GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-09 21:28:23 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2 WDC_WD2500BEVT-75ZCT2 rev.11.01A11 Running: i2edeh28.exe; Driver: C:\Users\NUESSC~1\AppData\Local\Temp\kwtyiuow.sys ---- System - GMER 1.0.15 ---- SSDT 8E89E3AE ZwCreateSection SSDT 8E89E3B8 ZwRequestWaitReplyPort SSDT 8E89E3B3 ZwSetContextThread SSDT 8E89E3BD ZwSetSecurityObject SSDT 8E89E3C2 ZwSystemDebugControl SSDT 8E89E34F ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13D1 82A8B369 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82AC4D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82ACBEAC 4 Bytes [AE, E3, 89, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82ACC208 4 Bytes [B8, E3, 89, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82ACC24C 4 Bytes [B3, E3, 89, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82ACC2C8 4 Bytes [BD, E3, 89, 8E] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82ACC31C 4 Bytes [C2, E3, 89, 8E] .text ... ? system32\DRIVERS\avkmgr.sys Das System kann den angegebenen Pfad nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\taskhost.exe[2164] ntdll.dll!NtCreateUserProcess 77345778 5 Bytes JMP 01A17078 .text C:\Windows\system32\taskhost.exe[2164] ntdll.dll!LdrLoadDll 7736223E 5 Bytes JMP 01A171A1 .text C:\Windows\system32\taskhost.exe[2164] kernel32.dll!GetFileAttributesExW 75A8307E 5 Bytes JMP 01A1727B .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!SwitchDesktop 76F9476B 5 Bytes JMP 01A16B61 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!OpenInputDesktop 76F95C39 5 Bytes JMP 01A16B11 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!RegisterClassExA 76F96293 5 Bytes JMP 01A16F6F .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!GetCapture 76F99DC7 5 Bytes JMP 01A055B3 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!GetCursorPos 76F9A4B3 5 Bytes JMP 01A05485 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!GetUpdateRect 76F9A575 5 Bytes JMP 01A19DEC .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!DefWindowProcA 76F9BB1C 5 Bytes JMP 01A16BC5 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!RegisterClassA 76F9BC6A 5 Bytes JMP 01A16ED0 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!RegisterClassW 76F9ED4A 5 Bytes JMP 01A16E83 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!RegisterClassExW 76FA0162 5 Bytes JMP 01A16F1D .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!GetMessageA 76FA1899 5 Bytes JMP 01A0567A .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!PeekMessageA 76FA19A5 5 Bytes JMP 01A056CD .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!CallWindowProcW 76FA1B3C 5 Bytes JMP 01A16DB5 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!GetDCEx 76FA2D57 5 Bytes JMP 01A19CD3 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!GetWindowDC 76FA4AB7 5 Bytes JMP 01A19D6D .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!DefWindowProcW 76FA507D 5 Bytes JMP 01A16B7F .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!ReleaseDC 76FA5421 5 Bytes JMP 01A19DAC .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!GetDC 76FA544C 5 Bytes JMP 01A19D2E .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!BeginPaint 76FA5D14 5 Bytes JMP 01A19C23 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!EndPaint 76FA5D42 5 Bytes JMP 01A19C93 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!PeekMessageW 76FA634A 5 Bytes JMP 01A056A2 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!TranslateMessage 76FA64C7 5 Bytes JMP 01A05895 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!GetMessageW 76FACDE8 5 Bytes JMP 01A05652 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!GetClipboardData 76FB2BA7 5 Bytes JMP 01A05A02 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!DefDlgProcA 76FB71E4 5 Bytes JMP 01A16C51 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!DefMDIChildProcW 76FC150A 5 Bytes JMP 01A16D29 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!DefFrameProcW 76FC152B 5 Bytes JMP 01A16C97 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!GetUpdateRgn 76FC1C07 5 Bytes JMP 01A19E7F .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!DefFrameProcA 76FC25B7 5 Bytes JMP 01A16CE0 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!DefMDIChildProcA 76FC25DB 5 Bytes JMP 01A16D6F .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!CallWindowProcA 76FC2BD3 5 Bytes JMP 01A16DFE .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!DefDlgProcW 76FC5BC1 5 Bytes JMP 01A16C0B .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!GetMessagePos 76FC6703 5 Bytes JMP 01A05453 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!SetCapture 76FC6932 5 Bytes JMP 01A05509 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!ReleaseCapture 76FC69F2 5 Bytes JMP 01A05563 .text C:\Windows\system32\taskhost.exe[2164] USER32.dll!SetCursorPos 76FDC1B0 5 Bytes JMP 01A054CC .text C:\Windows\system32\taskhost.exe[2164] CRYPT32.dll!PFXImportCertStore 75670DDC 5 Bytes JMP 01A1BF73 .text C:\Windows\system32\taskhost.exe[2164] WININET.dll!HttpQueryInfoA 75BBA336 5 Bytes JMP 01A1D42A .text C:\Windows\system32\taskhost.exe[2164] WININET.dll!InternetCloseHandle 75BBAB41 5 Bytes JMP 01A1D332 .text C:\Windows\system32\taskhost.exe[2164] WININET.dll!InternetReadFile 75BBB3FE 5 Bytes JMP 01A1D375 .text C:\Windows\system32\taskhost.exe[2164] WININET.dll!InternetQueryDataAvailable 75BC5E5D 5 Bytes JMP 01A1D3FE .text C:\Windows\system32\taskhost.exe[2164] WININET.dll!HttpSendRequestW 75BCBA12 5 Bytes JMP 01A1D152 .text C:\Windows\system32\taskhost.exe[2164] WININET.dll!HttpSendRequestExW 75BD4A35 5 Bytes JMP 01A1D1FA .text C:\Windows\system32\taskhost.exe[2164] WININET.dll!InternetReadFileExA 75BEAE56 5 Bytes JMP 01A1D3B4 .text C:\Windows\system32\taskhost.exe[2164] WININET.dll!HttpSendRequestExA 75C31962 5 Bytes JMP 01A1D296 .text C:\Windows\system32\taskhost.exe[2164] WININET.dll!HttpSendRequestA 75C31A48 5 Bytes JMP 01A1D1A6 .text C:\Windows\system32\taskhost.exe[2164] ws2_32.DLL!closesocket 75CF3918 5 Bytes JMP 01A17939 .text C:\Windows\system32\taskhost.exe[2164] ws2_32.DLL!WSASend 75CF4406 5 Bytes JMP 01A17992 .text C:\Windows\system32\taskhost.exe[2164] ws2_32.DLL!send 75CF6F01 5 Bytes JMP 01A17971 .text C:\Windows\system32\Dwm.exe[2212] ntdll.dll!NtCreateUserProcess 77345778 5 Bytes JMP 02D07078 .text C:\Windows\system32\Dwm.exe[2212] ntdll.dll!LdrLoadDll 7736223E 5 Bytes JMP 02D071A1 .text C:\Windows\system32\Dwm.exe[2212] kernel32.dll!GetFileAttributesExW 75A8307E 5 Bytes JMP 02D0727B .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!SwitchDesktop 76F9476B 5 Bytes JMP 02D06B61 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!OpenInputDesktop 76F95C39 5 Bytes JMP 02D06B11 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!RegisterClassExA 76F96293 5 Bytes JMP 02D06F6F .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!GetCapture 76F99DC7 5 Bytes JMP 02CF55B3 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!GetCursorPos 76F9A4B3 5 Bytes JMP 02CF5485 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!GetUpdateRect 76F9A575 5 Bytes JMP 02D09DEC .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!DefWindowProcA 76F9BB1C 5 Bytes JMP 02D06BC5 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!RegisterClassA 76F9BC6A 5 Bytes JMP 02D06ED0 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!RegisterClassW 76F9ED4A 5 Bytes JMP 02D06E83 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!RegisterClassExW 76FA0162 5 Bytes JMP 02D06F1D .