Ir ao conteúdo
  • Cadastre-se

IrisC

Membros Plenos
  • Total de itens

    27
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

0

Sobre IrisC

  • Data de Nascimento 25-06-1971 (47 anos)

Informações gerais

  • Cidade e Estado
    Porto Alegre
  1. passei o ccleaner, mas continua lento para desligar. voce acha que se eu instalar o windows novamente vai ajudar? tens alguma outra dica? de qualquer forma muitíssimo obrigada pela ajuda com o malware, vocês aí do fórum são muito bons mesmo ! um abraço
  2. Oi Renato, o meu note está muito lento na hora que eu mando desligar, ele demora tanto que eu não tenho paciência de esperar e então eu aperto no botão de turn off. Quando ligo, ele inicia rápido, mas quando desligo demora muito. de resto está tudo funcinando normal. Lembra que o dr.web colocou uns arquivos em quarentena? eu posso excluir? até mais.
  3. log karspersky Scan ---- Scanned: 626523 Detected: 0 Untreated: 0 Start time: 2008-11-24 22:19 Duration: 03:07:46 Finish time: 2008-11-25 01:27 Detected -------- Status Object ------ ------ Events ------ Time Name Status Reason ---- ---- ------ ------ 2008-11-24 22:46 File: C:\Arquivos de programas\McAfee.com\Agent\uninst\screm.ui/agntcons.vbs password protected 2008-11-24 22:46 File: C:\Arquivos de programas\McAfee.com\Agent\uninst\screm.ui/agntlang.vbs password protected 2008-11-24 22:46 File: C:\Arquivos de programas\McAfee.com\Agent\uninst\screm.ui/comctl.lpk password protected 2008-11-24 22:46 File: C:\Arquivos de programas\McAfee.com\Agent\uninst\screm.ui/config.ini password protected 2008-11-24 22:46 File: C:\Arquivos de programas\McAfee.com\Agent\uninst\screm.ui/pbar.vbs password protected 2008-11-24 22:46 File: C:\Arquivos de programas\McAfee.com\Agent\uninst\screm.ui/UnInsStr.vbs password protected 2008-11-24 22:46 File: C:\Arquivos de programas\McAfee.com\Agent\uninst\screm.ui/uninst.vbs password protected 2008-11-24 22:46 File: C:\Arquivos de programas\McAfee.com\Agent\uninst\screm.ui/uninstall.htm password protected 2008-11-25 00:38 File: C:\unisinos\TC.zip/TC/Cazella/SistemasMultiagente/recommenderSystem-2005.zip/sr.pdf password protected 2008-11-25 00:50 File: C:\unisinos\TC\Cazella\SistemasMultiagente\recommenderSystem-2005.zip/sr.pdf password protected Statistics ---------- Object Scanned Detected Untreated Deleted Moved to Quarantine Archives Packed files Password protected Corrupted ------ ------- -------- --------- ------- ------------------- -------- ------------ ------------------ --------- All objects 626523 0 0 0 0 12340 910 10 27 System memory 5775 0 0 0 0 1 14 0 0 Startup objects 737 0 0 0 0 0 29 0 0 Disk boot sectors 2 0 0 0 0 0 0 0 0 Meu computador 620009 0 0 0 0 12339 867 10 27 Settings -------- Parameter Value --------- ----- Security Level Recommended Action Prompt for action when the scan is complete Run mode Manually File types Scan all files Scan only new and changed files No Scan archives All Scan embedded OLE objects All Skip if object is larger than No Skip if scan takes longer than No Parse email formats No Scan password-protected archives No Enable iChecker technology No Enable iSwift technology No Show detected threats on "Detected" tab Yes Rootkits search Yes Deep rootkits search No Use heuristic analyzer Yes Quarantine ---------- Status Object Size Added ------ ------ ---- ----- Backup ------ Status Object Size ------ ------ ----
  4. Renato, desconsidere meu post anterior, o serviço estava fora e por isso não conseguia baixar o karspersky. Agora já estou baixando e hoje a noite vou deixar rodando na máquina, até mais.
