Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Résolu] PC infecté par ipexewin.exe

jaja33

Par jaja33
dans Analyses et éradication malwares

 Partager

Messages recommandés

jaja33 Member

jaja33

Posté(e)
  • Auteur
Posté(e) (modifié)

Voilà le lien pour le fichier

 

--- édition ipl_001--- le lien vers le fichier a été supprimé par sécurité (fichier reçu)

 

J'espère que ça va fonctionner avec ça......

 

Bon courage

Modifié par ipl_001
angelique Devil Member !

angelique

Posté(e)
Posté(e)

Merci aux lecteurs de ne pas telecharger ce fichier!!!!!!!!!!!!!!!!! DANGER!!!!

 

merci jaja33 , le .zip est reçu.

 

je te tiens au courant.Bonne soirée, ce soir je m'en vais | à demain \o/

angelique Devil Member !

angelique

Posté(e)
Posté(e)

Je vais remonter aux infos dans la matinée , en attendant fait ceci:

 

» comboFix doit absolument etre sur ton bureau

 

 

ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

Killall::
File::
C:\WINDOWS\system32\setyqsrv.dll
ADS::
C:\WINDOWS\system32:imwbi.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
"AppInit_DLLs"=""

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

 

 

CFScript-2.gif

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

jaja33 Member

jaja33

Posté(e)
  • Auteur
Posté(e)

Et voilà......nouveau rapport

 

ComboFix 08-12-05.06 - LAMBERT 2008-12-08 9:52:01.5 - NTFSx86

Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.464 [GMT 1:00]

Lancé depuis: c:\documents and settings\LAMBERT\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\LAMBERT\Bureau\CFScript.txt

* Un nouveau point de restauration a été créé

 

FILE ::

c:\windows\system32\setyqsrv.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\setyqsrv.dll

 

.

((((((((((((((((((((((((((((( Fichiers créés du 2008-11-08 au 2008-12-08 ))))))))))))))))))))))))))))))))))))

.

 

2008-12-07 19:10 . 2008-12-07 19:10 29,902,669 --a------ C:\Qoobox.zip

2008-12-07 19:05 . 2008-12-07 19:05 28,672 --a------ C:\tata.exe

2008-12-07 12:52 . 2008-12-07 18:13 250 --a------ c:\windows\gmer.ini

2008-12-07 10:20 . 2008-12-07 10:20 <REP> d-------- c:\windows\ERUNT

2008-12-07 10:13 . 2008-12-07 11:43 <REP> d-------- C:\SDFix

2008-12-07 08:54 . 2008-12-07 08:54 <REP> d-------- c:\program files\Avira

2008-12-07 08:54 . 2008-12-07 08:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira

2008-12-07 00:06 . 2008-12-07 00:06 410,984 --a------ c:\windows\system32\deploytk.dll

2008-12-06 17:16 . 2008-12-06 17:30 <REP> d-------- C:\HJT

2008-12-06 17:09 . 2008-12-06 18:40 1,864 --a------ c:\windows\system32\tmp.reg

2008-12-06 15:49 . 2008-12-06 17:55 <REP> d-------- c:\program files\Enigma Software Group

2008-12-06 10:58 . 2008-12-06 10:58 <REP> d-------- c:\documents and settings\All Users\Application Data\Fighters

2008-12-05 18:28 . 2008-12-05 18:28 <REP> d-------- c:\documents and settings\LAMBERT\Application Data\Windows Live Writer

2008-11-28 14:39 . 2008-12-06 11:05 54,156 --ah----- c:\windows\QTFont.qfn

2008-11-28 14:39 . 2008-11-28 14:39 1,409 --a------ c:\windows\QTFont.for

2008-11-18 11:01 . 2008-11-18 11:01 15,496 --a------ c:\windows\system32\drivers\vffilter.sys

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-12-08 09:02 23,524 ----a-w c:\windows\system32\drivers\GVTDrv.sys

2008-12-08 07:15 13,440 ----a-w c:\windows\GPCIDrv.sys

2008-12-06 23:06 --------- d-----w c:\program files\Java

2008-11-22 16:44 --------- d-----w c:\program files\eMule

2006-06-15 12:40 278,528 ----a-w c:\program files\Fichiers communs\FDEUnInstaller.exe