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!GetMessageA 76FA1899 5 Bytes JMP 02CF567A .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!PeekMessageA 76FA19A5 5 Bytes JMP 02CF56CD .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!CallWindowProcW 76FA1B3C 5 Bytes JMP 02D06DB5 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!GetDCEx 76FA2D57 5 Bytes JMP 02D09CD3 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!GetWindowDC 76FA4AB7 5 Bytes JMP 02D09D6D .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!DefWindowProcW 76FA507D 5 Bytes JMP 02D06B7F .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!ReleaseDC 76FA5421 5 Bytes JMP 02D09DAC .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!GetDC 76FA544C 5 Bytes JMP 02D09D2E .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!BeginPaint 76FA5D14 5 Bytes JMP 02D09C23 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!EndPaint 76FA5D42 5 Bytes JMP 02D09C93 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!PeekMessageW 76FA634A 5 Bytes JMP 02CF56A2 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!TranslateMessage 76FA64C7 5 Bytes JMP 02CF5895 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!GetMessageW 76FACDE8 5 Bytes JMP 02CF5652 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!GetClipboardData 76FB2BA7 5 Bytes JMP 02CF5A02 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!DefDlgProcA 76FB71E4 5 Bytes JMP 02D06C51 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!DefMDIChildProcW 76FC150A 5 Bytes JMP 02D06D29 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!DefFrameProcW 76FC152B 5 Bytes JMP 02D06C97 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!GetUpdateRgn 76FC1C07 5 Bytes JMP 02D09E7F .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!DefFrameProcA 76FC25B7 5 Bytes JMP 02D06CE0 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!DefMDIChildProcA 76FC25DB 5 Bytes JMP 02D06D6F .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!CallWindowProcA 76FC2BD3 5 Bytes JMP 02D06DFE .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!DefDlgProcW 76FC5BC1 5 Bytes JMP 02D06C0B .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!GetMessagePos 76FC6703 5 Bytes JMP 02CF5453 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!SetCapture 76FC6932 5 Bytes JMP 02CF5509 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!ReleaseCapture 76FC69F2 5 Bytes JMP 02CF5563 .text C:\Windows\system32\Dwm.exe[2212] USER32.dll!SetCursorPos 76FDC1B0 5 Bytes JMP 02CF54CC .text C:\Windows\system32\Dwm.exe[2212] CRYPT32.dll!PFXImportCertStore 75670DDC 5 Bytes JMP 02D0BF73 .text C:\Windows\system32\Dwm.exe[2212] WS2_32.dll!closesocket 75CF3918 5 Bytes JMP 02D07939 .text C:\Windows\system32\Dwm.exe[2212] WS2_32.dll!WSASend 75CF4406 5 Bytes JMP 02D07992 .text C:\Windows\system32\Dwm.exe[2212] WS2_32.dll!send 75CF6F01 5 Bytes JMP 02D07971 .text C:\Windows\system32\Dwm.exe[2212] WININET.dll!HttpQueryInfoA 75BBA336 5 Bytes JMP 02D0D42A .text C:\Windows\system32\Dwm.exe[2212] WININET.dll!InternetCloseHandle 75BBAB41 5 Bytes JMP 02D0D332 .text C:\Windows\system32\Dwm.exe[2212] WININET.dll!InternetReadFile 75BBB3FE 5 Bytes JMP 02D0D375 .text C:\Windows\system32\Dwm.exe[2212] WININET.dll!InternetQueryDataAvailable 75BC5E5D 5 Bytes JMP 02D0D3FE .text C:\Windows\system32\Dwm.exe[2212] WININET.dll!HttpSendRequestW 75BCBA12 5 Bytes JMP 02D0D152 .text C:\Windows\system32\Dwm.exe[2212] WININET.dll!HttpSendRequestExW 75BD4A35 5 Bytes JMP 02D0D1FA .text C:\Windows\system32\Dwm.exe[2212] WININET.dll!InternetReadFileExA 75BEAE56 5 Bytes JMP 02D0D3B4 .text C:\Windows\system32\Dwm.exe[2212] WININET.dll!HttpSendRequestExA 75C31962 5 Bytes JMP 02D0D296 .text C:\Windows\system32\Dwm.exe[2212] WININET.dll!HttpSendRequestA 75C31A48 5 Bytes JMP 02D0D1A6 .text C:\Windows\Explorer.EXE[2236] ntdll.dll!NtCreateUserProcess 77345778 3 Bytes JMP 02347078 .text C:\Windows\Explorer.EXE[2236] ntdll.dll!NtCreateUserProcess + 4 7734577C 1 Byte [8B] .text C:\Windows\Explorer.EXE[2236] ntdll.dll!LdrLoadDll 7736223E 5 Bytes JMP 023471A1 .text C:\Windows\Explorer.EXE[2236] kernel32.dll!GetFileAttributesExW 75A8307E 5 Bytes JMP 0234727B .text C:\Windows\Explorer.EXE[2236] USER32.dll!SwitchDesktop 76F9476B 5 Bytes JMP 02346B61 .text C:\Windows\Explorer.EXE[2236] USER32.dll!OpenInputDesktop 76F95C39 5 Bytes JMP 02346B11 .text C:\Windows\Explorer.EXE[2236] USER32.dll!RegisterClassExA 76F96293 5 Bytes JMP 02346F6F .text C:\Windows\Explorer.EXE[2236] USER32.dll!GetCapture 76F99DC7 5 Bytes JMP 023355B3 .text C:\Windows\Explorer.EXE[2236] USER32.dll!GetCursorPos 76F9A4B3 5 Bytes JMP 02335485 .text C:\Windows\Explorer.EXE[2236] USER32.dll!GetUpdateRect 76F9A575 5 Bytes JMP 02349DEC .text C:\Windows\Explorer.EXE[2236] USER32.dll!DefWindowProcA 76F9BB1C 5 Bytes JMP 02346BC5 .text C:\Windows\Explorer.EXE[2236] USER32.dll!RegisterClassA 76F9BC6A 5 Bytes JMP 02346ED0 .text C:\Windows\Explorer.EXE[2236] USER32.dll!RegisterClassW 76F9ED4A 5 Bytes JMP 02346E83 .text C:\Windows\Explorer.EXE[2236] USER32.dll!RegisterClassExW 76FA0162 5 Bytes JMP 02346F1D .text C:\Windows\Explorer.EXE[2236] USER32.dll!GetMessageA 76FA1899 5 Bytes JMP 0233567A .text C:\Windows\Explorer.EXE[2236] USER32.dll!PeekMessageA 76FA19A5 5 Bytes JMP 023356CD .text C:\Windows\Explorer.EXE[2236] USER32.dll!CallWindowProcW 76FA1B3C 5 Bytes JMP 02346DB5 .text C:\Windows\Explorer.EXE[2236] USER32.dll!GetDCEx 76FA2D57 5 Bytes JMP 02349CD3 .text C:\Windows\Explorer.EXE[2236] USER32.dll!GetWindowDC 76FA4AB7 5 Bytes JMP 02349D6D .text C:\Windows\Explorer.EXE[2236] USER32.dll!DefWindowProcW 76FA507D 5 Bytes JMP 02346B7F .text C:\Windows\Explorer.EXE[2236] USER32.dll!ReleaseDC 76FA5421 5 Bytes JMP 02349DAC .text C:\Windows\Explorer.EXE[2236] USER32.dll!GetDC 76FA544C 5 Bytes JMP 02349D2E .text C:\Windows\Explorer.EXE[2236] USER32.dll!BeginPaint 76FA5D14 5 Bytes JMP 02349C23 .text C:\Windows\Explorer.EXE[2236] USER32.dll!EndPaint 76FA5D42 5 Bytes JMP 02349C93 .text C:\Windows\Explorer.EXE[2236] USER32.dll!PeekMessageW 76FA634A 5 Bytes JMP 023356A2 .text C:\Windows\Explorer.EXE[2236] USER32.dll!TranslateMessage 76FA64C7 5 Bytes JMP 02335895 .text C:\Windows\Explorer.EXE[2236] USER32.dll!GetMessageW 76FACDE8 5 Bytes JMP 02335652 .text C:\Windows\Explorer.EXE[2236] USER32.dll!GetClipboardData 76FB2BA7 5 Bytes JMP 02335A02 .text C:\Windows\Explorer.EXE[2236] USER32.dll!DefDlgProcA 76FB71E4 5 Bytes JMP 02346C51 .text C:\Windows\Explorer.EXE[2236] USER32.dll!DefMDIChildProcW 76FC150A 5 Bytes JMP 02346D29 .text C:\Windows\Explorer.EXE[2236] USER32.dll!DefFrameProcW 76FC152B 5 Bytes JMP 02346C97 .text C:\Windows\Explorer.EXE[2236] USER32.dll!GetUpdateRgn 76FC1C07 5 Bytes JMP 02349E7F .text C:\Windows\Explorer.EXE[2236] USER32.dll!DefFrameProcA 76FC25B7 5 Bytes JMP 02346CE0 .text C:\Windows\Explorer.EXE[2236] USER32.dll!DefMDIChildProcA 76FC25DB 5 Bytes JMP 02346D6F .text C:\Windows\Explorer.EXE[2236] USER32.dll!CallWindowProcA 76FC2BD3 5 Bytes JMP 02346DFE .text C:\Windows\Explorer.EXE[2236] USER32.dll!DefDlgProcW 76FC5BC1 5 Bytes JMP 02346C0B .text C:\Windows\Explorer.EXE[2236] USER32.dll!GetMessagePos 76FC6703 5 Bytes JMP 02335453 .text C:\Windows\Explorer.EXE[2236] USER32.dll!SetCapture 76FC6932 5 Bytes JMP 02335509 .text C:\Windows\Explorer.EXE[2236] USER32.dll!ReleaseCapture 76FC69F2 5 Bytes JMP 02335563 .text