  5. Renato, o link só consegue chegar até esse endereço http://downloads.kaspersky-labs.com/devbuilds/ quando clico em : 23 Nov 2008 21:50:39 1024 AVPTool/ dá a seguinte mensagem: Not Found. The requested resource was not found. httpd Consegui este link no google http://www.kaspersky.com.br/removaltools/ porém tem uma lista com vários tipos de virus e não sei qual deles baixar, você pode ajudar? obrigada
  6. Log do Dr.WEB ComboFix.exe\32788R22FWJFW\psexec.cfexe C:\ComboFix.exe Program.PsExec.171 ComboFix.exe C:\ O arquivo contém objectos infectados Movido. BetterSP2.exe C:\Arquivos de programas\BitSpirit Program.Tcpip Movido. DefaultDevicew.exe C:\Documents and Settings\Irismar Correa\.netbeans\5.0\emulators\wtk22_win\emulator\wtk22\bin Dialer.Gate.13 Eliminado. emulatorw.exe C:\Documents and Settings\Irismar Correa\.netbeans\5.0\emulators\wtk22_win\emulator\wtk22\bin Dialer.Gate.13 Eliminado. ktoolbar.exe C:\Documents and Settings\Irismar Correa\.netbeans\5.0\emulators\wtk22_win\emulator\wtk22\bin Dialer.Gate.13 Eliminado. prefsw.exe C:\Documents and Settings\Irismar Correa\.netbeans\5.0\emulators\wtk22_win\emulator\wtk22\bin Dialer.Gate.13 Eliminado. utilsw.exe C:\Documents and Settings\Irismar Correa\.netbeans\5.0\emulators\wtk22_win\emulator\wtk22\bin Dialer.Gate.13 Eliminado. ComboFix.exe\32788R22FWJFW\psexec.cfexe C:\Documents and Settings\Irismar Correa\Desktop\ComboFix.exe Program.PsExec.171 ComboFix.exe C:\Documents and Settings\Irismar Correa\Desktop O arquivo contém objectos infectados Movido. xampplite-win32-1.6.3a.exe\xampplite/apache/bin/pv.exe C:\Documents and Settings\Irismar Correa\Desktop\xampplite-win32-1.6.3a.exe Program.PrcView.3725 xampplite-win32-1.6.3a.exe C:\Documents and Settings\Irismar Correa\Desktop O arquivo contém objectos infectados Movido. A0013185.exe\32788R22FWJFW\psexec.cfexe C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP23\A0013185.exe Program.PsExec.171 A0013185.exe C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP23 O arquivo contém objectos infectados Movido. A0013186.exe C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP23 Dialer.Gate.13 Eliminado. A0013187.exe C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP23 Dialer.Gate.13 Eliminado. A0013188.exe C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP23 Dialer.Gate.13 Eliminado. A0013189.exe C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP23 Dialer.Gate.13 Eliminado. A0013190.exe C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP23 Dialer.Gate.13 Eliminado. A0013191.exe\32788R22FWJFW\psexec.cfexe C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP23\A0013191.exe Program.PsExec.171 A0013191.exe C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP23 O arquivo contém objectos infectados Movido. A0013192.exe\xampplite/apache/bin/pv.exe C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP23\A0013192.exe Program.PrcView.3725 A0013192.exe C:\System Volume Information\_restore{3B5EBFDA-98F9-466B-B187-58921A935FC8}\RP23 O arquivo contém objectos infectados Movido. HiJack ===== Logfile of HijackThis v1.99.1 Scan saved at 00:50, on 2008-11-23 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe C:\WINDOWS\Explorer.EXE C:\Arquivos de programas\McAfee\MSK\MskSrver.exe C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nutsrv4.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\ThreatFire\TFService.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Arquivos de programas\Dell\QuickSet\quickset.exe C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\ThreatFire\TFTray.exe C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Arquivos de programas\Digital Line Detect\DLG.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Documents and Settings\Irismar Correa\Desktop\HiJackThis_v2.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=0061222 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\ARQUIV~1\mcafee\msk\mcapbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\BAE\BAE.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\Arquivos de programas\Rational\Rational Test\nutcroot\bin\ncoeenv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em AMANDA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P41 "Auto EPSON Stylus CX4100 Series em AMANDA" /O20 "\\AMANDA\Impressora3" /M "Stylus CX4100" O4 - HKLM\..\Run: [ThreatFire] C:\Arquivos de programas\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Download Using &BitSpirit - C:\Arquivos de programas\BitSpirit\bsurl.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Arquivos de programas\Altova\XMLSpy2008\spy.htm (file missing) O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Arquivos de programas\Altova\XMLSpy2008\spy.htm (file missing) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.canadiangeographic.ca O15 - Trusted Zone: http://ego.globo.com O15 - Trusted Zone: http://www.google.com.br O15 - Trusted Zone: http://www.hihostels.ca O15 - Trusted Zone: http://www.ilac.com O15 - Trusted Zone: http://forum.imasters.com.br O15 - Trusted Zone: http://*.mcafee.com O15 - Trusted Zone: http://www.pandasecurity.com O15 - Trusted Zone: http://www.pandasoftware.com O15 - Trusted Zone: http://brasil.peugeot.com.br O15 - Trusted Zone: http://ecommerce.peugeot.com.br O15 - Trusted Zone: http://www.techsupportforum.com O15 - Trusted Zone: http://www.tiosam.com O15 - Trusted Zone: http://www.ufrgs.br O15 - Trusted Zone: http://www.unisinos.br O15 - Trusted Zone: http://www.ava.unisinos.br O15 - Trusted Zone: http://www.myfuture.utoronto.ca O15 - Trusted Zone: http://www.vec.ca O15 - Trusted Zone: http://www.wtccanada.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: qcom - {B8DBD265-42C3-43E6-B439-E968C71984C6} - C:\ARQUIV~1\COMMON~1\QUESTS~1\CODEXP~1\qcom.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\ThreatFire\TFService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  7. Oi Renato, que bom que estás de volta, aí vai o log Logfile of HijackThis v1.99.1 Scan saved at 20:40, on 2008-11-21 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\GbPlugin\GbpSv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe C:\Arquivos de programas\McAfee\MSK\MskSrver.exe C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe C:\WINDOWS\system32\nutsrv4.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe C:\Arquivos de programas\ThreatFire\TFService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe C:\Arquivos de programas\Dell\QuickSet\quickset.exe C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\WLTRAY.exe C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE C:\Arquivos de programas\QuickTime\qttask.exe C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe C:\Arquivos de programas\ThreatFire\TFTray.exe C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Arquivos de programas\Digital Line Detect\DLG.