یه مشکل عجیب برای سیستم

**amir-aa** · 21-05-2012, 19:49

سلام دوستان خوبم من مشکلم با نرم افزار فایرفاکسه که یکدفعه شش هفت بار اتوماتیک باز میشه و مسیر یک سایت فیلتر شده رو پیمایش میکنه.
خودم آنتی ویروس بیت دیفندر اورجینال داشتم اما هیچی پیدا نکرد از سیستم های دیگه مثل avast,mcafee استفاده کردم اما اونا هم حتی یک مورد پیدا نکردند.درضمن اسکن در حالت بوت تایم رو هم انجام دادم.
یکی از اقدامات دیگه استفاده از سیستم spycleanerبود.از اون هم استفاده کردم چون احتمال وجود سیستم جاسوسی وجود داشت اما اونهم کاری از پیش نبرد.دلیل اینکه این احتمال رو دادم این بود که من توی ویندوز قبلی هم همین مشکل را داشتم در حالی که امنیت سیستم صد در صد تامین بود و البته در ویندوز قبلی یکسری نشونه های مرموز هم وجود داشت

چیکار کنم؟؟؟؟؟

***Batman*** · 22-05-2012, 00:09

سلام.
شما برنامه [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ] را از سایت خودش دانلود کنید.
برنامه های در حال اجرا را ببندید ، اینترنت را قطع کنید ، آنتی ویروس و فایروال را غیرفعال کنید.
GMER بعد از اجرا یه اسکن سریع انجام میده و اگر موردی پیدا کنه گزارش میده.
روی دکمه Scan کلیک کنید و صبر کنید تا اسکنش تموم بشه.
اگر موردی پیدا کنه با رنگ قرمز نشون میده.
بعد از اسکن میتونید روی گزینه Save کلیک کنید و فایل گزارش بسازید.بعد فایل رو اینجا آپلود کنید تا بررسی کنیم.

**amir-aa** · 22-05-2012, 10:41

سلام آقا ریپورتش رو ضمیمه کردم ولی هیچ موردی پیدا نکرد
GMER 1.0.15.15641 - [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]
Rootkit scan 2012-05-22 11