C:\Windows\Explorer.EXE[2236] USER32.dll!SetCursorPos 76FDC1B0 5 Bytes JMP 023354CC .text C:\Windows\Explorer.EXE[2236] CRYPT32.dll!PFXImportCertStore 75670DDC 5 Bytes JMP 0234BF73 .text C:\Windows\Explorer.EXE[2236] WININET.dll!HttpQueryInfoA 75BBA336 5 Bytes JMP 0234D42A .text C:\Windows\Explorer.EXE[2236] WININET.dll!InternetCloseHandle 75BBAB41 5 Bytes JMP 0234D332 .text C:\Windows\Explorer.EXE[2236] WININET.dll!InternetReadFile 75BBB3FE 5 Bytes JMP 0234D375 .text C:\Windows\Explorer.EXE[2236] WININET.dll!InternetQueryDataAvailable 75BC5E5D 5 Bytes JMP 0234D3FE .text C:\Windows\Explorer.EXE[2236] WININET.dll!HttpSendRequestW 75BCBA12 5 Bytes JMP 0234D152 .text C:\Windows\Explorer.EXE[2236] WININET.dll!HttpSendRequestExW 75BD4A35 5 Bytes JMP 0234D1FA .text C:\Windows\Explorer.EXE[2236] WININET.dll!InternetReadFileExA 75BEAE56 5 Bytes JMP 0234D3B4 .text C:\Windows\Explorer.EXE[2236] WININET.dll!HttpSendRequestExA 75C31962 5 Bytes JMP 0234D296 .text C:\Windows\Explorer.EXE[2236] WININET.dll!HttpSendRequestA 75C31A48 5 Bytes JMP 0234D1A6 .text C:\Windows\Explorer.EXE[2236] WS2_32.dll!closesocket 75CF3918 5 Bytes JMP 02347939 .text C:\Windows\Explorer.EXE[2236] WS2_32.dll!WSASend 75CF4406 5 Bytes JMP 02347992 .text C:\Windows\Explorer.EXE[2236] WS2_32.dll!send 75CF6F01 5 Bytes JMP 02347971 .text C:\Windows\OEM02Mon.exe[2372] ntdll.dll!NtCreateUserProcess 77345778 5 Bytes JMP 003D7078 .text C:\Windows\OEM02Mon.exe[2372] ntdll.dll!LdrLoadDll 7736223E 5 Bytes JMP 003D71A1 .text C:\Windows\OEM02Mon.exe[2372] kernel32.dll!GetFileAttributesExW 75A8307E 5 Bytes JMP 003D727B .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!SwitchDesktop 76F9476B 5 Bytes JMP 003D6B61 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!OpenInputDesktop 76F95C39 5 Bytes JMP 003D6B11 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!RegisterClassExA 76F96293 5 Bytes JMP 003D6F6F .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!GetCapture 76F99DC7 5 Bytes JMP 003C55B3 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!GetCursorPos 76F9A4B3 5 Bytes JMP 003C5485 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!GetUpdateRect 76F9A575 5 Bytes JMP 003D9DEC .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!DefWindowProcA 76F9BB1C 5 Bytes JMP 003D6BC5 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!RegisterClassA 76F9BC6A 5 Bytes JMP 003D6ED0 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!RegisterClassW 76F9ED4A 5 Bytes JMP 003D6E83 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!RegisterClassExW 76FA0162 5 Bytes JMP 003D6F1D .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!GetMessageA 76FA1899 5 Bytes JMP 003C567A .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!PeekMessageA 76FA19A5 5 Bytes JMP 003C56CD .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!CallWindowProcW 76FA1B3C 5 Bytes JMP 003D6DB5 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!GetDCEx 76FA2D57 5 Bytes JMP 003D9CD3 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!GetWindowDC 76FA4AB7 5 Bytes JMP 003D9D6D .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!DefWindowProcW 76FA507D 5 Bytes JMP 003D6B7F .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!ReleaseDC 76FA5421 5 Bytes JMP 003D9DAC .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!GetDC 76FA544C 5 Bytes JMP 003D9D2E .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!BeginPaint 76FA5D14 5 Bytes JMP 003D9C23 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!EndPaint 76FA5D42 5 Bytes JMP 003D9C93 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!PeekMessageW 76FA634A 5 Bytes JMP 003C56A2 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!TranslateMessage 76FA64C7 5 Bytes JMP 003C5895 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!GetMessageW 76FACDE8 5 Bytes JMP 003C5652 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!GetClipboardData 76FB2BA7 5 Bytes JMP 003C5A02 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!DefDlgProcA 76FB71E4 5 Bytes JMP 003D6C51 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!DefMDIChildProcW 76FC150A 5 Bytes JMP 003D6D29 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!DefFrameProcW 76FC152B 5 Bytes JMP 003D6C97 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!GetUpdateRgn 76FC1C07 5 Bytes JMP 003D9E7F .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!DefFrameProcA 76FC25B7 5 Bytes JMP 003D6CE0 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!DefMDIChildProcA 76FC25DB 5 Bytes JMP 003D6D6F .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!CallWindowProcA 76FC2BD3 5 Bytes JMP 003D6DFE .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!DefDlgProcW 76FC5BC1 5 Bytes JMP 003D6C0B .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!GetMessagePos 76FC6703 5 Bytes JMP 003C5453 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!SetCapture 76FC6932 5 Bytes JMP 003C5509 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!ReleaseCapture 76FC69F2 5 Bytes JMP 003C5563 .text C:\Windows\OEM02Mon.exe[2372] USER32.dll!SetCursorPos 76FDC1B0 5 Bytes JMP 003C54CC .text C:\Windows\OEM02Mon.exe[2372] CRYPT32.dll!PFXImportCertStore 75670DDC 5 Bytes JMP 003DBF73 .text C:\Windows\OEM02Mon.exe[2372] WS2_32.dll!closesocket 75CF3918 5 Bytes JMP 003D7939 .text C:\Windows\OEM02Mon.exe[2372] WS2_32.dll!WSASend 75CF4406 5 Bytes JMP 003D7992 .text C:\Windows\OEM02Mon.exe[2372] WS2_32.dll!send 75CF6F01 5 Bytes JMP 003D7971 .text C:\Windows\OEM02Mon.exe[2372] WININET.dll!HttpQueryInfoA 75BBA336 5 Bytes JMP 003DD42A .text C:\Windows\OEM02Mon.exe[2372] WININET.dll!InternetCloseHandle 75BBAB41 5 Bytes JMP 003DD332 .text C:\Windows\OEM02Mon.exe[2372] WININET.dll!InternetReadFile 75BBB3FE 5 Bytes JMP 003DD375 .text C:\Windows\OEM02Mon.exe[2372] WININET.dll!InternetQueryDataAvailable 75BC5E5D 5 Bytes JMP 003DD3FE .text C:\Windows\OEM02Mon.exe[2372] WININET.dll!HttpSendRequestW 75BCBA12 5 Bytes JMP 003DD152 .text C:\Windows\OEM02Mon.exe[2372] WININET.dll!HttpSendRequestExW 75BD4A35 5 Bytes JMP 003DD1FA .text C:\Windows\OEM02Mon.exe[2372] WININET.dll!InternetReadFileExA 75BEAE56 5 Bytes JMP 003DD3B4 .text C:\Windows\OEM02Mon.exe[2372] WININET.dll!HttpSendRequestExA 75C31962 5 Bytes JMP 003DD296 .text C:\Windows\OEM02Mon.exe[2372] WININET.dll!HttpSendRequestA 75C31A48 5 Bytes JMP 003DD1A6 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] ntdll.dll!NtCreateUserProcess 77345778 5 Bytes JMP 00757078 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] ntdll.dll!LdrLoadDll 7736223E 5 Bytes JMP 007571A1 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] kernel32.dll!GetFileAttributesExW 75A8307E 5 Bytes JMP 0075727B .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] CRYPT32.dll!PFXImportCertStore 75670DDC 5 Bytes JMP 0075BF73 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] WININET.dll!HttpQueryInfoA 75BBA336 5 Bytes JMP 0075D42A .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] WININET.dll!InternetCloseHandle 75BBAB41 5 Bytes JMP 0075D332 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] WININET.dll!InternetReadFile 75BBB3FE 5 Bytes JMP 0075D375 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] WININET.dll!InternetQueryDataAvailable 75BC5E5D 5 Bytes JMP 0075D3FE .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] WININET.dll!HttpSendRequestW 75BCBA12 5 Bytes JMP 0075D152 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] WININET.dll!HttpSendRequestExW 75BD4A35 5 Bytes JMP 0075D1FA .