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe C:\Arquivos de programas\Mozilla Firefox\firefox.exe C:\Documents and Settings\Irismar Correa\Desktop\HiJackThis_v2.exe \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.br/ig/dell?hl=pt-BR&client=dell-row-rel&channel=br&ibd=0061222 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Barra de Ferramentas do Yahoo! com bloqueador de pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Arquivos de programas\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\ARQUIV~1\mcafee\msk\mcapbho.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Arquivos de programas\McAfee\VirusScan\scriptsn.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\ARQUIV~1\IDM\QUICKF~1\PlugIns\IEHelp.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Arquivos de programas\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense ABN AMRO - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Arquivos de programas\BAE\BAE.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Dell QuickSet] C:\Arquivos de programas\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [synTPEnh] C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [ATICCC] "C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\Arquivos de programas\Rational\Rational Test\nutcroot\bin\ncoeenv.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Arquivos de programas\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [ink Monitor] C:\Arquivos de programas\EPSON\Ink Monitor\InkMonitor.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em AMANDA] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P41 "Auto EPSON Stylus CX4100 Series em AMANDA" /O20 "\\AMANDA\Impressora3" /M "Stylus CX4100" O4 - HKLM\..\Run: [ThreatFire] C:\Arquivos de programas\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [mcagent_exe] C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe /runkey O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O8 - Extra context menu item: Download Using &BitSpirit - C:\Arquivos de programas\BitSpirit\bsurl.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Arquivos de programas\Altova\XMLSpy2008\spy.htm (file missing) O9 - Extra 'Tools' menuitem: Edit with Altova X&MLSpy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Arquivos de programas\Altova\XMLSpy2008\spy.htm (file missing) O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp O15 - Trusted Zone: http://www.adobe.com O15 - Trusted Zone: http://www.canadiangeographic.ca O15 - Trusted Zone: http://ego.globo.com O15 - Trusted Zone: http://www.google.com.br O15 - Trusted Zone: http://www.hihostels.ca O15 - Trusted Zone: http://www.ilac.com O15 - Trusted Zone: http://forum.imasters.com.br O15 - Trusted Zone: http://*.mcafee.com O15 - Trusted Zone: http://www.pandasecurity.com O15 - Trusted Zone: http://www.pandasoftware.com O15 - Trusted Zone: http://brasil.peugeot.com.br O15 - Trusted Zone: http://ecommerce.peugeot.com.br O15 - Trusted Zone: http://www.techsupportforum.com O15 - Trusted Zone: http://www.tiosam.com O15 - Trusted Zone: http://www.ufrgs.br O15 - Trusted Zone: http://www.unisinos.br O15 - Trusted Zone: http://www.ava.unisinos.br O15 - Trusted Zone: http://www.myfuture.utoronto.ca O15 - Trusted Zone: http://www.vec.ca O15 - Trusted Zone: http://www.wtccanada.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\ARQUIV~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Help\hxds.dll O18 - Protocol: qcom - {B8DBD265-42C3-43E6-B439-E968C71984C6} - C:\ARQUIV~1\COMMON~1\QUESTS~1\CODEXP~1\qcom.dll O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\ARQUIV~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\ARQUIV~1\ARQUIV~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\ARQUIV~1\GbPlugin\gbiehabn.dll O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\ O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O20 - Winlogon Notify: __GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\Arquivos de programas\GbPlugin\GbpSv.exe O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Arquivos de programas\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\ARQUIV~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Arquivos de programas\McAfee\MSK\MskSrver.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Arquivos de programas\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: NuTCRACKERService - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe O23 - Service: ThreatFire - PC Tools - C:\Arquivos de programas\ThreatFire\TFService.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
  8. IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7D0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F180000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F180000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F180000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F180000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F180000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F180000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F180000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F180000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 5F180000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 5F140000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryW] 5F180000 IAT c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!LoadLibraryA] 5F140000 ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device \FileSystem\Fastfat \Fat kmixer.sys (Kernel Mode Audio Mixer/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 ---- EOF - GMER 1.0.14 ----
  9. IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ c:\windows\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[952] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1076] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7D0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000
  10. IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[772] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\svchost.exe[840] @ c:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[840] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\System32\svchost.exe[896] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
