-
Results of GMER Part 2
Bytes JMP 00A30040
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A300BA
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A30F72
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A300DF
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A30F46
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A30F2B
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A30FC3
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A30FEF
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A3009D
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A30FD4
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A3002F
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A30F61
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00A20FB9
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00A20F8D
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00A20FD4
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00A20FEF
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00A2004A
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00A20000
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00A20025
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00A20F9E
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00A10064
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!system 77C293C7 5 Bytes JMP 00A10053
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00A1001D
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00A10000
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00A10038
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00A10FE3
.text C:\WINDOWS\system32\svchost.exe[1176] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A00000
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01FF0000
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01FF0087
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01FF0F92
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01FF0FA3
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01FF0062
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01FF0FC0
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01FF00AE
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01FF0F66
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01FF00F5
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01FF00E4
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01FF0F41
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01FF0047
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01FF001B
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01FF0F77
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01FF002C
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01FF0FDB
.text C:\WINDOWS\System32\svchost.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01FF00C9
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01FE0040
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01FE0091
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01FE0FEF
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01FE0025
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01FE0076
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01FE0000
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 01FE0065
.text C:\WINDOWS\System32\svchost.exe[1316] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01FE0FD4
.text C:\WINDOWS\System32\svchost.exe[1316] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01FD0F92
.text C:\WINDOWS\System32\svchost.exe[1316] msvcrt.dll!system 77C293C7 5 Bytes JMP 01FD0FAD
.text C:\WINDOWS\System32\svchost.exe[1316] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01FD0FD9
.text C:\WINDOWS\System32\svchost.exe[1316] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01FD0000
.text C:\WINDOWS\System32\svchost.exe[1316] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01FD0FBE
.text C:\WINDOWS\System32\svchost.exe[1316] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01FD0011
.text C:\WINDOWS\System32\svchost.exe[1316] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01FC0FE5
.text C:\WINDOWS\System32\svchost.exe[1316] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00EC0FEF
.text C:\WINDOWS\System32\svchost.exe[1316] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 00EC0000
.text C:\WINDOWS\System32\svchost.exe[1316] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00EC0FCA
.text C:\WINDOWS\System32\svchost.exe[1316] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00EC0FAF
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0094000A
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00940087
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0094006C
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0094005B
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00940FA8
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00940FCA
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009400BF
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009400AE
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00940F55
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00940F66
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00940F3A
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00940FB9
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00940025
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00940F77
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00940FEF
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00940040
.text C:\WINDOWS\System32\svchost.exe[1400] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009400E4
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0093001E
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093005B
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FC3
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FDE
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930FA8
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0093004A
.text C:\WINDOWS\System32\svchost.exe[1400] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0093002F
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0092003D
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FA8
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920011
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920FE3
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920022
.text C:\WINDOWS\System32\svchost.exe[1400] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[1400] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0091000A
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0FEF
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtectEx 7C801A61 1 Byte [E9]
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0065
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0054
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0F7C
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0F8D
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0FC3
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C0F30
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0076
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C00BF
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C00A4
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C00E4
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0F9E
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C0014
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0F4B
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0FD4
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C002F
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C0093
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0FC3
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0F7C
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B0014
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0FD4
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0039
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FE5
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009B0F97
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BB, 88]
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0FB2
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0F9A
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A002F
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A0000
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0FB5
.text C:\WINDOWS\system32\svchost.exe[1572] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0FD2
.text C:\WINDOWS\system32\svchost.exe[1572] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990000
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B40000
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B40F77
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B40F88