45
Windows 6.1.7601 Service Pack 1 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T0L0-4 WDC_WD5000AADS-00S9B0 rev.01.00A01
Running: cevs1syr.exe; Driver: C:\Users\AHMADA~1\AppData\Local\Temp\fwryipob.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8D9354FE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8D935322]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8D93545C]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x88A61098]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0x88A610C2]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x88A610AE]
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0x88A61084]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 82C745C5 5 Bytes JMP 88A61088 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
.text ntkrnlpa.exe!ZwSaveKey + 13D1 82C86349 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CBFD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[352] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 00AA0000
.text C:\Windows\system32\svchost.exe[352] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 00AA0025
.text C:\Windows\system32\svchost.exe[352] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 00AA0FEF
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 00A90F28
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 00A9008E
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 00A90EF9
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 00A90FC0
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 00A90F6F
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 00A90F9B
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 00A90F80
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 00A900A9
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 00A90022
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 00A90062
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 00A90000
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 00A90FEF
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 00A90033
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 00A90F39
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 00A90011
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 00A90073
.text C:\Windows\system32\svchost.exe[352] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 00A90F4A
.text C:\Windows\system32\svchost.exe[352] msvcrt.dll!_open 756D7E48 5 Bytes JMP 00AB0000
.text C:\Windows\system32\svchost.exe[352] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 00AB0FC8
.text C:\Windows\system32\svchost.exe[352] msvcrt.dll!system 7570B16F 5 Bytes JMP 00AB0FD9
.text C:\Windows\system32\svchost.exe[352] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 00AB002E
.text C:\Windows\system32\svchost.exe[352] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 00AB0049
.text C:\Windows\system32\svchost.exe[352] msvcrt.dll!_wopen 75710570 5 Bytes JMP 00AB001D
.text C:\Windows\system32\svchost.exe[352] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 00510FEF
.text C:\Windows\system32\svchost.exe[352] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 00510FA1
.text C:\Windows\system32\svchost.exe[352] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 00510F86
.text C:\Windows\system32\svchost.exe[352] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 00510028
.text C:\Windows\system32\svchost.exe[352] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 00510FDE
.text C:\Windows\system32\svchost.exe[352] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 00510F75
.text C:\Windows\system32\svchost.exe[352] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 00510FB2
.text C:\Windows\system32\svchost.exe[352] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 00510FC3
.text C:\Windows\system32\services.exe[548] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 00250000
.text C:\Windows\system32\services.exe[548] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 00250FE5
.text C:\Windows\system32\services.exe[548] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 00250025
.text C:\Windows\system32\services.exe[548] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 001C0F50
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 001C00B6
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 001C0F21
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 001C0040
.text C:\Windows\system32\services.exe[548] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 001C0065
.text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 001C0FB2
.text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 001C0F97
.text C:\Windows\system32\services.exe[548] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 001C0F06
.text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 001C0FDE
.text C:\Windows\system32\services.exe[548] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 001C008A
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 001C0014
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 001C0FEF
.text C:\Windows\system32\services.exe[548] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 001C0FC3
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 001C0F61
.text C:\Windows\system32\services.exe[548] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 001C002F
.text C:\Windows\system32\services.exe[548] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 001C009B
.text C:\Windows\system32\services.exe[548] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 001C0F72
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_open 756D7E48 5 Bytes JMP 00680000
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 0068004E
.text C:\Windows\system32\services.exe[548] msvcrt.dll!system 7570B16F 5 Bytes JMP 00680FC3
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 00680029
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 00680FD4
.text C:\Windows\system32\services.exe[548] msvcrt.dll!_wopen 75710570 5 Bytes JMP 00680FEF
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 00690FEF
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 00690FAF
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 00690047
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 00690036
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 00690FD4
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 00690F8A
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 0069001B
.text C:\Windows\system32\services.exe[548] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 0069000A
.text C:\Windows\system32\services.exe[548] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 006A0FEF
.text C:\Windows\system32\lsass.exe[564] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 00110FE5
.text C:\Windows\system32\lsass.exe[564] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 00110011
.text C:\Windows\system32\lsass.exe[564] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 00110000
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 00100F4D
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 00100F10
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 00100F21
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 00100036
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 00100F8A
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 00100062
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 00100FA5
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 001000B6
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 00100FCA
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 0010009B
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 00100014
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 00100FEF
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 00100051
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 00100F5E
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 00100025
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 00100F3C
.text C:\Windows\system32\lsass.exe[564] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 00100F79
.text C:\Windows\system32\lsass.exe[564] msvcrt.dll!_open 756D7E48 5 Bytes JMP 00120000
.text C:\Windows\system32\lsass.exe[564] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 00120FA6
.text C:\Windows\system32\lsass.exe[564] msvcrt.dll!system 7570B16F 5 Bytes JMP 00120FB7