  11. .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\Digital Line Detect\DLG.exe[2972] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3540] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\WINDOWS\System32\alg.exe[3540] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\alg.exe[3540] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\WINDOWS\System32\alg.exe[3540] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\System32\alg.exe[3540] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\System32\alg.exe[3540] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\WINDOWS\System32\alg.exe[3540] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\WINDOWS\System32\alg.exe[3540] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\alg.exe[3540] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\System32\alg.exe[3540] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\alg.exe[3540] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\System32\alg.exe[3540] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\WINDOWS\System32\alg.exe[3540] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\Explorer.EXE[548] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\services.exe[572] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\LSASRV.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMSRV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2_32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2HELP.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMLIB.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualProtect] 5F7C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F230000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] 5F190000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F270000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\iphlpapi.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegCreateKeyExA] 5F630000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [ADVAPI32.dll!RegOpenKeyExA] 5F670000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 5F150000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileA] 5F720000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateFileW] 5F6E0000 IAT C:\WINDOWS\system32\lsass.exe[584] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] 5F5C0000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000 IAT C:\WINDOWS\system32\svchost.exe[772] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] 5F150000
  12. .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ] .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ] .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de Programas\CyberLink\PowerDVD\DVDLauncher.exe[2560] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\QuickTime\qttask.exe[2584] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe[2660] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] KERNEL32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!GetKeyboardState 77D2EF35 5 Bytes JMP 0684FB80 C:\Arquivos de programas\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil) .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!FindWindowA 77D4F3C6 5 Bytes JMP 0686F0C0 C:\Arquivos de programas\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil) .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!FindWindowExA 77D4F7D0 5 Bytes JMP 0686F0F0 C:\Arquivos de programas\GbPlugin\gbieh.dll (Gbieh Module/Banco do Brasil) .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\CLI.EXE[2720] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\McAfee.com\Agent\mcagent.exe[2788] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2808] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\WINDOWS\stsystra.exe[2816] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\stsystra.exe[2816] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\stsystra.exe[2816] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\stsystra.exe[2816] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\WINDOWS\stsystra.exe[2816] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\stsystra.exe[2816] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\WINDOWS\stsystra.exe[2816] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\WINDOWS\stsystra.exe[2816] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\stsystra.exe[2816] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\stsystra.exe[2816] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\stsystra.exe[2816] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\stsystra.exe[2816] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\WINDOWS\stsystra.exe[2816] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\WINDOWS\stsystra.exe[2816] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\WINDOWS\stsystra.exe[2816] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\stsystra.exe[2816] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\stsystra.exe[2816] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\WINDOWS\stsystra.exe[2816] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\stsystra.exe[2816] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\stsystra.exe[2816] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\WINDOWS\stsystra.exe[2816] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\WINDOWS\stsystra.exe[2816] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\stsystra.exe[2816] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\stsystra.exe[2816] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\stsystra.exe[2816] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\stsystra.exe[2816] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\WINDOWS\stsystra.exe[2816] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2848] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2848] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2848] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\ctfmon.exe[2848] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\ctfmon.exe[2848] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\ctfmon.exe[2848] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe[2952] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A
  13. .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\McAfee\MSK\MskSrver.exe[1888] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\UAService7.exe[2032] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\UAService7.exe[2032] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\UAService7.exe[2032] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\UAService7.exe[2032] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\UAService7.exe[2032] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\UAService7.exe[2032] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\UAService7.exe[2032] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\UAService7.exe[2032] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\UAService7.exe[2032] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A .text C:\WINDOWS\system32\UAService7.exe[2032] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\UAService7.exe[2032] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\UAService7.exe[2032] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\WLTRYSVC.EXE[2136] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\System32\bcmwltry.exe[2172] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\bcmwltry.exe[2172] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\System32\bcmwltry.exe[2172] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\bcmwltry.exe[2172] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\System32\bcmwltry.exe[2172] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\WINDOWS\System32\bcmwltry.exe[2172] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\WINDOWS\System32\bcmwltry.exe[2172] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] KERNEL32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ] .