GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-18 11:55:15 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST380815AS rev.4.AAB Running: v17u71i4.exe; Driver: C:\DOCUME~1\---\USTAWI~1\Temp\awliapoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwAdjustPrivilegesToken [0xB4B27690] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwClose [0xB4B27F94] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwConnectPort [0xB4B28DC8] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwCreateEvent [0xB4B29312] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwCreateFile [0xB4B28270] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwCreateKey [0xB4B26500] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwCreateMutant [0xB4B291F8] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwCreateNamedPipeFile [0xB4B2727E] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwCreatePort [0xB4B290CC] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwCreateSection [0xB4B27426] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwCreateSemaphore [0xB4B29432] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwCreateThread [0xB4B27C1C] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwCreateWaitablePort [0xB4B29162] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwDebugActiveProcess [0xB4B2AB1A] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwDeleteKey [0xB4B26B0A] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwDeleteValueKey [0xB4B26EBE] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwDeviceIoControlFile [0xB4B286F2] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwDuplicateObject [0xB4B2BD26] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwEnumerateKey [0xB4B2700A] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwEnumerateValueKey [0xB4B270A2] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwFsControlFile [0xB4B28500] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwLoadDriver [0xB4B2AC0C] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwLoadKey [0xB4B264DC] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwLoadKey2 [0xB4B264EE] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwMapViewOfSection [0xB4B2B374] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwNotifyChangeKey [0xB4B271CE] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwOpenEvent [0xB4B293A8] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwOpenFile [0xB4B28016] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwOpenKey [0xB4B266C0] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwOpenMutant [0xB4B29288] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwOpenProcess [0xB4B278CC] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwOpenSection [0xB4B2B10E] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwOpenSemaphore [0xB4B294C8] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwOpenThread [0xB4B277BE] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwQueryKey [0xB4B2713A] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwQueryMultipleValueKey [0xB4B26D72] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwQuerySection [0xB4B2B6AE] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwQueryValueKey [0xB4B2699C] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwQueueApcThread [0xB4B2AFA0] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwRenameKey [0xB4B26C2C] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwReplaceKey [0xB4B25F16] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwReplyPort [0xB4B2982C] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwReplyWaitReceivePort [0xB4B296F2] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwRequestWaitReplyPort [0xB4B2A8B4] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwRestoreKey [0xB4B2628E] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwResumeThread [0xB4B2BBC8] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwSaveKey [0xB4B25EAE] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwSecureConnectPort [0xB4B28B0E] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwSetContextThread [0xB4B27E38] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwSetInformationToken [0xB4B2A154] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwSetSecurityObject [0xB4B2ADAA] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwSetSystemInformation [0xB4B2B7FE] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwSetValueKey [0xB4B26816] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwSuspendProcess [0xB4B2B8F0] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwSuspendThread [0xB4B2BA2A] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwSystemDebugControl [0xB4B2AA3E] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwTerminateProcess [0xB4B27A68] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwTerminateThread [0xB4B279C8] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwUnmapViewOfSection [0xB4B2B552] SSDT \SystemRoot\system32\DRIVERS\9515258drv.sys ZwWriteVirtualMemory [0xB4B27B52] Code \SystemRoot\system32\DRIVERS\9515258drv.sys FsRtlCheckLockForReadAccess Code \SystemRoot\system32\DRIVERS\9515258drv.sys IoIsOperationSynchronous ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!FsRtlCheckLockForReadAccess 804E9F90 5 Bytes JMP B4B19FD0 \SystemRoot\system32\DRIVERS\9515258drv.sys .text ntkrnlpa.exe!IoIsOperationSynchronous 804EE86E 5 Bytes JMP B4B1A3AC \SystemRoot\system32\DRIVERS\9515258drv.sys .text ntkrnlpa.exe!ZwCallbackReturn + 24E8 80501D10 12 Bytes [0C, AC, B2, B4, DC, 64, B2, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2664 80501E8C 16 Bytes [2C, 6C, B2, B4, 16, 5F, B2, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F80 12 Bytes [F0, B8, B2, B4, 2A, BA, B2, ...] ? 27719537.sys Nie można odnaleźć określonego pliku. ! .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9784360, 0x37399D, 0xE8000020] init C:\WINDOWS\system32\drivers\monfilt.sys entry point in "init" section [0xB6E69280] ? system32\DRIVERS\9515258drv.sys System nie może odnaleźć określonej ścieżki. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00AA6390 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00AA6640 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00AA53D0 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00AA5300 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AA11C0 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00AA1290 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00AA2570 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00AA1000 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00AA10A0 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00AA2510 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00AA1D10 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] WS2_32.dll!send 71A54C27 5 Bytes JMP 00AA7250 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00AA20A0 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00AA23A0 .text C:\Program Files\Microsoft Office\Office\OSA9.EXE[580] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00AA2160 .text C:\WINDOWS\system32\csrss.exe[600] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 015D6390 .text C:\WINDOWS\system32\csrss.exe[600] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 015D6640 .text C:\WINDOWS\system32\csrss.exe[600] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 015D53D0 .text C:\WINDOWS\system32\csrss.exe[600] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 015D5300 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!CreateFileA 7C801A28 5 Bytes JMP 015D11C0 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!CreateFileW 7C8107F0 5 Bytes JMP 015D1290 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!MoveFileW 7C821249 5 Bytes JMP 015D2570 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!CopyFileA 7C8286D6 5 Bytes JMP 015D1000 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!CopyFileW 7C82F863 5 Bytes JMP 015D10A0 .text C:\WINDOWS\system32\csrss.exe[600] KERNEL32.dll!MoveFileA 7C835EA7 5 Bytes JMP 015D2510 .text C:\WINDOWS\system32\csrss.exe[600] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 015D1D10 .text C:\WINDOWS\system32\csrss.exe[600] WS2_32.dll!send 71A54C27 5 Bytes JMP 015D7250 .text C:\WINDOWS\system32\csrss.exe[600] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 015D20A0 .text C:\WINDOWS\system32\csrss.exe[600] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 015D23A0 .text