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] WININET.dll!InternetReadFileExA 75BEAE56 5 Bytes JMP 0075D3B4 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] WININET.dll!HttpSendRequestExA 75C31962 5 Bytes JMP 0075D296 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] WININET.dll!HttpSendRequestA 75C31A48 5 Bytes JMP 0075D1A6 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!SwitchDesktop 76F9476B 5 Bytes JMP 00756B61 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!OpenInputDesktop 76F95C39 5 Bytes JMP 00756B11 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!RegisterClassExA 76F96293 5 Bytes JMP 00756F6F .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!GetCapture 76F99DC7 5 Bytes JMP 007455B3 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!GetCursorPos 76F9A4B3 5 Bytes JMP 00745485 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!GetUpdateRect 76F9A575 5 Bytes JMP 00759DEC .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!DefWindowProcA 76F9BB1C 5 Bytes JMP 00756BC5 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!RegisterClassA 76F9BC6A 5 Bytes JMP 00756ED0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!RegisterClassW 76F9ED4A 5 Bytes JMP 00756E83 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!RegisterClassExW 76FA0162 5 Bytes JMP 00756F1D .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!GetMessageA 76FA1899 5 Bytes JMP 0074567A .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!PeekMessageA 76FA19A5 5 Bytes JMP 007456CD .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!CallWindowProcW 76FA1B3C 5 Bytes JMP 00756DB5 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!GetDCEx 76FA2D57 5 Bytes JMP 00759CD3 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!GetWindowDC 76FA4AB7 5 Bytes JMP 00759D6D .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!DefWindowProcW 76FA507D 5 Bytes JMP 00756B7F .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!ReleaseDC 76FA5421 5 Bytes JMP 00759DAC .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!GetDC 76FA544C 5 Bytes JMP 00759D2E .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!BeginPaint 76FA5D14 5 Bytes JMP 00759C23 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!EndPaint 76FA5D42 5 Bytes JMP 00759C93 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!PeekMessageW 76FA634A 5 Bytes JMP 007456A2 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!TranslateMessage 76FA64C7 5 Bytes JMP 00745895 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!GetMessageW 76FACDE8 5 Bytes JMP 00745652 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!GetClipboardData 76FB2BA7 5 Bytes JMP 00745A02 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!DefDlgProcA 76FB71E4 5 Bytes JMP 00756C51 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!DefMDIChildProcW 76FC150A 5 Bytes JMP 00756D29 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!DefFrameProcW 76FC152B 5 Bytes JMP 00756C97 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!GetUpdateRgn 76FC1C07 5 Bytes JMP 00759E7F .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!DefFrameProcA 76FC25B7 5 Bytes JMP 00756CE0 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!DefMDIChildProcA 76FC25DB 5 Bytes JMP 00756D6F .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!CallWindowProcA 76FC2BD3 5 Bytes JMP 00756DFE .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!DefDlgProcW 76FC5BC1 5 Bytes JMP 00756C0B .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!GetMessagePos 76FC6703 5 Bytes JMP 00745453 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!SetCapture 76FC6932 5 Bytes JMP 00745509 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!ReleaseCapture 76FC69F2 5 Bytes JMP 00745563 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] USER32.dll!SetCursorPos 76FDC1B0 5 Bytes JMP 007454CC .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] WS2_32.dll!closesocket 75CF3918 5 Bytes JMP 00757939 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] WS2_32.dll!WSASend 75CF4406 5 Bytes JMP 00757992 .text C:\Program Files\Microsoft Security Client\msseces.exe[2412] WS2_32.dll!send 75CF6F01 5 Bytes JMP 00757971 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ntdll.dll!NtCreateUserProcess 77345778 5 Bytes JMP 00527078 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] ntdll.dll!LdrLoadDll 7736223E 5 Bytes JMP 005271A1 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] kernel32.dll!GetFileAttributesExW 75A8307E 5 Bytes JMP 0052727B .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!SwitchDesktop 76F9476B 5 Bytes JMP 00526B61 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!OpenInputDesktop 76F95C39 5 Bytes JMP 00526B11 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!RegisterClassExA 76F96293 5 Bytes JMP 00526F6F .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!GetCapture 76F99DC7 5 Bytes JMP 005155B3 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!GetCursorPos 76F9A4B3 5 Bytes JMP 00515485 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!GetUpdateRect 76F9A575 5 Bytes JMP 00529DEC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!DefWindowProcA 76F9BB1C 5 Bytes JMP 00526BC5 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!RegisterClassA 76F9BC6A 5 Bytes JMP 00526ED0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!RegisterClassW 76F9ED4A 5 Bytes JMP 00526E83 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!RegisterClassExW 76FA0162 5 Bytes JMP 00526F1D .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!GetMessageA 76FA1899 5 Bytes JMP 0051567A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!PeekMessageA 76FA19A5 5 Bytes JMP 005156CD .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!CallWindowProcW 76FA1B3C 5 Bytes JMP 00526DB5 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!GetDCEx 76FA2D57 5 Bytes JMP 00529CD3 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!GetWindowDC 76FA4AB7 5 Bytes JMP 00529D6D .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!DefWindowProcW 76FA507D 5 Bytes JMP 00526B7F .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!ReleaseDC 76FA5421 5 Bytes JMP 00529DAC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!GetDC 76FA544C 5 Bytes JMP 00529D2E .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!BeginPaint 76FA5D14 5 Bytes JMP 00529C23 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!EndPaint 76FA5D42 5 Bytes JMP 00529C93 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!PeekMessageW 76FA634A 5 Bytes JMP 005156A2 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!TranslateMessage 76FA64C7 5 Bytes JMP 00515895 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!GetMessageW 76FACDE8 5 Bytes JMP 00515652 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!GetClipboardData 76FB2BA7 5 Bytes JMP 00515A02 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!DefDlgProcA 76FB71E4 5 Bytes JMP 00526C51 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!DefMDIChildProcW 76FC150A 5 Bytes JMP 00526D29 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!DefFrameProcW 76FC152B 5 Bytes JMP 00526C97 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!GetUpdateRgn 76FC1C07 5 Bytes JMP 00529E7F .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!DefFrameProcA 76FC25B7 5 Bytes JMP 00526CE0 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!DefMDIChildProcA 76FC25DB 5 Bytes JMP 00526D6F .