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F790F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\ATI Technologies\ATI.ACE\cli.exe[2248] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\Dell\QuickSet\quickset.exe[2464] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\Synaptics\SynTP\SynTPEnh.exe[2472] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\WLTRAY.exe[2508] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\WLTRAY.exe[2508] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\WLTRAY.exe[2508] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\WLTRAY.exe[2508] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\WLTRAY.exe[2508] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\WLTRAY.exe[2508] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ] .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ] .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!FreeLibrary + 15 7C80AA7B 4 Bytes [ BD, 55, EF, F4 ] .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A .text C:\02_KitAntVirus\Gmer\gmer.exe[2552] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ]
  14. .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 87, 5F ] .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F830F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] WS2_32.dll!socket 71A73B91 5 Bytes JMP 01630FEF .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\McAfee\SiteAdvisor\McSACore.exe[1368] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\ARQUIV~1\McAfee\MSC\mcmscsvc.exe[1436] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mna\mcnasvc.exe[1528] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4C, 5F ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3A, 5F ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F690F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F720F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0041C340 c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F240F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F210F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7E0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F570F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 0041C3C0 c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.) .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6F0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F660F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3C0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5A0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3F0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F330F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6C0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F600F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5D0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F630F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F750F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4E0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F420F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F450F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7C, 5F ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F510F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1E0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F780F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1B0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F480F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F360F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 55, 5F ] .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F300F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2D0F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F270F5A .text c:\ARQUIV~1\ARQUIV~1\mcafee\mcproxy\mcproxy.exe[1608] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2A0F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ] .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ] .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ] .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\ARQUIV~1\McAfee\VIRUSS~1\mcshield.exe[1624] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ] .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE[1696] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\McAfee\MPF\MPFSrv.exe[1728] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ]
  15. .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 007A0F6D .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 007A0062 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 007A0F88 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 007A0047 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 007A002C .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 007A009F .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 007A008E .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 007A0F1E .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 007A00C1 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 007A00D2 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 007A0FA5 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 007A0FEF .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 007A007D .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 007A0FC0 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 007A001B .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 007A00B0 .text C:\WINDOWS\system32\svchost.exe[952] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00790025 .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00790073 .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00790FCA .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00790000 .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00790058 .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00790047 .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00790FE5 .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00790036 .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system32\svchost.exe[952] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ] .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[952] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\svchost.exe[952] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A .text C:\WINDOWS\system32\svchost.exe[952] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A .text C:\WINDOWS\system32\svchost.exe[952] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A .text C:\WINDOWS\system32\svchost.exe[952] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A .text C:\WINDOWS\system32\svchost.exe[952] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00770000 .text C:\WINDOWS\system32\Ati2evxx.exe[1040] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\Ati2evxx.exe[1040] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\Ati2evxx.exe[1040] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\Ati2evxx.exe[1040] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ] .