2005-05-13 15:12 217,073 --sha-r c:\windows\meta4.exe

2005-10-24 09:13 66,560 --sha-r c:\windows\MOTA113.exe

2005-10-13 19:27 422,400 --sha-r c:\windows\x2.64.exe

2005-10-07 17:14 308,224 --sha-r c:\windows\system32\avisynth.dll

2005-07-14 10:31 27,648 --sha-r c:\windows\system32\AVSredirect.dll

2005-06-26 13:32 616,448 --sha-r c:\windows\system32\cygwin1.dll

2005-06-21 20:37 45,568 --sha-r c:\windows\system32\cygz.dll

2004-01-24 22:00 70,656 --sha-r c:\windows\system32\i420vfw.dll

2006-04-27 08:24 2,945,024 --sha-r c:\windows\system32\Smab.dll

2005-02-28 11:16 240,128 --sha-r c:\windows\system32\x.264.exe

2004-01-24 22:00 70,656 --sha-r c:\windows\system32\yv12vfw.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-12-06_18.13.55.93 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE

+ 2008-12-07 09:50:41 9,723,904 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT

+ 2008-12-07 09:50:41 290,816 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat

+ 2008-08-07 14:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE

+ 2008-12-07 09:20:25 9,723,904 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT

+ 2008-12-07 09:20:25 290,816 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat

+ 2008-12-07 11:52:48 884,736 ----a-w c:\windows\gmer.dll

+ 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe

- 2008-12-06 16:57:39 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2008-12-07 08:30:04 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2008-12-06 16:57:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

+ 2008-12-07 08:30:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat

- 2008-12-06 16:57:39 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-12-07 08:30:04 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2008-05-09 11:15:48 45,376 ----a-w c:\windows\system32\drivers\avgntdd.sys

+ 2008-01-21 16:11:30 22,336 ----a-w c:\windows\system32\drivers\avgntmgr.sys

+ 2008-10-30 09:20:38 75,072 ----a-w c:\windows\system32\drivers\avipbb.sys

+ 2008-12-07 11:52:49 85,969 ----a-w c:\windows\system32\drivers\gmer.sys

+ 2007-11-08 17:03:26 21,248 ----a-w c:\windows\system32\drivers\ssmdrv.sys

- 2007-09-24 21:30:28 135,168 ----a-w c:\windows\system32\java.exe

+ 2008-12-06 23:06:09 144,792 ----a-w c:\windows\system32\java.exe

- 2007-09-24 21:30:30 135,168 ----a-w c:\windows\system32\javaw.exe

+ 2008-12-06 23:06:09 144,792 ----a-w c:\windows\system32\javaw.exe

- 2007-09-24 22:31:42 139,264 ----a-w c:\windows\system32\javaws.exe

+ 2008-12-06 23:06:09 148,888 ----a-w c:\windows\system32\javaws.exe

- 2008-10-26 17:54:30 64,574 ----a-w c:\windows\system32\perfc009.dat

+ 2008-12-06 17:16:02 64,574 ----a-w c:\windows\system32\perfc009.dat

- 2008-10-26 17:54:30 78,656 ----a-w c:\windows\system32\perfc00C.dat

+ 2008-12-06 17:16:02 78,656 ----a-w c:\windows\system32\perfc00C.dat

- 2008-10-26 17:54:30 409,052 ----a-w c:\windows\system32\perfh009.dat

+ 2008-12-06 17:16:02 409,052 ----a-w c:\windows\system32\perfh009.dat

- 2008-10-26 17:54:30 476,914 ----a-w c:\windows\system32\perfh00C.dat

+ 2008-12-06 17:16:02 476,914 ----a-w c:\windows\system32\perfh00C.dat

+ 2008-12-08 09:02:08 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c.dat

.