.text C:\Windows\system32\lsass.exe[564] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 00120FD2
.text C:\Windows\system32\lsass.exe[564] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 00120027
.text C:\Windows\system32\lsass.exe[564] msvcrt.dll!_wopen 75710570 5 Bytes JMP 00120FE3
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 00130000
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 00130FC0
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 00130F9E
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 00130FAF
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 00130FE5
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 0013005B
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 0013002C
.text C:\Windows\system32\lsass.exe[564] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 0013001B
.text C:\Windows\system32\lsass.exe[564] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 005A0FEF
.text C:\Windows\system32\svchost.exe[680] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 0026000A
.text C:\Windows\system32\svchost.exe[680] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 00260FD4
.text C:\Windows\system32\svchost.exe[680] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 00260FEF
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 002500D5
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 00250F69
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 00250108
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 0025003D
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 0025009F
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 00250FD1
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 0025008E
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 00250F58
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 00250058
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 002500E6
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 00250011
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 00250000
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 00250073
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 00250FAC
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 0025002C
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 002500F7
.text C:\Windows\system32\svchost.exe[680] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 002500BA
.text C:\Windows\system32\svchost.exe[680] msvcrt.dll!_open 756D7E48 5 Bytes JMP 00390FEF
.text C:\Windows\system32\svchost.exe[680] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 0039003D
.text C:\Windows\system32\svchost.exe[680] msvcrt.dll!system 7570B16F 5 Bytes JMP 00390FBC
.text C:\Windows\system32\svchost.exe[680] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 00390011
.text C:\Windows\system32\svchost.exe[680] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 0039002C
.text C:\Windows\system32\svchost.exe[680] msvcrt.dll!_wopen 75710570 5 Bytes JMP 00390000
.text C:\Windows\system32\svchost.exe[680] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 003A000A
.text C:\Windows\system32\svchost.exe[680] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 003A002F
.text C:\Windows\system32\svchost.exe[680] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 003A0F9E
.text C:\Windows\system32\svchost.exe[680] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 003A0040
.text C:\Windows\system32\svchost.exe[680] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 003A0FEF
.text C:\Windows\system32\svchost.exe[680] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 003A0F8D
.text C:\Windows\system32\svchost.exe[680] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 003A0FC3
.text C:\Windows\system32\svchost.exe[680] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 003A0FDE
.text C:\Windows\system32\svchost.exe[680] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 003F0FE5
.text C:\Windows\system32\svchost.exe[780] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 001E0FEF
.text C:\Windows\system32\svchost.exe[780] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 001E0FC3
.text C:\Windows\system32\svchost.exe[780] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 001E0FD4
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 001D0076
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 001D00A2
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 001D0F0D
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 001D001B
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 001D0F79
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 001D0F94
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 001D0051
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 001D00BD
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 001D0FAF
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 001D0087
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 001D0FE5
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 001D0000
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 001D0040
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 001D0F4D
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 001D0FCA
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 001D0F28
.text C:\Windows\system32\svchost.exe[780] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 001D0F5E
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!_open 756D7E48 5 Bytes JMP 001F0FEF
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 001F003F
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!system 7570B16F 5 Bytes JMP 001F002E
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 001F000C
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 001F001D
.text C:\Windows\system32\svchost.exe[780] msvcrt.dll!_wopen 75710570 5 Bytes JMP 001F0FD2
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 00200FEF
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 00200F9E
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 00200F7C
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 00200F8D
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 00200FD4
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 0020002F
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 00200014
.text C:\Windows\system32\svchost.exe[780] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 00200FC3
.text C:\Windows\system32\svchost.exe[780] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 00250FEF
.text C:\Windows\System32\svchost.exe[876] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 00700FEF
.text C:\Windows\System32\svchost.exe[876] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 0070001E
.text C:\Windows\System32\svchost.exe[876] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 00700FDE
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 006F0F4A
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 006F0F03
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 006F0F14
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 006F0025
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 006F0F80
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 006F0FA5
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 006F0058
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 006F00A9
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 006F0036
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 006F008E
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 006F0FD4
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 006F0FE5
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 006F0047
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 006F0F65
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 006F000A
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 006F0F25
.text C:\Windows\System32\svchost.exe[876] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 006F0069
.text C:\Windows\System32\svchost.exe[876] msvcrt.dll!_open 756D7E48 5 Bytes JMP 00710FEF
.text C:\Windows\System32\svchost.exe[876] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 0071003B
.text C:\Windows\System32\svchost.exe[876] msvcrt.dll!system 7570B16F 5 Bytes JMP 00710FB0
.text C:\Windows\System32\svchost.exe[876] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 00710FD2
.text C:\Windows\System32\svchost.exe[876] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 00710FC1
.text C:\Windows\System32\svchost.exe[876] msvcrt.dll!_wopen 75710570 5 Bytes JMP 00710000