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ] .text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\Ati2evxx.exe[1040] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ] .text C:\WINDOWS\system32\Ati2evxx.exe[1040] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\Ati2evxx.exe[1040] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00A40FEF .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00A40F57 .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00A4004C .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00A4003B .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00A40F72 .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00A40014 .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00A40F30 .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00A40078 .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00A400BF .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00A400AE .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 00A400D0 .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 00A40F83 .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 00A40FDE .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 00A40067 .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 00A40F9E .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 00A40FB9 .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 00A40093 .text C:\WINDOWS\system32\svchost.exe[1076] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00A30FCA .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00A30F9B .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 00A30011 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00A30000 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00A30058 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 00A30047 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00A30FE5 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 00A30036 .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system32\svchost.exe[1076] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ] .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A .text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A .text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A .text C:\WINDOWS\system32\svchost.exe[1076] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A .text C:\WINDOWS\system32\svchost.exe[1076] WS2_32.dll!socket 71A73B91 5 Bytes JMP 00A0000A .text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetOpenA 771A6D2A 5 Bytes JMP 00A10000 .text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetOpenUrlA 771A6FDD 5 Bytes JMP 00A10038 .text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetOpenW 771B6CF3 5 Bytes JMP 00A1001B .text C:\WINDOWS\system32\svchost.exe[1076] WININET.dll!InternetOpenUrlW 771B7304 5 Bytes JMP 00A10049 .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 3E, 5F ] .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 2C, 5F ] .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F5B0F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F640F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F700F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F490F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F610F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F580F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F2E0F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F4C0F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F310F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F250F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F5E0F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F340F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F370F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 6E, 5F ] .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F430F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F6A0F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F3A0F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!EndTask 77D69C9D 6 Bytes JMP 5F280F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] user32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 47, 5F ] .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F520F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F4F0F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F550F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F670F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\Arquivos de programas\GbPlugin\GbpSv.exe[1164] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1224] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1224] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1224] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\spoolsv.exe[1224] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\spoolsv.exe[1224] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\spoolsv.exe[1224] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A0FEF .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 008A00AE .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008A009D .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 008A0082 .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008A0065 .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008A0040 .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 008A0F7C .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 008A0F8D .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008A0F35 .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008A0F50 .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F880F5A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 008A00E9 .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 008A0FB9 .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F780F5A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 008A000A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreatePipe 7C81DD9A 1 Byte [ E9 ] .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreatePipe + 2 7C81DD9C 3 Bytes [ 31, 08, 84 ] .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 008A0FD4 .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 008A001B .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 008A0F61 .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 00890039 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 00890FAF .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 0089001E .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 00890FDE .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 00890076 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F7F0F5A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 0089005B .