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!CallWindowProcA 76FC2BD3 5 Bytes JMP 00526DFE .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!DefDlgProcW 76FC5BC1 5 Bytes JMP 00526C0B .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!GetMessagePos 76FC6703 5 Bytes JMP 00515453 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!SetCapture 76FC6932 5 Bytes JMP 00515509 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!ReleaseCapture 76FC69F2 5 Bytes JMP 00515563 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] USER32.dll!SetCursorPos 76FDC1B0 5 Bytes JMP 005154CC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] WININET.dll!HttpQueryInfoA 75BBA336 5 Bytes JMP 0052D42A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] WININET.dll!InternetCloseHandle 75BBAB41 5 Bytes JMP 0052D332 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] WININET.dll!InternetReadFile 75BBB3FE 5 Bytes JMP 0052D375 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] WININET.dll!InternetQueryDataAvailable 75BC5E5D 5 Bytes JMP 0052D3FE .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] WININET.dll!HttpSendRequestW 75BCBA12 5 Bytes JMP 0052D152 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] WININET.dll!HttpSendRequestExW 75BD4A35 5 Bytes JMP 0052D1FA .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] WININET.dll!InternetReadFileExA 75BEAE56 5 Bytes JMP 0052D3B4 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] WININET.dll!HttpSendRequestExA 75C31962 5 Bytes JMP 0052D296 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] WININET.dll!HttpSendRequestA 75C31A48 5 Bytes JMP 0052D1A6 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] CRYPT32.dll!PFXImportCertStore 75670DDC 5 Bytes JMP 0052BF73 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] WS2_32.dll!closesocket 75CF3918 5 Bytes JMP 00527939 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] WS2_32.dll!WSASend 75CF4406 5 Bytes JMP 00527992 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2424] WS2_32.dll!send 75CF6F01 5 Bytes JMP 00527971 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] ntdll.dll!NtCreateUserProcess 77345778 5 Bytes JMP 01547078 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] ntdll.dll!LdrLoadDll 7736223E 5 Bytes JMP 015471A1 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] kernel32.dll!GetFileAttributesExW 75A8307E 5 Bytes JMP 0154727B .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!SwitchDesktop 76F9476B 5 Bytes JMP 01546B61 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!OpenInputDesktop 76F95C39 5 Bytes JMP 01546B11 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!RegisterClassExA 76F96293 5 Bytes JMP 01546F6F .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!GetCapture 76F99DC7 5 Bytes JMP 015355B3 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!GetCursorPos 76F9A4B3 5 Bytes JMP 01535485 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!GetUpdateRect 76F9A575 5 Bytes JMP 01549DEC .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!DefWindowProcA 76F9BB1C 5 Bytes JMP 01546BC5 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!RegisterClassA 76F9BC6A 5 Bytes JMP 01546ED0 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!RegisterClassW 76F9ED4A 5 Bytes JMP 01546E83 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!RegisterClassExW 76FA0162 5 Bytes JMP 01546F1D .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!GetMessageA 76FA1899 5 Bytes JMP 0153567A .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!PeekMessageA 76FA19A5 5 Bytes JMP 015356CD .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!CallWindowProcW 76FA1B3C 5 Bytes JMP 01546DB5 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!GetDCEx 76FA2D57 5 Bytes JMP 01549CD3 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!GetWindowDC 76FA4AB7 5 Bytes JMP 01549D6D .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!DefWindowProcW 76FA507D 5 Bytes JMP 01546B7F .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!ReleaseDC 76FA5421 5 Bytes JMP 01549DAC .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!GetDC 76FA544C 5 Bytes JMP 01549D2E .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!BeginPaint 76FA5D14 5 Bytes JMP 01549C23 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!EndPaint 76FA5D42 5 Bytes JMP 01549C93 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!PeekMessageW 76FA634A 5 Bytes JMP 015356A2 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!TranslateMessage 76FA64C7 5 Bytes JMP 01535895 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!GetMessageW 76FACDE8 5 Bytes JMP 01535652 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!GetClipboardData 76FB2BA7 5 Bytes JMP 01535A02 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!DefDlgProcA 76FB71E4 5 Bytes JMP 01546C51 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!DefMDIChildProcW 76FC150A 5 Bytes JMP 01546D29 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!DefFrameProcW 76FC152B 5 Bytes JMP 01546C97 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!GetUpdateRgn 76FC1C07 5 Bytes JMP 01549E7F .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!DefFrameProcA 76FC25B7 5 Bytes JMP 01546CE0 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!DefMDIChildProcA 76FC25DB 5 Bytes JMP 01546D6F .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!CallWindowProcA 76FC2BD3 5 Bytes JMP 01546DFE .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!DefDlgProcW 76FC5BC1 5 Bytes JMP 01546C0B .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!GetMessagePos 76FC6703 5 Bytes JMP 01535453 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!SetCapture 76FC6932 5 Bytes JMP 01535509 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!ReleaseCapture 76FC69F2 5 Bytes JMP 01535563 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] USER32.dll!SetCursorPos 76FDC1B0 5 Bytes JMP 015354CC .text C:\Program Files\iTunes\iTunesHelper.exe[2444] WS2_32.dll!closesocket 75CF3918 5 Bytes JMP 01547939 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] WS2_32.dll!WSASend 75CF4406 5 Bytes JMP 01547992 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] WS2_32.dll!send 75CF6F01 5 Bytes JMP 01547971 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] CRYPT32.dll!PFXImportCertStore 75670DDC 5 Bytes JMP 0154BF73 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] WININET.DLL!HttpQueryInfoA 75BBA336 5 Bytes JMP 0154D42A .text C:\Program Files\iTunes\iTunesHelper.exe[2444] WININET.DLL!InternetCloseHandle 75BBAB41 5 Bytes JMP 0154D332 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] WININET.DLL!InternetReadFile 75BBB3FE 5 Bytes JMP 0154D375 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] WININET.DLL!InternetQueryDataAvailable 75BC5E5D 5 Bytes JMP 0154D3FE .text C:\Program Files\iTunes\iTunesHelper.exe[2444] WININET.DLL!HttpSendRequestW 75BCBA12 5 Bytes JMP 0154D152 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] WININET.DLL!HttpSendRequestExW 75BD4A35 5 Bytes JMP 0154D1FA .text C:\Program Files\iTunes\iTunesHelper.exe[2444] WININET.DLL!InternetReadFileExA 75BEAE56 5 Bytes JMP 0154D3B4 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] WININET.DLL!HttpSendRequestExA 75C31962 5 Bytes JMP 0154D296 .text C:\Program Files\iTunes\iTunesHelper.exe[2444] WININET.DLL!HttpSendRequestA 75C31A48 5 Bytes JMP 0154D1A6 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] ntdll.dll!NtCreateUserProcess 77345778 5 Bytes JMP 01367078 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] ntdll.dll!LdrLoadDll 7736223E 5 Bytes JMP 013671A1 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] kernel32.dll!GetFileAttributesExW 75A8307E 5 Bytes JMP 0136727B .