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 00720FEF
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 00720F9E
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 00720036
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 00720025
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 00720FCA
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 00720047
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 00720FB9
.text C:\Windows\System32\svchost.exe[876] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 0072000A
.text C:\Windows\System32\svchost.exe[876] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 00790FEF
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 005C0FEF
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 005C0FD4
.text C:\Windows\System32\svchost.exe[928] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 005C000A
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 0057009F
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 005700F7
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 005700DC
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 00570022
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 00570073
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 00570058
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 00570F9B
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 00570F3D
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 00570FB6
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 005700B0
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 00570FE5
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 00570000
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 0057003D
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 0057008E
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 00570011
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 005700C1
.text C:\Windows\System32\svchost.exe[928] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 00570F76
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_open 756D7E48 5 Bytes JMP 0061000C
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 0061005A
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!system 7570B16F 5 Bytes JMP 0061003F
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 0061002E
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 00610FCF
.text C:\Windows\System32\svchost.exe[928] msvcrt.dll!_wopen 75710570 5 Bytes JMP 0061001D
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 00620000
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 00620FD4
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 00620076
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 0062005B
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 00620FE5
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 00620091
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 00620036
.text C:\Windows\System32\svchost.exe[928] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 0062001B
.text C:\Windows\System32\svchost.exe[928] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 00630000
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 007E0FE5
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 007E001B
.text C:\Windows\system32\svchost.exe[976] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 007E0000
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 007900B3
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 00790F5E
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 00790F6F
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 00790040
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 00790087
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 00790FB9
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 0079006C
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 00790F43
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 00790051
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 007900CE
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 0079000A
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 00790FEF
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 00790FD4
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 007900A2
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 0079001B
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 007900E9
.text C:\Windows\system32\svchost.exe[976] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 00790F94
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_open 756D7E48 5 Bytes JMP 00CC0FEF
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 00CC001B
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!system 7570B16F 5 Bytes JMP 00CC0F90
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 00CC0FB5
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 00CC000A
.text C:\Windows\system32\svchost.exe[976] msvcrt.dll!_wopen 75710570 5 Bytes JMP 00CC0FD2
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 00CE000A
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 00CE0036
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 00CE0051
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 00CE0FAF
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 00CE001B
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 00CE0062
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 00CE0FCA
.text C:\Windows\system32\svchost.exe[976] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 00CE0FE5
.text C:\Windows\system32\svchost.exe[976] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 00CF0FEF
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 00600000
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 00600011
.text C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 00600FDB
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 005B0073
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 005B0F0A
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 005B0095
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 005B0FC0
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 005B0047
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 005B0F8A
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 005B0F6F
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 005B00BA
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 005B002C
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 005B0084
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 005B0000
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 005B0FE5
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 005B0F9B
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 005B0058
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 005B0011
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 005B0F25
.text C:\Windows\system32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 005B0F4A
.text C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_open 756D7E48 5 Bytes JMP 00610000
.text C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 0061003F
.text C:\Windows\system32\svchost.exe[1108] msvcrt.dll!system 7570B16F 5 Bytes JMP 00610FB4
.text C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 00610FE3
.text C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 0061002E
.text C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_wopen 75710570 5 Bytes JMP 0061001D
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 00620000
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 00620051
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 0062006C
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 00620FCA
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 00620FE5
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 00620FAF
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 00620036
.text C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 0062001B
.text C:\Windows\system32\svchost.exe[1108] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 00640000
.text C:\Windows\system32\svchost.exe[1276] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 00610000
.text C:\Windows\system32\svchost.exe[1276] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 00610036
.text C:\Windows\system32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 00610011
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 005C0F4D