-- Instantané actualisé --

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-05 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-07 136600]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"vspdfprsrv.exe"="c:\program files\Visagesoft\eXPert PDF\vspdfprsrv.exe" [2006-05-04 879616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-06-15 86016]

"VGAUtil"="c:\program files\GigaByte\VGA Utility Manager\G-VGA.exe" [2005-08-16 544768]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-06 155648]

"fssui"="c:\program files\Windows Live\Contrôle parental\fssui.exe" [2007-10-17 243240]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"nwiz"="nwiz.exe" [2005-06-15 c:\windows\system32\nwiz.exe]

"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 c:\windows\RTHDCPL.EXE]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]

 

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\

Acc‚l‚rateur de d‚marrage AutoCAD.lnk - c:\program files\Fichiers communs\Autodesk Shared\acstart17.exe [2006-03-05 11000]

Acrobat Assistant.lnk - c:\program files\ADOBE\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]

Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-17 110592]

D‚marrage d'Office.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-08-28 51984]

EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2006-05-12 135680]

Gestionnaire Microsoft Office.lnk - c:\program files\Microsoft Office\Office\MSOFFICE.EXE [1997-08-28 340480]

Lancement rapide d'Adobe Reader.lnk - c:\program files\ADOBE\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Microsoft Recherche acc‚l‚r‚e.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-08-28 111376]

Phone Connection Monitor.lnk - c:\program files\Sony Ericsson\Mobile\audevicemgr.exe [2006-07-01 813056]

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-05-15 118784]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"vidc.I420"= i420vfw.dll

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\eMule\\eMule.exe"=

"c:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=

"c:\\Program Files\\GIGABYTE\\VGA Utility Manager\\G-vga.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

 

R0 iteraid;ITERAID_Service_Install;c:\windows\system32\DRIVERS\iteraid.sys [2006-05-11 25067]

R2 CycloneLicenseServer;Cyclone License Server;"c:\program files\Leica Geosystems\Cyclone\CyraLicense.exe" "c:\program files\Leica Geosystems\Cyclone\" [2006-05-15 643072]

R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-01-27 43816]

R2 fsssvc;Windows Live OneCare Contrôle parental;"c:\program files\Windows Live\Contrôle parental\fsssvc.exe" [2007-10-17 523816]

R2 Leica HDS Server;Leica HDS Server;"c:\program files\Leica Geosystems\Cyclone\ptserv32.exe" -config "c:\program files\Leica Geosystems\Cyclone\ptserver.cfg" [2006-05-15 577655]

R3 GPCIDrv;GPCIDrv;\??\c:\windows\GPCIDrv.sys [2007-12-01 13440]

R3 GVTDrv;GVTDrv;\??\c:\windows\system32\Drivers\GVTDrv.sys [2007-12-01 23524]

S3 FTLUND;Lundinova Filter Driver;c:\windows\system32\drivers\ftlund.sys [2006-07-03 6828]

S3 Vfscan;Vfscan;c:\windows\system32\DRIVERS\vffilter.sys [2008-11-18 15496]

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]

\Shell\AutoRun\command - F:\laucher.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{40be8cc0-a2b4-11dd-90dc-001485ec525e}]

\Shell\AutoRun\command - F:\laucher.exe

.

Contenu du dossier 'Tâches planifiées'

 

2008-01-27 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]

.

- - - - ORPHELINS SUPPRIMES - - - -

 

BHO-{9D4F8C23-5CB0-1D50-FEA7-C1C9905EF05F} - c:\windows\xcsle1.dll

HKLM-RunOnce-*rh - c:\windows\system32:imwbi.exe

 

 

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-12-08 10:02:22

Windows 5.1.2600 Service Pack 2 NTFS

 

Recherche de processus cachés ...

 

Recherche d'éléments en démarrage automatique cachés ...

 

Recherche de fichiers cachés ...

 

 

c:\windows\system32:imwbi.exe 130759 bytes executable

 

Scan terminé avec succès

Fichiers cachés: 1

 

**************************************************************************

.

------------------------ Autres processus actifs ------------------------

.

c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe

c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe

c:\program files\Leica Geosystems\Cyclone\CyraLicense.exe

c:\program files\Fichiers communs\EPSON\EBAPI\SAgent2.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Leica Geosystems\Cyclone\ptserv32.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\progra~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE

c:\program files\Intuwave Ltd\Shared\mRouterRunTime\mRouterRuntime.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\wbem\wmiapsrv.exe

c:\progra~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE

.