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!SwitchDesktop 76F9476B 5 Bytes JMP 01366B61 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!OpenInputDesktop 76F95C39 5 Bytes JMP 01366B11 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!RegisterClassExA 76F96293 5 Bytes JMP 01366F6F .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!GetCapture 76F99DC7 5 Bytes JMP 013555B3 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!GetCursorPos 76F9A4B3 5 Bytes JMP 01355485 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!GetUpdateRect 76F9A575 5 Bytes JMP 01369DEC .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!DefWindowProcA 76F9BB1C 5 Bytes JMP 01366BC5 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!RegisterClassA 76F9BC6A 5 Bytes JMP 01366ED0 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!RegisterClassW 76F9ED4A 5 Bytes JMP 01366E83 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!RegisterClassExW 76FA0162 5 Bytes JMP 01366F1D .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!GetMessageA 76FA1899 5 Bytes JMP 0135567A .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!PeekMessageA 76FA19A5 5 Bytes JMP 013556CD .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!CallWindowProcW 76FA1B3C 5 Bytes JMP 01366DB5 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!GetDCEx 76FA2D57 5 Bytes JMP 01369CD3 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!GetWindowDC 76FA4AB7 5 Bytes JMP 01369D6D .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!DefWindowProcW 76FA507D 5 Bytes JMP 01366B7F .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!ReleaseDC 76FA5421 5 Bytes JMP 01369DAC .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!GetDC 76FA544C 5 Bytes JMP 01369D2E .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!BeginPaint 76FA5D14 5 Bytes JMP 01369C23 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!EndPaint 76FA5D42 5 Bytes JMP 01369C93 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!PeekMessageW 76FA634A 5 Bytes JMP 013556A2 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!TranslateMessage 76FA64C7 5 Bytes JMP 01355895 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!GetMessageW 76FACDE8 5 Bytes JMP 01355652 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!GetClipboardData 76FB2BA7 5 Bytes JMP 01355A02 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!DefDlgProcA 76FB71E4 5 Bytes JMP 01366C51 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!DefMDIChildProcW 76FC150A 5 Bytes JMP 01366D29 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!DefFrameProcW 76FC152B 5 Bytes JMP 01366C97 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!GetUpdateRgn 76FC1C07 5 Bytes JMP 01369E7F .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!DefFrameProcA 76FC25B7 5 Bytes JMP 01366CE0 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!DefMDIChildProcA 76FC25DB 5 Bytes JMP 01366D6F .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!CallWindowProcA 76FC2BD3 5 Bytes JMP 01366DFE .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!DefDlgProcW 76FC5BC1 5 Bytes JMP 01366C0B .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!GetMessagePos 76FC6703 5 Bytes JMP 01355453 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!SetCapture 76FC6932 5 Bytes JMP 01355509 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!ReleaseCapture 76FC69F2 5 Bytes JMP 01355563 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] USER32.dll!SetCursorPos 76FDC1B0 5 Bytes JMP 013554CC .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] WS2_32.dll!closesocket 75CF3918 5 Bytes JMP 01367939 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] WS2_32.dll!WSASend 75CF4406 5 Bytes JMP 01367992 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] WS2_32.dll!send 75CF6F01 5 Bytes JMP 01367971 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] CRYPT32.dll!PFXImportCertStore 75670DDC 5 Bytes JMP 0136BF73 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] WININET.dll!HttpQueryInfoA 75BBA336 5 Bytes JMP 0136D42A .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] WININET.dll!InternetCloseHandle 75BBAB41 5 Bytes JMP 0136D332 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] WININET.dll!InternetReadFile 75BBB3FE 5 Bytes JMP 0136D375 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] WININET.dll!InternetQueryDataAvailable 75BC5E5D 5 Bytes JMP 0136D3FE .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] WININET.dll!HttpSendRequestW 75BCBA12 5 Bytes JMP 0136D152 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] WININET.dll!HttpSendRequestExW 75BD4A35 5 Bytes JMP 0136D1FA .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] WININET.dll!InternetReadFileExA 75BEAE56 5 Bytes JMP 0136D3B4 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] WININET.dll!HttpSendRequestExA 75C31962 5 Bytes JMP 0136D296 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe[2484] WININET.dll!HttpSendRequestA 75C31A48 5 Bytes JMP 0136D1A6 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] ntdll.dll!NtCreateUserProcess 77345778 5 Bytes JMP 05437078 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] ntdll.dll!LdrLoadDll 7736223E 5 Bytes JMP 054371A1 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] KERNEL32.dll!GetFileAttributesExW 75A8307E 5 Bytes JMP 0543727B .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!SwitchDesktop 76F9476B 5 Bytes JMP 05436B61 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!OpenInputDesktop 76F95C39 5 Bytes JMP 05436B11 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!RegisterClassExA 76F96293 5 Bytes JMP 05436F6F .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!GetCapture 76F99DC7 5 Bytes JMP 054255B3 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!GetCursorPos 76F9A4B3 5 Bytes JMP 05425485 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!GetUpdateRect 76F9A575 5 Bytes JMP 05439DEC .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!DefWindowProcA 76F9BB1C 5 Bytes JMP 05436BC5 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!RegisterClassA 76F9BC6A 5 Bytes JMP 05436ED0 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!RegisterClassW 76F9ED4A 5 Bytes JMP 05436E83 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!RegisterClassExW 76FA0162 5 Bytes JMP 05436F1D .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!GetMessageA 76FA1899 5 Bytes JMP 0542567A .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!PeekMessageA 76FA19A5 5 Bytes JMP 054256CD .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!CallWindowProcW 76FA1B3C 5 Bytes JMP 05436DB5 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!GetDCEx 76FA2D57 5 Bytes JMP 05439CD3 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!GetWindowDC 76FA4AB7 5 Bytes JMP 05439D6D .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!DefWindowProcW 76FA507D 5 Bytes JMP 05436B7F .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!ReleaseDC 76FA5421 5 Bytes JMP 05439DAC .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!GetDC 76FA544C 5 Bytes JMP 05439D2E .