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 005C00BD
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 005C00AC
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 005C002C
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 005C0F8D
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 005C0FAF
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 005C0F9E
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 005C00CE
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 005C003D
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 005C0091
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 005C000A
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 005C0FEF
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 005C0FC0
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 005C0F68
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 005C001B
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 005C0F28
.text C:\Windows\system32\svchost.exe[1276] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 005C0076
.text C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_open 756D7E48 5 Bytes JMP 0066000C
.text C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 0066001D
.text C:\Windows\system32\svchost.exe[1276] msvcrt.dll!system 7570B16F 5 Bytes JMP 00660F9C
.text C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 00660FD2
.text C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 00660FB7
.text C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_wopen 75710570 5 Bytes JMP 00660FE3
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 006F000A
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 006F005B
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 006F0076
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 006F0FD4
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 006F0FEF
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 006F0087
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 006F0040
.text C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 006F0025
.text C:\Windows\system32\svchost.exe[1276] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 00700000
.text C:\Windows\Explorer.EXE[1440] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 03220000
.text C:\Windows\Explorer.EXE[1440] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 03220FD4
.text C:\Windows\Explorer.EXE[1440] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 03220FEF
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 0309007D
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 03090F14
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 030900B3
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 03090FCA
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 03090062
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 0309003D
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 03090F8A
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 030900C4
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 03090FAF
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 03090F43
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 0309000A
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 03090FEF
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 0309002C
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 03090F54
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 0309001B
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 030900A2
.text C:\Windows\Explorer.EXE[1440] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 03090F6F
.text C:\Windows\Explorer.EXE[1440] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 03080FEF
.text C:\Windows\Explorer.EXE[1440] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 03080FB9
.text C:\Windows\Explorer.EXE[1440] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 0308004A
.text C:\Windows\Explorer.EXE[1440] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 03080F9E
.text C:\Windows\Explorer.EXE[1440] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 03080FDE
.text C:\Windows\Explorer.EXE[1440] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 03080F8D
.text C:\Windows\Explorer.EXE[1440] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 0308002F
.text C:\Windows\Explorer.EXE[1440] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 03080014
.text C:\Windows\Explorer.EXE[1440] msvcrt.dll!_open 756D7E48 5 Bytes JMP 03460FE3
.text C:\Windows\Explorer.EXE[1440] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 0346001D
.text C:\Windows\Explorer.EXE[1440] msvcrt.dll!system 7570B16F 5 Bytes JMP 0346000C
.text C:\Windows\Explorer.EXE[1440] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 03460FB7
.text C:\Windows\Explorer.EXE[1440] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 03460FA6
.text C:\Windows\Explorer.EXE[1440] msvcrt.dll!_wopen 75710570 5 Bytes JMP 03460FD2
.text C:\Windows\Explorer.EXE[1440] WININET.dll!InternetOpenA 75E24E33 5 Bytes JMP 03470FEF
.text C:\Windows\Explorer.EXE[1440] WININET.dll!InternetOpenUrlA 75E2BFCE 5 Bytes JMP 0347000A
.text C:\Windows\Explorer.EXE[1440] WININET.dll!InternetOpenW 75E5C02E 5 Bytes JMP 03470FD4
.text C:\Windows\Explorer.EXE[1440] WININET.dll!InternetOpenUrlW 75E8D70A 5 Bytes JMP 03470FB9
.text C:\Windows\Explorer.EXE[1440] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 03B10FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 00E80FE5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 00E80014
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 00E80FD4
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 00E70F72
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 00E70F4D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 00E700E2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 00E7004A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 00E7008A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 00E70065
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 00E70FB2
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 00E70F3C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 00E70FDE
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 00E700B6
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 00E7000A
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 00E70FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 00E70FCD
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 00E7009B
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 00E7002F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 00E700C7
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 00E70F8D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] msvcrt.dll!_open 756D7E48 5 Bytes JMP 00EA0000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 00EA005D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] msvcrt.dll!system 7570B16F 5 Bytes JMP 00EA0FC8
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 00EA001D
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 00EA0038
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] msvcrt.dll!_wopen 75710570 5 Bytes JMP 00EA0FE3
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 00790FEF
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 00790011
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 00790F80
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 0079002C
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 00790FCA
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 00790F6F
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 00790FA5
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 00790000
.text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[1716] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 00E90000
.text C:\Windows\system32\svchost.exe[1724] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 0062000A
.text C:\Windows\system32\svchost.exe[1724] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 00620FEF
.text C:\Windows\system32\svchost.exe[1724] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 00620025
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 00610F57
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 0061009B
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 00610F06
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 00610014
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 00610F72