**************************************************************************

.

Heure de fin: 2008-12-08 10:05:32 - La machine a redémarré

ComboFix-quarantined-files.txt 2008-12-08 09:05:29

ComboFix2.txt 2008-12-07 08:44:28

ComboFix3.txt 2008-12-06 19:46:12

ComboFix4.txt 2008-12-06 18:59:51

ComboFix5.txt 2008-12-08 08:50:50

 

Avant-CF: 10 387 062 784 octets libres

Après-CF: 10,395,701,248 octets libres

 

194

angelique Devil Member !

angelique

Posté(e)
Posté(e)

c'est pas du gateau !

 

quelques infos:

tu avais un stealer (pinch) depuis un moment qui avait la possibilité de remonter tous tes faits & gestes, change tous tes mots de passes locaux et distants (site,banque.....)

 

 

reposte un nouveau rapport Gmer avant de partir stp :P

jaja33 Member

jaja33

Posté(e)
  • Auteur
Posté(e)

Voilà le rapport Gmer

Et désolé, je n'ai pas eu ton message avant de partir!!

 

GMER 1.0.14.14536 - http://www.gmer.net

Rootkit scan 2008-12-08 15:44:15

Windows 5.1.2600 Service Pack 2

 

 

---- System - GMER 1.0.14 ----

 

SSDT F7C6513C ZwCreateThread

SSDT F7C65128 ZwOpenProcess

SSDT F7C6512D ZwOpenThread

SSDT F7C65137 ZwTerminateProcess

SSDT F7C65132 ZwWriteVirtualMemory

 

---- Kernel code sections - GMER 1.0.14 ----

 

? Combo-Fix.sys Le fichier spécifié est introuvable. !

? C:\ComboFix\catchme.sys Le chemin d'accès spécifié est introuvable. !

? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. !

 

---- User code sections - GMER 1.0.14 ----

 

.text C:\WINDOWS\system32\nvsvc32.exe[504] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\nvsvc32.exe[504] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\nvsvc32.exe[504] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\nvsvc32.exe[504] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\nvsvc32.exe[504] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\nvsvc32.exe[504] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\nvsvc32.exe[504] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\nvsvc32.exe[504] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\nvsvc32.exe[504] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\nvsvc32.exe[504] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\nvsvc32.exe[504] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F5, E9 ]

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\nvsvc32.exe[504] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\nvsvc32.exe[504] WS2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\WINDOWS\system32\nvsvc32.exe[504] WS2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\WINDOWS\system32\nvsvc32.exe[504] WS2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 91, 4A, F5, 91, 92, F5, F3, ... ]

.text C:\WINDOWS\system32\nvsvc32.exe[504] WS2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 99, F5, F3, 9F, 91, F2, 48, ... ]

.text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\svchost.exe[616] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\svchost.exe[616] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ F8, E9 ]

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\svchost.exe[616] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\svchost.exe[616] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\wdfmgr.exe[656] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\wdfmgr.exe[656] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\wdfmgr.exe[656] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\wdfmgr.exe[656] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\wdfmgr.exe[656] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\wdfmgr.exe[656] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\wdfmgr.exe[656] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\wdfmgr.exe[656] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\wdfmgr.exe[656] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\wdfmgr.exe[656] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 42, E9 ]

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\wdfmgr.exe[656] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\WINDOWS\system32\wdfmgr.exe[656] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 2F, E9 ]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] USER32.dll!DialogBoxParamW 7E3A555F 5 Bytes JMP 4437F2C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] USER32.dll!DialogBoxIndirectParamW 7E3B2032 5 Bytes JMP 4451166F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] USER32.dll!MessageBoxIndirectA 7E3BA04A 5 Bytes JMP 445115F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] USER32.dll!DialogBoxParamA 7E3BB10C 5 Bytes JMP 44511634 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] USER32.dll!MessageBoxExW 7E3D05D8 5 Bytes JMP 4451157C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] USER32.dll!MessageBoxExA 7E3D05FC 5 Bytes JMP 445115B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] USER32.dll!DialogBoxIndirectParamA 7E3D6B50 5 Bytes JMP 445116AA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] USER32.dll!MessageBoxIndirectW 7E3E62AB 5 Bytes JMP 443A1676 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] PSAPI.DLL!EnumProcessModules 76BA1F1C 5 Bytes JMP 3EE8E944

