F30 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011100DA .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01110051 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0111001B .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011100AE .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01110FE5 .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0111002C .text C:\WINDOWS\System32\svchost.exe[1224] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01110F4B .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01700040 .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01700FCA .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0170001B .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01700FE5 .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01700087 .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01700000 .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01700076 .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0170005B .text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01500FC3 .text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!system 77C293C7 5 Bytes JMP 01500044 .text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01500029 .text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01500FEF .text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01500FD4 .text C:\WINDOWS\System32\svchost.exe[1224] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0150000C .text C:\WINDOWS\System32\svchost.exe[1224] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01130FEF .text C:\WINDOWS\System32\svchost.exe[1224] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 01140FD4 .text C:\WINDOWS\System32\svchost.exe[1224] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 01140FE5 .text C:\WINDOWS\System32\svchost.exe[1224] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 0114000A .text C:\WINDOWS\System32\svchost.exe[1224] WININET.dll!InternetOpenUrlW 771D5BC2 5 Bytes JMP 01140027 .text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00710FEF .text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 0071000A .text C:\WINDOWS\system32\svchost.exe[1576] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00710FD4 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0070000A .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0070008C .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00700F97 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700FA8 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700FB9 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00700FD4 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00700F61 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00700F72 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007000DF .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007000CE .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007000FA .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00700051 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00700025 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0070009D .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00700FE5 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00700036 .text C:\WINDOWS\system32\svchost.exe[1576] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00700F50 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0085002C .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00850073 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00850FDB .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00850011 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00850058 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00850000 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00850047 .text C:\WINDOWS\system32\svchost.exe[1576] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00850FC0 .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00730FA8 .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!system 77C293C7 5 Bytes JMP 00730033 .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00730022 .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00730FEF .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00730FC3 .text C:\WINDOWS\system32\svchost.exe[1576] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00730FDE .text C:\WINDOWS\system32\svchost.exe[1576] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00720FEF .text C:\WINDOWS\Explorer.EXE[1744] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0268000A .text C:\WINDOWS\Explorer.EXE[1744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 02680FDE .text C:\WINDOWS\Explorer.EXE[1744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 02680FEF .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02670FEF .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02670F46 .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02670F57 .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02670F72 .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02670F83 .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02670025 .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02670082 .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02670067 .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 026700BF .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 026700AE .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 026700D0 .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02670F9E .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02670000 .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02670056 .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02670FB9 .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02670FCA .text C:\WINDOWS\Explorer.EXE[1744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02670093 .text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02E80FC0 .text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02E80062 .text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02E80011 .text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02E80000 .text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02E80051 .text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02E80FEF .text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 02E8002C .text C:\WINDOWS\Explorer.EXE[1744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02E80FAF .text C:\WINDOWS\Explorer.EXE[1744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02E7004E .text C:\WINDOWS\Explorer.EXE[1744] msvcrt.dll!system 77C293C7 5 Bytes JMP 02E7003D .text C:\WINDOWS\Explorer.EXE[1744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02E70018 .text C:\WINDOWS\Explorer.EXE[1744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02E70FEF .text C:\WINDOWS\Explorer.EXE[1744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02E70FC3 .text C:\WINDOWS\Explorer.EXE[1744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02E70FDE .text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 026A001B .text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 026A0000 .text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 026A002C .text C:\WINDOWS\Explorer.EXE[1744] WININET.dll!InternetOpenUrlW 771D5BC2 5 Bytes JMP 026A0049 .text C:\WINDOWS\Explorer.EXE[1744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02690000 .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00BF0FE5 .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00BF0FCA .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BF0000 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FE5 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0F5F .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0F70 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE004A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0F97 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0FB2 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE0F42 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE008A .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F02 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F1D .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0EE7 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0039 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE0FD4 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE0079 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0014 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE0FC3 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE00A5 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C20040 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C20087 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C20FEF .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C2001B .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C20FCA .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C2000A .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C2006C .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C20051 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10FB2 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10FC3 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C10FEF .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C1000C .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10FDE .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C1001D .text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C00FE5 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 01E90FEF .text C:\Program Files\Internet Explorer\iexplore.exe[2336] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 01E9000A .text C:\Program Files\Internet Explorer\iexplore.exe[2336] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 01E90FDE .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01E80000 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01E80065 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01E80054 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01E80F7A .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01E80043 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01E80FB2 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01E80087 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01E80076 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01E80EF8 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01E80F09 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01E800B6 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01E80FA1 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01E80FE5 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01E80F55 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01E80FC3 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01E80FD4 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01E80F24 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01EC005A .text C:\Program Files\Internet Explorer\iexplore.exe[2336] msvcrt.dll!system 77C293C7 5 Bytes JMP 01EC0049 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01EC001D .text C:\Program Files\Internet Explorer\iexplore.exe[2336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01EC0000 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01EC002E .text C:\Program Files\Internet Explorer\iexplore.exe[2336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01EC0FEF .text C:\Program Files\Internet Explorer\iexplore.exe[2336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01ED0FC0 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01ED0058 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01ED0011 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01ED0FE5 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01ED003D .text C:\Program Files\Internet Explorer\iexplore.exe[2336] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01ED0000 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01ED002C .text C:\Program Files\Internet Explorer\iexplore.exe[2336] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01ED0F9B .text C:\Program Files\Internet Explorer\iexplore.exe[2336] WININET.dll!InternetOpenW 771BAF55 5 Bytes JMP 01EB0FEF .text C:\Program Files\Internet Explorer\iexplore.exe[2336] WININET.dll!InternetOpenA 771C57A6 5 Bytes JMP 01EB0000 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] WININET.dll!InternetOpenUrlA 771C5A72 5 Bytes JMP 01EB0027 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] WININET.dll!InternetOpenUrlW 771D5BC2 5 Bytes JMP 01EB0038 .text C:\Program Files\Internet Explorer\iexplore.exe[2336] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01EA0000 .text C:\Program Files\Mozilla Firefox\firefox.exe[2904] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\mfevtps.exe[704] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW] [0040AB80] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) IAT C:\WINDOWS\system32\mfevtps.exe[704] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0040ABE0] C:\WINDOWS\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdi2k.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275011.JPG 3926256 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275012.JPG 3751933 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275013.JPG 3586988 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275014.JPG 3959981 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275015.JPG 3804709 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275016.JPG 4044214 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275017.JPG 3755846 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275018.JPG 3966900 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275019.JPG 3576065 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275020.JPG 3657109 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275021.JPG 3602812 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275022.JPG 3479047 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275023.JPG 3553418 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275024.JPG 3699937 bytes File C:\Documents and Settings\Baran\Desktop\BASIA 10.05.2011\TO JUZ SKOPIOWALAM\Desktop\STATYSTYCZNY PRZEWODNIK\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\Rozdz. 11 - Jednoczynnikowa analiza wariancji w schemacie wewnatrzgrupowym\PA275025.JPG 3919460 bytes ---- EOF - GMER 1.0.15 ----