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 00610040
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 00610F83
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 00610EEB
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 0061002F
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 00610F3C
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 00610FD4
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 00610FEF
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 00610FA8
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 00610076
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 00610FB9
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 00610F21
.text C:\Windows\system32\svchost.exe[1724] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 0061005B
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_open 756D7E48 5 Bytes JMP 00670FEF
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 00670042
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!system 7570B16F 5 Bytes JMP 00670FC1
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 00670FD2
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 00670031
.text C:\Windows\system32\svchost.exe[1724] msvcrt.dll!_wopen 75710570 5 Bytes JMP 00670000
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 00600FEF
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 00600FBC
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 0060004A
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 00600039
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 00600FDE
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 0060005B
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 00600FCD
.text C:\Windows\system32\svchost.exe[1724] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 00600014
.text C:\Windows\system32\svchost.exe[1724] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 00680FEF
.text C:\Windows\system32\svchost.exe[1860] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 002C0000
.text C:\Windows\system32\svchost.exe[1860] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 002C001B
.text C:\Windows\system32\svchost.exe[1860] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 002C0FEF
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 002B0F3F
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 002B0EF8
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 002B0F13
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 002B0014
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 002B004D
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 002B0F86
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 002B0F75
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 002B0EE7
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 002B0FB2
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 002B0F2E
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 002B0FDE
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 002B0FEF
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 002B0F97
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 002B005E
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 002B0FC3
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 002B008D
.text C:\Windows\system32\svchost.exe[1860] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 002B0F50
.text C:\Windows\system32\svchost.exe[1860] msvcrt.dll!_open 756D7E48 5 Bytes JMP 004A0FEF
.text C:\Windows\system32\svchost.exe[1860] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 004A0025
.text C:\Windows\system32\svchost.exe[1860] msvcrt.dll!system 7570B16F 5 Bytes JMP 004A0F9A
.text C:\Windows\system32\svchost.exe[1860] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 004A0FB5
.text C:\Windows\system32\svchost.exe[1860] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 004A000A
.text C:\Windows\system32\svchost.exe[1860] msvcrt.dll!_wopen 75710570 5 Bytes JMP 004A0FC6
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 002A0FEF
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 002A0040
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 002A0051
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 002A0FAF
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 002A000A
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 002A006C
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 002A0FCA
.text C:\Windows\system32\svchost.exe[1860] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 002A001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 01CF0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 01CF0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 01CF0FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 01CE0F83
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 01CE0F21
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 01CE0F3C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 01CE002F
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 01CE0FB9
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 01CE0076
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 01CE0091
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 01CE00D1
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 01CE0040
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 01CE0F68
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 01CE0FE5
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 01CE0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 01CE0065
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 01CE0F9E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 01CE0FD4
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 01CE0F57
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 01CE00AC
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] msvcrt.dll!_open 756D7E48 5 Bytes JMP 01D00FEF
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 01D00FB2
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] msvcrt.dll!system 7570B16F 5 Bytes JMP 01D0003D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 01D00FCD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 01D00022
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] msvcrt.dll!_wopen 75710570 5 Bytes JMP 01D00FDE
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 01CD0000
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 01CD004E
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 01CD0FBD
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 01CD0069
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 01CD001B
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 01CD0084
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 01CD003D
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 01CD002C
.text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[2040] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 01D1000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[2220] ntdll.dll!LdrLoadDll 771D22B8 5 Bytes JMP 00361410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Windows\System32\svchost.exe[2996] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 00040FEF
.text C:\Windows\System32\svchost.exe[2996] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 00040FD4
.text C:\Windows\System32\svchost.exe[2996] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 00040000
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 00010072
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 0001009E
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 00010F09
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 00010FB9
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 00010F6B
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 00010F8D
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 00010F7C
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 000100B9
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 00010FA8
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 0001008D
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 00010FD4
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 00010FE5
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 0001002F
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 00010F3F
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 00010014
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 00010F24
.text C:\Windows\System32\svchost.exe[2996] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 00010F5A