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ws2_32.dll!connect + 2 719F406C 6 Bytes JMP 3EE8999A

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ws2_32.dll!gethostbyname + 2 719F4FD6 9 Bytes JMP 3EE89966

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ws2_32.dll!WSAAsyncGetHostByName + 2 719FE987 13 Bytes [ 2F, 92, F2, 99, 48, 40, F3, ... ]

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1324] ws2_32.dll!WSAConnect + 2 71A00C6B 14 Bytes [ 40, 4A, F5, FC, 90, FC, F5, ... ]

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 98, E9 ]

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

.text C:\Program Files\Windows Live\Messenger\usnsvc.exe[1428] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] USER32.DLL!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 49, E9 ]

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\Documents and Settings\LAMBERT\Bureau\gmer\gmer\gmer.exe[2484] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ntdll.dll!NtQueryDirectoryFile 7C91DF5E 5 Bytes JMP 3EE8AD8B

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ntdll.dll!NtQueryInformationFile 7C91DFDC 5 Bytes JMP 3EE8FA70

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ntdll.dll!NtQuerySystemInformation 7C91E1AA 5 Bytes JMP 3EE8D78F

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ntdll.dll!NtReadVirtualMemory 7C91E2BB 5 Bytes JMP 3EE8E76A

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ntdll.dll!NtVdmControl 7C91E975 5 Bytes JMP 3EE8ABBE

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ntdll.dll!NtWriteVirtualMemory 7C91EA32 5 Bytes JMP 3EE8A79A

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ntdll.dll!LdrLoadDll 7C9261CA 5 Bytes JMP 3EE87B6B

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ntdll.dll!LdrUnloadDll 7C92718B 5 Bytes JMP 3EE88CE2

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ntdll.dll!RtlQueryProcessDebugInformation + 2 7C9638ED 6 Bytes JMP 3EE8DE20

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!CreateFileA + 2 7C801A26 6 Bytes JMP 3EE8D16F

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 3EE89627

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!LoadLibraryExA + 2 7C801D51 6 Bytes JMP 3EE88D00

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!LoadLibraryA + 2 7C801D79 7 Bytes JMP 3EE88969

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!ReadProcessMemory + 2 7C8021CE 6 Bytes JMP 3EE8AE50

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!WriteProcessMemory + 2 7C802211 5 Bytes JMP 3EE8D357

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!CreateProcessW + 2 7C802334 5 Bytes JMP 3EE88471

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!CreateProcessA + 2 7C802369 5 Bytes JMP 3EE87E6A

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!FreeLibrary + 2 7C80ABE0 7 Bytes JMP 3EE89430

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!GetProcAddress + 2 7C80ADA2 5 Bytes JMP 3EE88CEB

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!LoadLibraryW + 2 7C80AE4D 5 Bytes JMP 3EE88AAE

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!GetFileAttributesW + 2 7C80B74E 6 Bytes JMP 3EE8F4A7

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!FreeLibraryAndExitThread + 2 7C80C172 6 Bytes JMP 3EE88C1E

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!FindFirstFileExW + 2 7C80EA7F 9 Bytes JMP 3EE8EF72

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!FindFirstFileW + 2 7C80EEE3 5 Bytes JMP 3EE8F148

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!FindNextFileW 7C80EF3A 7 Bytes JMP 3EE8E15E

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!CreateFileW + 2 7C810762 6 Bytes JMP 3EE8C788

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!GetFileAttributesExW + 2 7C8110F7 6 Bytes JMP 3EE8DDD7

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!GetFileAttributesA + 2 7C81153E 6 Bytes JMP 3EE8EB6D

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!SetFileAttributesA + 2 7C812784 6 Bytes JMP 3EE8D522