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!BeginPaint 76FA5D14 5 Bytes JMP 05439C23 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!EndPaint 76FA5D42 5 Bytes JMP 05439C93 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!PeekMessageW 76FA634A 5 Bytes JMP 054256A2 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!TranslateMessage 76FA64C7 5 Bytes JMP 05425895 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!GetMessageW 76FACDE8 5 Bytes JMP 05425652 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!GetClipboardData 76FB2BA7 5 Bytes JMP 05425A02 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!DefDlgProcA 76FB71E4 5 Bytes JMP 05436C51 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!DefMDIChildProcW 76FC150A 5 Bytes JMP 05436D29 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!DefFrameProcW 76FC152B 5 Bytes JMP 05436C97 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!GetUpdateRgn 76FC1C07 5 Bytes JMP 05439E7F .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!DefFrameProcA 76FC25B7 5 Bytes JMP 05436CE0 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!DefMDIChildProcA 76FC25DB 5 Bytes JMP 05436D6F .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!CallWindowProcA 76FC2BD3 5 Bytes JMP 05436DFE .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!DefDlgProcW 76FC5BC1 5 Bytes JMP 05436C0B .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!GetMessagePos 76FC6703 5 Bytes JMP 05425453 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!SetCapture 76FC6932 5 Bytes JMP 05425509 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!ReleaseCapture 76FC69F2 5 Bytes JMP 05425563 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] USER32.dll!SetCursorPos 76FDC1B0 5 Bytes JMP 054254CC .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] WS2_32.dll!closesocket 75CF3918 5 Bytes JMP 05437939 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] WS2_32.dll!WSASend 75CF4406 5 Bytes JMP 05437992 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] WS2_32.dll!send 75CF6F01 5 Bytes JMP 05437971 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] wininet.dll!HttpQueryInfoA 75BBA336 5 Bytes JMP 0543D42A .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] wininet.dll!InternetCloseHandle 75BBAB41 5 Bytes JMP 0543D332 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] wininet.dll!InternetReadFile 75BBB3FE 5 Bytes JMP 0543D375 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] wininet.dll!InternetQueryDataAvailable 75BC5E5D 5 Bytes JMP 0543D3FE .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] wininet.dll!HttpSendRequestW 75BCBA12 5 Bytes JMP 0543D152 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] wininet.dll!HttpSendRequestExW 75BD4A35 5 Bytes JMP 0543D1FA .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] wininet.dll!InternetReadFileExA 75BEAE56 5 Bytes JMP 0543D3B4 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] wininet.dll!HttpSendRequestExA 75C31962 5 Bytes JMP 0543D296 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] wininet.dll!HttpSendRequestA 75C31A48 5 Bytes JMP 0543D1A6 .text C:\Users\Nuesschen\Netzmanager\netzmanager.exe[2680] CRYPT32.dll!PFXImportCertStore 75670DDC 5 Bytes JMP 0543BF73 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] ntdll.dll!NtCreateUserProcess 77345778 5 Bytes JMP 00207078 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] ntdll.dll!LdrLoadDll 7736223E 5 Bytes JMP 002071A1 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] kernel32.dll!GetFileAttributesExW 75A8307E 5 Bytes JMP 0020727B .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!SwitchDesktop 76F9476B 5 Bytes JMP 00206B61 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!OpenInputDesktop 76F95C39 5 Bytes JMP 00206B11 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!RegisterClassExA 76F96293 5 Bytes JMP 00206F6F .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!GetCapture 76F99DC7 5 Bytes JMP 001F55B3 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!GetCursorPos 76F9A4B3 5 Bytes JMP 001F5485 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!GetUpdateRect 76F9A575 5 Bytes JMP 00209DEC .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!DefWindowProcA 76F9BB1C 5 Bytes JMP 00206BC5 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!RegisterClassA 76F9BC6A 5 Bytes JMP 00206ED0 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!RegisterClassW 76F9ED4A 5 Bytes JMP 00206E83 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!RegisterClassExW 76FA0162 5 Bytes JMP 00206F1D .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!GetMessageA 76FA1899 5 Bytes JMP 001F567A .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!PeekMessageA 76FA19A5 5 Bytes JMP 001F56CD .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!CallWindowProcW 76FA1B3C 5 Bytes JMP 00206DB5 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!GetDCEx 76FA2D57 5 Bytes JMP 00209CD3 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!GetWindowDC 76FA4AB7 5 Bytes JMP 00209D6D .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!DefWindowProcW 76FA507D 5 Bytes JMP 00206B7F .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!ReleaseDC 76FA5421 5 Bytes JMP 00209DAC .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!GetDC 76FA544C 5 Bytes JMP 00209D2E .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!BeginPaint 76FA5D14 5 Bytes JMP 00209C23 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!EndPaint 76FA5D42 5 Bytes JMP 00209C93 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!PeekMessageW 76FA634A 5 Bytes JMP 001F56A2 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!TranslateMessage 76FA64C7 5 Bytes JMP 001F5895 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!GetMessageW 76FACDE8 5 Bytes JMP 001F5652 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!GetClipboardData 76FB2BA7 5 Bytes JMP 001F5A02 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!DefDlgProcA 76FB71E4 5 Bytes JMP 00206C51 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!DefMDIChildProcW 76FC150A 5 Bytes JMP 00206D29 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!DefFrameProcW 76FC152B 5 Bytes JMP 00206C97 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!GetUpdateRgn 76FC1C07 5 Bytes JMP 00209E7F .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!DefFrameProcA 76FC25B7 5 Bytes JMP 00206CE0 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!DefMDIChildProcA 76FC25DB 5 Bytes JMP 00206D6F .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!CallWindowProcA 76FC2BD3 5 Bytes JMP 00206DFE .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!DefDlgProcW 76FC5BC1 5 Bytes JMP 00206C0B .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!GetMessagePos 76FC6703 5 Bytes JMP 001F5453 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!SetCapture 76FC6932 5 Bytes JMP 001F5509 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!ReleaseCapture 76FC69F2 5 Bytes JMP 001F5563 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] USER32.dll!SetCursorPos 76FDC1B0 5 Bytes JMP 001F54CC .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] WS2_32.dll!closesocket 75CF3918 5 Bytes JMP 00207939 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] WS2_32.dll!WSASend 75CF4406 5 Bytes JMP 00207992 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] WS2_32.dll!send 75CF6F01 5 Bytes JMP 00207971 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] CRYPT32.dll!PFXImportCertStore 75670DDC 5 Bytes JMP 0020BF73 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] WININET.dll!HttpQueryInfoA 75BBA336 5 Bytes JMP 0020D42A .