.text C:\Windows\System32\svchost.exe[2996] msvcrt.dll!_open 756D7E48 5 Bytes JMP 0012000C
.text C:\Windows\System32\svchost.exe[2996] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 00120FB7
.text C:\Windows\System32\svchost.exe[2996] msvcrt.dll!system 7570B16F 5 Bytes JMP 00120FC8
.text C:\Windows\System32\svchost.exe[2996] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 0012001D
.text C:\Windows\System32\svchost.exe[2996] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 00120038
.text C:\Windows\System32\svchost.exe[2996] msvcrt.dll!_wopen 75710570 5 Bytes JMP 00120FE3
.text C:\Windows\System32\svchost.exe[2996] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 00140FE5
.text C:\Windows\System32\svchost.exe[2996] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 0014000A
.text C:\Windows\System32\svchost.exe[2996] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 00140036
.text C:\Windows\System32\svchost.exe[2996] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 00140025
.text C:\Windows\System32\svchost.exe[2996] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 00140FD4
.text C:\Windows\System32\svchost.exe[2996] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 00140047
.text C:\Windows\System32\svchost.exe[2996] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 00140FA8
.text C:\Windows\System32\svchost.exe[2996] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 00140FC3
.text C:\Windows\system32\svchost.exe[3112] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 0004000A
.text C:\Windows\system32\svchost.exe[3112] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 00040FEF
.text C:\Windows\system32\svchost.exe[3112] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 00040025
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 00010F43
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 000100BD
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 000100AC
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 00010011
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 00010047
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 00010F8A
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 00010F6F
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 000100D8
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 00010022
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 00010F28
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 00010000
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 00010FEF
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 00010FA5
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 0001006C
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 00010FC0
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 00010087
.text C:\Windows\system32\svchost.exe[3112] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 00010F54
.text C:\Windows\system32\svchost.exe[3112] msvcrt.dll!_open 756D7E48 5 Bytes JMP 000E0FE3
.text C:\Windows\system32\svchost.exe[3112] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 000E0FA3
.text C:\Windows\system32\svchost.exe[3112] msvcrt.dll!system 7570B16F 5 Bytes JMP 000E0038
.text C:\Windows\system32\svchost.exe[3112] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 000E0FD2
.text C:\Windows\system32\svchost.exe[3112] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 000E001D
.text C:\Windows\system32\svchost.exe[3112] msvcrt.dll!_wopen 75710570 5 Bytes JMP 000E000C
.text C:\Windows\system32\svchost.exe[3112] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 002B0000
.text C:\Windows\system32\svchost.exe[3112] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 002B0FCA
.text C:\Windows\system32\svchost.exe[3112] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 002B0FA5
.text C:\Windows\system32\svchost.exe[3112] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 002B0051
.text C:\Windows\system32\svchost.exe[3112] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 002B0FE5
.text C:\Windows\system32\svchost.exe[3112] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 002B0062
.text C:\Windows\system32\svchost.exe[3112] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 002B002C
.text C:\Windows\system32\svchost.exe[3112] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 002B001B
.text C:\Windows\System32\svchost.exe[3592] ntdll.dll!NtCreateFile 771B55C8 5 Bytes JMP 00040FEF
.text C:\Windows\System32\svchost.exe[3592] ntdll.dll!NtCreateProcess 771B5698 5 Bytes JMP 00040FCA
.text C:\Windows\System32\svchost.exe[3592] ntdll.dll!NtProtectVirtualMemory 771B5F18 5 Bytes JMP 0004000A
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!GetStartupInfoA 76121E10 5 Bytes JMP 00010076
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!CreateProcessW 7612204D 5 Bytes JMP 00010F10
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!CreateProcessA 76122082 5 Bytes JMP 0001009B
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!CreateNamedPipeW 76152D47 5 Bytes JMP 00010FCA
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!VirtualProtect 76162BCD 5 Bytes JMP 00010F68
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!LoadLibraryExA 76164466 5 Bytes JMP 00010F9E
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!LoadLibraryExW 76165079 5 Bytes JMP 00010F8D
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!GetProcAddress 7616CC94 5 Bytes JMP 000100C0
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!LoadLibraryA 7616DC65 5 Bytes JMP 00010FAF
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!GetStartupInfoW 7616E2DD 5 Bytes JMP 00010F32
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!CreateFileW 7616E8A5 5 Bytes JMP 0001000A
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!CreateFileA 7616EA61 5 Bytes JMP 00010FEF
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!LoadLibraryW 7616EF42 5 Bytes JMP 00010040
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!CreatePipe 761812A6 5 Bytes JMP 00010065
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!CreateNamedPipeA 761ADBA8 5 Bytes JMP 0001001B
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!WinExec 761AEDB2 5 Bytes JMP 00010F21
.text C:\Windows\System32\svchost.exe[3592] kernel32.dll!VirtualProtectEx 761AFD51 5 Bytes JMP 00010F57
.text C:\Windows\System32\svchost.exe[3592] msvcrt.dll!_open 756D7E48 5 Bytes JMP 000E0FE3
.text C:\Windows\System32\svchost.exe[3592] msvcrt.dll!_wsystem 7570B04F 5 Bytes JMP 000E002E
.text C:\Windows\System32\svchost.exe[3592] msvcrt.dll!system 7570B16F 5 Bytes JMP 000E001D
.text C:\Windows\System32\svchost.exe[3592] msvcrt.dll!_creat 7570ED29 5 Bytes JMP 000E0FB7
.text C:\Windows\System32\svchost.exe[3592] msvcrt.dll!_wcreat 7571038E 5 Bytes JMP 000E000C
.text C:\Windows\System32\svchost.exe[3592] msvcrt.dll!_wopen 75710570 5 Bytes JMP 000E0FD2
.text C:\Windows\System32\svchost.exe[3592] WS2_32.dll!socket 772B3EB8 5 Bytes JMP 000F0FEF
.text C:\Windows\System32\svchost.exe[3592] ADVAPI32.dll!RegOpenKeyA 7598CC15 5 Bytes JMP 001D0FE5
.text C:\Windows\System32\svchost.exe[3592] ADVAPI32.dll!RegCreateKeyA 7598CD01 5 Bytes JMP 001D002F
.text C:\Windows\System32\svchost.exe[3592] ADVAPI32.dll!RegCreateKeyExA 75991469 5 Bytes JMP 001D005B
.text C:\Windows\System32\svchost.exe[3592] ADVAPI32.dll!RegCreateKeyW 75991514 5 Bytes JMP 001D0040
.text C:\Windows\System32\svchost.exe[3592] ADVAPI32.dll!RegOpenKeyW 75992459 5 Bytes JMP 001D0FCA
.text C:\Windows\System32\svchost.exe[3592] ADVAPI32.dll!RegCreateKeyExW 759940FE 5 Bytes JMP 001D006C
.text C:\Windows\System32\svchost.exe[3592] ADVAPI32.dll!RegOpenKeyExW 7599468D 5 Bytes JMP 001D000A
.text C:\Windows\System32\svchost.exe[3592] ADVAPI32.dll!RegOpenKeyExA 75994907 5 Bytes JMP 001D0FB9
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3684] USER32.dll!SetWindowLongA 770A8BA3 5 Bytes JMP 68B7A2FB C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3684] USER32.dll!SetWindowLongW 770B4449 5 Bytes JMP 68B7A28D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3684] USER32.dll!GetWindowInfo 770B4B5E 5 Bytes JMP 68981BD2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3684] USER32.dll!TrackPopupMenu 770C2228 3 Bytes JMP 6898219D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3684] USER32.dll!TrackPopupMenu + 4 770C222C 1 Byte [F1] {INT1 }