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!GetFileAttributesExA + 2 7C8137B3 6 Bytes JMP 3EE8F856

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!FindFirstFileA + 2 7C8137DB 9 Bytes JMP 3EE8F819

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!ExitProcess + 2 7C81CDDC 5 Bytes JMP 3EE881E8

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 3EE8BFD9

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 3EE8BEDF

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!OpenProcess + 2 7C8309E3 6 Bytes JMP 3EE8B816

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!SetFileAttributesW + 2 7C8314D7 6 Bytes JMP 3EE8F879

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!DeleteFileA + 2 7C831EAD 6 Bytes JMP 3EE8D6CC

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!DeleteFileW + 2 7C831F33 6 Bytes JMP 3EE8EC8B

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!FindNextFileA + 2 7C834EB3 9 Bytes JMP 3EE89D1C

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!MoveFileExW + 2 7C83565D 6 Bytes JMP 3EE8DC00

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!MoveFileWithProgressA + 2 7C835EB0 6 Bytes JMP 3EE8B424

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!FindFirstFileExA + 2 7C85C514 9 Bytes JMP 3EE8EBA3

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!MoveFileExA + 2 7C85D4C5 6 Bytes JMP 3EE8DAAC

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!_lopen + 2 7C85E832 6 Bytes JMP 3EE8D03C

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!WinExec + 2 7C86136F 6 Bytes JMP 3EE8955F

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!Process32FirstW + 2 7C863D2E 6 Bytes JMP 3EE8F958

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!Process32First + 2 7C863DE7 9 Bytes JMP 3EE8A114

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!Process32NextW + 2 7C863EB9 6 Bytes JMP 3EE8B40E

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!Process32Next + 2 7C863F5A 9 Bytes JMP 3EE8E598

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!Thread32First + 2 7C86402C 6 Bytes JMP 3EE8D8D7

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!Thread32Next + 2 7C8640E0 6 Bytes JMP 3EE8AF57

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!Module32FirstW + 2 7C864179 6 Bytes JMP 3EE8C17E

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!Module32First + 2 7C864232 9 Bytes JMP 3EE8F2C5

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!Module32NextW + 2 7C864316 6 Bytes JMP 3EE8DDAD

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!Module32Next + 2 7C8643B7 9 Bytes JMP 3EE8B2AB

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!GetBinaryTypeW 7C867B9C 5 Bytes JMP 3EE8EC64

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] kernel32.dll!GetBinaryType + 2 7C867FFD 6 Bytes JMP 3EE8BDA1

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] USER32.dll!ExitWindowsEx + 2 7E3DA047 6 Bytes JMP 3EE8848C

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegOpenKeyExW + 2 77DA6A7A 6 Bytes JMP 3EE8C527

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegCloseKey + 2 77DA6BF2 2 Bytes [ 9F, E9 ]

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegCloseKey + 5 77DA6BF5 3 Bytes [ 87, 0E, C7 ]

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegQueryValueExW + 2 77DA6FCA 6 Bytes JMP 3EE8B3AE

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegCreateKeyExW + 2 77DA7537 6 Bytes JMP 3EE8F37C

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegOpenKeyExA + 2 77DA761D 6 Bytes JMP 3EE8EB4B

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegQueryValueExA + 2 77DA7885 6 Bytes JMP 3EE8BF44

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegEnumValueW + 2 77DA8083 6 Bytes JMP 3EE8B931

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegSetValueExW 77DAD7CC 7 Bytes JMP 3EE8B6D6

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegQueryValueW + 2 77DAD8E4 6 Bytes JMP 3EE8CE31

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegCreateKeyExA + 2 77DAEAF6 6 Bytes JMP 3EE8F4CB

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegSetValueExA 77DAEBE7 7 Bytes JMP 3EE8C8CD

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegDeleteValueA + 2 77DAEDE7 6 Bytes JMP 3EE8F931

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegDeleteValueW + 2 77DAEEF3 6 Bytes JMP 3EE8AB59

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegSetValueA + 2 77DB6F4B 5 Bytes JMP 3EE8B1B8