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] WININET.dll!InternetCloseHandle 75BBAB41 5 Bytes JMP 0020D332 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] WININET.dll!InternetReadFile 75BBB3FE 5 Bytes JMP 0020D375 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] WININET.dll!InternetQueryDataAvailable 75BC5E5D 5 Bytes JMP 0020D3FE .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] WININET.dll!HttpSendRequestW 75BCBA12 5 Bytes JMP 0020D152 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] WININET.dll!HttpSendRequestExW 75BD4A35 5 Bytes JMP 0020D1FA .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] WININET.dll!InternetReadFileExA 75BEAE56 5 Bytes JMP 0020D3B4 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] WININET.dll!HttpSendRequestExA 75C31962 5 Bytes JMP 0020D296 .text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2948] WININET.dll!HttpSendRequestA 75C31A48 5 Bytes JMP 0020D1A6 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] ntdll.dll!NtCreateUserProcess 77345778 5 Bytes JMP 09067078 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] ntdll.dll!LdrLoadDll 7736223E 5 Bytes JMP 090671A1 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] kernel32.dll!GetFileAttributesExW 75A8307E 5 Bytes JMP 0906727B .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!SwitchDesktop 76F9476B 5 Bytes JMP 09066B61 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!OpenInputDesktop 76F95C39 5 Bytes JMP 09066B11 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!RegisterClassExA 76F96293 5 Bytes JMP 09066F6F .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!GetCapture 76F99DC7 5 Bytes JMP 090555B3 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!GetCursorPos 76F9A4B3 5 Bytes JMP 09055485 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!GetUpdateRect 76F9A575 5 Bytes JMP 09069DEC .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!DefWindowProcA 76F9BB1C 5 Bytes JMP 09066BC5 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!RegisterClassA 76F9BC6A 5 Bytes JMP 09066ED0 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!RegisterClassW 76F9ED4A 5 Bytes JMP 09066E83 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!RegisterClassExW 76FA0162 5 Bytes JMP 09066F1D .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!GetMessageA 76FA1899 5 Bytes JMP 0905567A .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!PeekMessageA 76FA19A5 5 Bytes JMP 090556CD .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!CallWindowProcW 76FA1B3C 5 Bytes JMP 09066DB5 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!GetDCEx 76FA2D57 5 Bytes JMP 09069CD3 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!GetWindowDC 76FA4AB7 5 Bytes JMP 09069D6D .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!DefWindowProcW 76FA507D 5 Bytes JMP 09066B7F .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!ReleaseDC 76FA5421 5 Bytes JMP 09069DAC .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!GetDC 76FA544C 5 Bytes JMP 09069D2E .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!BeginPaint 76FA5D14 5 Bytes JMP 09069C23 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!EndPaint 76FA5D42 5 Bytes JMP 09069C93 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!PeekMessageW 76FA634A 5 Bytes JMP 090556A2 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!TranslateMessage 76FA64C7 5 Bytes JMP 09055895 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!GetMessageW 76FACDE8 5 Bytes JMP 09055652 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!GetClipboardData 76FB2BA7 5 Bytes JMP 09055A02 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!DefDlgProcA 76FB71E4 5 Bytes JMP 09066C51 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!DefMDIChildProcW 76FC150A 5 Bytes JMP 09066D29 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!DefFrameProcW 76FC152B 5 Bytes JMP 09066C97 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!GetUpdateRgn 76FC1C07 5 Bytes JMP 09069E7F .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!DefFrameProcA 76FC25B7 5 Bytes JMP 09066CE0 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!DefMDIChildProcA 76FC25DB 5 Bytes JMP 09066D6F .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!CallWindowProcA 76FC2BD3 5 Bytes JMP 09066DFE .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!DefDlgProcW 76FC5BC1 5 Bytes JMP 09066C0B .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!GetMessagePos 76FC6703 5 Bytes JMP 09055453 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!SetCapture 76FC6932 5 Bytes JMP 09055509 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!ReleaseCapture 76FC69F2 5 Bytes JMP 09055563 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] USER32.dll!SetCursorPos 76FDC1B0 5 Bytes JMP 090554CC .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] WS2_32.dll!closesocket 75CF3918 5 Bytes JMP 09067939 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] WS2_32.dll!WSASend 75CF4406 5 Bytes JMP 09067992 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] WS2_32.dll!send 75CF6F01 5 Bytes JMP 09067971 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] WININET.dll!HttpQueryInfoA 75BBA336 5 Bytes JMP 0906D42A .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] WININET.dll!InternetCloseHandle 75BBAB41 5 Bytes JMP 0906D332 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] WININET.dll!InternetReadFile 75BBB3FE 5 Bytes JMP 0906D375 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] WININET.dll!InternetQueryDataAvailable 75BC5E5D 5 Bytes JMP 0906D3FE .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] WININET.dll!HttpSendRequestW 75BCBA12 5 Bytes JMP 0906D152 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] WININET.dll!HttpSendRequestExW 75BD4A35 5 Bytes JMP 0906D1FA .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] WININET.dll!InternetReadFileExA 75BEAE56 5 Bytes JMP 0906D3B4 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] WININET.dll!HttpSendRequestExA 75C31962 5 Bytes JMP 0906D296 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] WININET.dll!HttpSendRequestA 75C31A48 5 Bytes JMP 0906D1A6 .text C:\Program Files\OpenOffice.org 3\program\soffice.bin[3272] CRYPT32.dll!PFXImportCertStore 75670DDC 5 Bytes JMP 0906BF73 ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ?????&??????????????????? ?????????????????????1????????????&???????????????????????????????????????????? ?????????????????????1????????????????????????????? ?????????????????????1????????????????????? ???????|??????????????????????????????????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????nf??????????????? ?????????????????????1????????????????????255.255.255.0???????? ?????????????????????1????????D???????????? ?????????????????????1????????????&????????????????????e??????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????????????????????????????????????????????????????????? ?????????????????????1????????????????????????????????????????????????????? ?????????????????????1????????????????????? ??????????????????????????????????????? ?????????????????????1????????????????????? ?????????????????????1????????,???????????? ?????????????????????1??????????????????????????????? ---- EOF - GMER 1.0.15 ----