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\mfevtps.exe[364] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00BAABE0] C:\Windows\system32\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00C39397] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00C393D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00C39465] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00C38D55] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject] [00C3833D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00C39465] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [00C39417] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00C38D55] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00C393D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00C393D7] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00C39397] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00C39465] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00C38D55] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00C39417] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [00C3833D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [00C382F3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [00C3896C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [00C3896C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [00C38343] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [00C38277] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [00C382B5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow] [00C3837B] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [00C382F3] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [00C3896C] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject] [00C3833D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00C39397] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3076] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00C393D7] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Fs_Rec.sys (File System Recognizer Driver/Microsoft Corporation)
Device cdfs.sys (CD-ROM File System Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

***Batman*** · 22-05-2012, 17:46

سلام.
بنده گفتم فایل گزارش رو آپلود کنید.شما متن گزارش رو گذاشتید که تاپیک رو شلوغ کرده.لطفا از تگ اسپویلر استفاده کنید.
مراحل [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ] را انجام بدید.( Immunize و Search & Destroy انجام شود)

**amir-aa** · 23-05-2012, 15:49

انجام دادم بتمن جان.بعدش هم یک دور ریستارت کردم.اولین صفحه ای که باز کردم همونجوری شد
اون دوتا فایل رو هم آپلود کردم توی 4shared چون اینجا نمیدونم چرا اجازه آپلود فایل نمیده
[ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

اینم بگم که اون فایل آخری رو نتونستم توی درایوCظاهر کنم.ویندوزم هم سون هستش

***Batman*** · 23-05-2012, 19:39

[ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ] رو دانلود و در قسمت اپلیکیشن تمام تیک ها رو بزنید سیستم رو اآنالیز کنید و بعدش run ccleaner

اگر تولبار اضافه روی فایرفاکس نصبه پاکش کنید.
اگر مشکل پابرجا بود پست اول [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ] رو بخونید و یه گزارش آماده کنید.

**amir-aa** · 24-05-2012, 13:38

بتمن جان Ccleaner جواب نداد [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ] مال گزارش hijackThisهست.

***Batman*** · 24-05-2012, 21:02

برای جلوگیری از باز شدن این صفحات ناخواسته میتونید از دو افزونه ای که معرفی میکنم استفاده کنید.
1- افزونه [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ] برای فایرفاکس.توضیحات این افزونه در [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ] و [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ] قرار گرفته.
2-این یک افزونه مفید برای مقابله با محتوای نامطلوب هستش.
هنگام مواجهه با صفحات تبلیغاتی یا صفحاتی با محتوای غیر اخلاقی میتونید محتوای اونا رو به شکل دلخواه تغییر بدید.
[ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

**amir-aa** · 25-05-2012, 21:39

مرسی عزیزم درست شد

**~~maminsafari~~** · 27-07-2012, 12:18

نوشته شده توسط *Batman* [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

برای جلوگیری از باز شدن این صفحات ناخواسته میتونید از دو افزونه ای که معرفی میکنم استفاده کنید.
1- افزونه [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ] برای فایرفاکس.توضیحات این افزونه در [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ] و [ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ] قرار گرفته.
2-این یک افزونه مفید برای مقابله با محتوای نامطلوب هستش.
هنگام مواجهه با صفحات تبلیغاتی یا صفحاتی با محتوای غیر اخلاقی میتونید محتوای اونا رو به شکل دلخواه تغییر بدید.
[ برای مشاهده لینک ، با نام کاربری خود وارد شوید یا ثبت نام کنید ]

یه راه بهتر به جای نصب افزونه اینه که تو آنتی ویروس ای پی 10.10.45.45 را بلوک کنید که مربوط به همون صفحه ها میشه . دیگه نمیاد.

نام تاپيک: یه مشکل عجیب برای سیستم

اختيارات تاپيک