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!SetFileSecurityW + 2 77DBAA6B 6 Bytes JMP 3EE8B984

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegEnumValueA + 2 77DBCF4C 6 Bytes JMP 3EE8AE48

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!SetNamedSecurityInfoW + 2 77DC1287 6 Bytes JMP 3EE8CD2A

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!CreateProcessAsUserW + 2 77DC7777 6 Bytes JMP 3EE88F4B

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegDeleteKeyW + 2 77DC9886 6 Bytes JMP 3EE8A048

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!GetFileSecurityW + 2 77DCBCE0 6 Bytes JMP 3EE8A450

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegDeleteKeyA + 2 77DCC125 6 Bytes JMP 3EE8B010

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegQueryInfoKeyA + 2 77DCC1B7 6 Bytes JMP 3EE8CE16

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegOpenKeyA + 2 77DCC41D 6 Bytes JMP 3EE8C2F7

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegQueryValueA + 2 77DCCC12 6 Bytes JMP 3EE8C914

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegQueryInfoKeyW + 2 77DCCCF1 6 Bytes JMP 3EE8A9EF

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!GetNamedSecurityInfoW + 2 77DCD07A 7 Bytes JMP 3EE8B510

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegCreateKeyA + 2 77DCD5BD 6 Bytes JMP 3EE8B600

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!SetFileSecurityA + 2 77DDD2FF 5 Bytes JMP 3EE8D7B0

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!GetFileSecurityA + 2 77DDD365 5 Bytes JMP 3EE8D1AA

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!CreateProcessAsUserA + 2 77DE095A 6 Bytes JMP 3EE87EDE

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!CreateProcessWithLogonW 77DE5C9D 5 Bytes JMP 3EE883FD

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!GetNamedSecurityInfoA + 2 77DF1546 7 Bytes JMP 3EE8B58C

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!SetNamedSecurityInfoA + 2 77DF1592 7 Bytes JMP 3EE8F431

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegQueryMultipleValuesA + 2 77E0553D 6 Bytes JMP 3EE89DB9

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegQueryMultipleValuesW + 2 77E0589F 6 Bytes JMP 3EE8CFD7

.text C:\WINDOWS\system32\WISPTIS.EXE[2736] ADVAPI32.dll!RegSetValueW + 2 77E05FC4 5 Bytes JMP 3EE8EB3D

 

---- Devices - GMER 1.0.14 ----

 

AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr.sys (Family Safety Filter Driver/Microsoft Corporation)

 

---- Registry - GMER 1.0.14 ----

 

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32:imwbi.exe

 

---- Files - GMER 1.0.14 ----

 

ADS C:\WINDOWS\system32:imwbi.exe 130759 bytes executable

 

---- EOF - GMER 1.0.14 ----

 

angelique Devil Member !

angelique

Posté(e)
Posté(e)

• ouvre une invite de commande [executer--> CMD]et ecrit en respectant les espaces et "" ""

 

notepad "c:\windows\system32:iwbi.exe"

 

 

» enregistre le fichier bloc note qui s'ouvre sous le nom malware.dat sur ton bureau (type de fichier "tous les fichiers" c'est important)

 

et envoie le là: http://secubox.gateweb.org/mad.php ou un lien sendspace comme precedemment

 

• tu as toujours catchme en c:\

 

» toujours dans l'invite de commande :

 

cd c:\

catchme.exe -k c:\windows\system32:iwbi.exe

exit

 

• redemarre le pc

 

• as tu catchme.zip ou .log sur ton bureau (en c:\ ?)si oui upload le : http://secubox.gateweb.org/mad.php

 

• telecharge turlututu.reg si tu l'as plus sur ton bureau , double clic dessus et accepte la fusion au registre

 

http://www.sendspace.com/file/jlhe23

 

le contenu du reg a ceci:

 

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
"AppInit_DLLs"=""

jaja33 Member

jaja33

Posté(e)
  • Auteur
Posté(e)

Qaund je fais ça avec la commande.......il me met un message d'erreur

 

Impossible de trouver le fichier iwbi.exe

Voulez-vous en créer un nouveau?

 

J e fais quoi?

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...