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B40062
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B40047
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B4002C
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B400A4
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B40093
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B400BF
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B40F26
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B400D0
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B40FAF
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B40011
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B40F5C
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B40FC0
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B40FDB
.text C:\WINDOWS\System32\svchost.exe[1916] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B40F41
.text C:\WINDOWS\System32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B30022
.text C:\WINDOWS\System32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B30FB6
.text C:\WINDOWS\System32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B30FD1
.text C:\WINDOWS\System32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B30011
.text C:\WINDOWS\System32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B30073
.text C:\WINDOWS\System32\svchost.exe[1916] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B30000
.text C:\WINDOWS\System32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B3004E
.text C:\WINDOWS\System32\svchost.exe[1916] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B3003D
.text C:\WINDOWS\System32\svchost.exe[1916] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B20FA3
.text C:\WINDOWS\System32\svchost.exe[1916] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B20FC8
.text C:\WINDOWS\System32\svchost.exe[1916] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B20FE3
.text C:\WINDOWS\System32\svchost.exe[1916] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B20000
.text C:\WINDOWS\System32\svchost.exe[1916] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B20038
.text C:\WINDOWS\System32\svchost.exe[1916] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B20011
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B90080
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B9006F
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B90054
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B90043
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B90FA1
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B90F5C
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B900AE
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B900DA
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B90F41
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B90F1C
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B90032
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B90FDE
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B90091
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B90FB2
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B90FCD
.text C:\WINDOWS\System32\svchost.exe[1976] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B900C9
.text C:\WINDOWS\System32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930FD4
.text C:\WINDOWS\System32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930051
.text C:\WINDOWS\System32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930025
.text C:\WINDOWS\System32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930036
.text C:\WINDOWS\System32\svchost.exe[1976] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FEF
.text C:\WINDOWS\System32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F94
.text C:\WINDOWS\System32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
.text C:\WINDOWS\System32\svchost.exe[1976] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FB9
.text C:\WINDOWS\System32\svchost.exe[1976] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FB7
.text C:\WINDOWS\System32\svchost.exe[1976] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920038
.text C:\WINDOWS\System32\svchost.exe[1976] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0092001D
.text C:\WINDOWS\System32\svchost.exe[1976] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\System32\svchost.exe[1976] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FC8
.text C:\WINDOWS\System32\svchost.exe[1976] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00920FE3
.text C:\WINDOWS\System32\svchost.exe[1976] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 00900FEF
.text C:\WINDOWS\System32\svchost.exe[1976] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 0090000A
.text C:\WINDOWS\System32\svchost.exe[1976] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 00900FD4
.text C:\WINDOWS\System32\svchost.exe[1976] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 00900025
.text C:\WINDOWS\System32\svchost.exe[1976] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910000
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A006C
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0051
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0040
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0F83
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FAF
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F30
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F41
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A009D
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0EFA
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0EE9
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A001B
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F5C
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FCA
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FE5
.text C:\WINDOWS\Explorer.EXE[2716] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F0B
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FDB
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290FAF
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029002C
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029001B
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290FC0
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0029000A
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290062
.text C:\WINDOWS\Explorer.EXE[2716] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290047
.text C:\WINDOWS\Explorer.EXE[2716] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0053
.text C:\WINDOWS\Explorer.EXE[2716] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0FC8
.text C:\WINDOWS\Explorer.EXE[2716] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A0FE3
.text C:\WINDOWS\Explorer.EXE[2716] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A000C
.text C:\WINDOWS\Explorer.EXE[2716] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0038
.text C:\WINDOWS\Explorer.EXE[2716] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A001D
.text C:\WINDOWS\Explorer.EXE[2716] WININET.dll!InternetOpenA 3D953081 5 Bytes JMP 002C0000
.text C:\WINDOWS\Explorer.EXE[2716] WININET.dll!InternetOpenW 3D9536B1 5 Bytes JMP 002C0011
.text C:\WINDOWS\Explorer.EXE[2716] WININET.dll!InternetOpenUrlA 3D956F5A 5 Bytes JMP 002C002C
.text C:\WINDOWS\Explorer.EXE[2716] WININET.dll!InternetOpenUrlW 3D998439 1 Byte [E9]
.text C:\WINDOWS\Explorer.EXE[2716] WININET.dll!InternetOpenUrlW 3D998439 5 Bytes JMP 002C003D
.text C:\WINDOWS\Explorer.EXE[2716] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01E80FEF
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@imagepath \systemroot\system32\drivers\TDSSmxjt.sys
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSserv
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSl
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssservers
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssmain
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsslog \systemroot\system32\TDSSvoqm.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssadw \systemroot\system32\TDSSnvuo.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssinit
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdssurls \systemroot\system32\TDSSnmxh.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsspanels \systemroot\system32\TDSSsahs.dll
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@tdsserrors \systemroot\system32\TDSSxhyf.log
Reg HKLM\SYSTEM\ControlSet001\Services\TDSSserv.sys\modules@TDSSproc \systemroot\system32\TDSSkkai.log
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x05 0x73 0x21 0xDD ...
---- EOF - GMER 1.0.15 ----
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