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 00890FEF .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 0089004A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 86, 5F ] .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F820F5A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 59, 5F ] .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F330F5A .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F300F5A .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F2A0F5A .text C:\WINDOWS\system32\svchost.exe[1260] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F2D0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\cisvc.exe[1316] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 4A, 5F ] .text C:\WINDOWS\system32\cisvc.exe[1316] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\cisvc.exe[1316] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 38, 5F ] .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateFileA 7C801A24 6 Bytes JMP 5F670F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!VirtualProtect 7C801AD0 6 Bytes JMP 5F700F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F7C0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!GetProcAddress 7C80AC28 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!LoadLibraryW 7C80ACD3 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F6D0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateFileW 7C810976 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!WinExec 7C86114D 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\cisvc.exe[1316] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 7A, 5F ] .text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!SetWinEventHook 77D4E3D3 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!SetWindowsHookExW 77D4E621 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!GetWindowTextA 77D4F82E 6 Bytes JMP 5F760F5A .text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!SetWindowsHookExA 77D502B2 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!DdeConnect 77D67DBC 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!EndTask 77D69C9D 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!RegisterRawInputDevices 77D7C9AA 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\cisvc.exe[1316] USER32.dll!RegisterRawInputDevices + 4 77D7C9AE 2 Bytes [ 53, 5F ] .text C:\WINDOWS\system32\cisvc.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77F5761B 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\cisvc.exe[1316] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F730F5A .text C:\WINDOWS\system32\cisvc.exe[1316] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] SHELL32.dll!ShellExecuteExW 7CA0D5FE 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] SHELL32.dll!ShellExecuteEx 7CA0FB1C 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\cisvc.exe[1316] SHELL32.dll!ShellExecuteA 7CA0FE44 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\cisvc.exe[1316] SHELL32.dll!ShellExecuteW 7CAB2988 6 Bytes JMP 5F280F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 50, 5F ] .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 3E, 5F ] .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01660000 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 016600A8 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01660097 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0166007A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01660069 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 0166004E .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F0E0F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01660F7D .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 016600C5 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F110F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01660116 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 016600FB .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!LoadResource 7C80A065 6 Bytes JMP 5F890F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!GetProcAddress 7C80AC28 5 Bytes JMP 01660127 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!LoadLibraryW 7C80ACD3 5 Bytes JMP 01660FBD .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateRemoteThread 7C810626 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateRemoteThread + 4 7C81062A 2 Bytes [ 05, 5F ] .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateThread 7C81082F 6 Bytes JMP 5F790F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateFileW 7C810976 5 Bytes JMP 01660011 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!TerminateThread 7C81CACB 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreatePipe 7C81DD9A 5 Bytes JMP 01660F98 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateNamedPipeW 7C82631D 5 Bytes JMP 01660033 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!GetVolumeInformationA 7C827052 6 Bytes JMP 5F5F0F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!DebugActiveProcess 7C859F0B 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateNamedPipeA 7C85FA54 5 Bytes JMP 01660022 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!WinExec 7C86114D 5 Bytes JMP 016600EA .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] kernel32.dll!CreateToolhelp32Snapshot 7C8647B7 6 Bytes JMP 5F750F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegOpenKeyExW 77F56A78 5 Bytes JMP 01650FD4 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegCreateKeyExW 77F57535 5 Bytes JMP 01650FB2 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegOpenKeyExA 77F5761B 5 Bytes JMP 01650025 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegOpenKeyW 77F5770F 5 Bytes JMP 01650014 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegCreateKeyExA 77F5EAF4 5 Bytes JMP 01650FC3 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegSetValueExA 77F5EBE7 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!OpenSCManagerA 77F6ADA7 6 Bytes JMP 5F800F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegCreateKeyW 77F78F7D 5 Bytes JMP 01650065 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegOpenKeyA 77F7C41B 5 Bytes JMP 01650FEF .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!RegCreateKeyA 77F7D5BB 5 Bytes JMP 01650040 .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!LsaRemoveAccountRights 77F9AA41 6 Bytes JMP 5F0B0F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] ADVAPI32.dll!CreateServiceA 77FB7071 6 Bytes JMP 5F520F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!GetKeyState 77D2C379 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!GetAsyncKeyState 77D2D051 6 Bytes JMP 5F490F5A .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!ShowWindow 77D2D4DE 3 Bytes [ FF, 25, 1E ] .text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1352] USER32.dll!ShowWindow + 4 77D2D4E2 2 Bytes [ 87, 5F ]

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×