C:\WINDOWS\system32\csrss.exe[600] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 015D2160 .text C:\WINDOWS\system32\winlogon.exe[624] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01316390 .text C:\WINDOWS\system32\winlogon.exe[624] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01316640 .text C:\WINDOWS\system32\winlogon.exe[624] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 013153D0 .text C:\WINDOWS\system32\winlogon.exe[624] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01315300 .text C:\WINDOWS\system32\winlogon.exe[624] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013111C0 .text C:\WINDOWS\system32\winlogon.exe[624] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01311290 .text C:\WINDOWS\system32\winlogon.exe[624] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01312570 .text C:\WINDOWS\system32\winlogon.exe[624] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01311000 .text C:\WINDOWS\system32\winlogon.exe[624] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 013110A0 .text C:\WINDOWS\system32\winlogon.exe[624] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01312510 .text C:\WINDOWS\system32\winlogon.exe[624] WS2_32.dll!GetAddrInfoW 71A52899 3 Bytes JMP 01311D10 .text C:\WINDOWS\system32\winlogon.exe[624] WS2_32.dll!GetAddrInfoW + 4 71A5289D 1 Byte [8F] .text C:\WINDOWS\system32\winlogon.exe[624] WS2_32.dll!send 71A54C27 5 Bytes JMP 01317250 .text C:\WINDOWS\system32\winlogon.exe[624] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 013120A0 .text C:\WINDOWS\system32\winlogon.exe[624] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 013123A0 .text C:\WINDOWS\system32\winlogon.exe[624] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 01312160 .text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00FA6390 .text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00FA6640 .text C:\WINDOWS\system32\services.exe[668] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00FA53D0 .text C:\WINDOWS\system32\services.exe[668] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00FA5300 .text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FA11C0 .text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00FA1290 .text C:\WINDOWS\system32\services.exe[668] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00FA2570 .text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00FA1000 .text C:\WINDOWS\system32\services.exe[668] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00FA10A0 .text C:\WINDOWS\system32\services.exe[668] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00FA2510 .text C:\WINDOWS\system32\services.exe[668] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00FA1D10 .text C:\WINDOWS\system32\services.exe[668] WS2_32.dll!send 71A54C27 5 Bytes JMP 00FA7250 .text C:\WINDOWS\system32\services.exe[668] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00FA20A0 .text C:\WINDOWS\system32\services.exe[668] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00FA23A0 .text C:\WINDOWS\system32\services.exe[668] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00FA2160 .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02416390 .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02416640 .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 024153D0 .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02415300 .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 024111C0 .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02411290 .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02412570 .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02411000 .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 024110A0 .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02412510 .text C:\WINDOWS\system32\svchost.exe[828] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02411D10 .text C:\WINDOWS\system32\svchost.exe[828] WS2_32.dll!send 71A54C27 5 Bytes JMP 02417250 .text C:\WINDOWS\system32\svchost.exe[828] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 024120A0 .text C:\WINDOWS\system32\svchost.exe[828] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 024123A0 .text C:\WINDOWS\system32\svchost.exe[828] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 02412160 .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00D16390 .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00D16640 .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00D153D0 .text C:\WINDOWS\system32\svchost.exe[888] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00D15300 .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D111C0 .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00D11290 .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00D12570 .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00D11000 .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00D110A0 .text C:\WINDOWS\system32\svchost.exe[888] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00D12510 .text C:\WINDOWS\system32\svchost.exe[888] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00D11D10 .text C:\WINDOWS\system32\svchost.exe[888] WS2_32.dll!send 71A54C27 5 Bytes JMP 00D17250 .text C:\WINDOWS\system32\svchost.exe[888] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00D120A0 .text C:\WINDOWS\system32\svchost.exe[888] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00D123A0 .text C:\WINDOWS\system32\svchost.exe[888] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00D12160 .text C:\WINDOWS\System32\svchost.exe[924] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02FF6390 .text C:\WINDOWS\System32\svchost.exe[924] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02FF6640 .text C:\WINDOWS\System32\svchost.exe[924] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 02FF53D0 .text C:\WINDOWS\System32\svchost.exe[924] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02FF5300 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02FF11C0 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02FF1290 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02FF2570 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02FF1000 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 02FF10A0 .text C:\WINDOWS\System32\svchost.exe[924] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02FF2510 .text C:\WINDOWS\System32\svchost.exe[924] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02FF1D10 .text C:\WINDOWS\System32\svchost.exe[924] WS2_32.dll!send 71A54C27 5 Bytes JMP 02FF7250 .text C:\WINDOWS\System32\svchost.exe[924] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 02FF20A0 .text C:\WINDOWS\System32\svchost.exe[924] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 02FF23A0 .text C:\WINDOWS\System32\svchost.exe[924] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 02FF2160 .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 007A6390 .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 007A6640 .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007A53D0 .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 007A5300 .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007A11C0 .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 007A1290 .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 007A2570 .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 007A1000 .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007A10A0 .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 007A2510 .text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 007A1D10 .text C:\WINDOWS\system32\svchost.exe[972] WS2_32.dll!send 71A54C27 5 Bytes JMP 007A7250 .text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 007A20A0 .text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 007A23A0 .text C:\WINDOWS\system32\svchost.exe[972] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 007A2160 .text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00E46390 .text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00E46640 .text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00E453D0 .text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00E45300 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E411C0 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00E41290 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00E42570 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00E41000 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00E410A0 .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00E42510 .text C:\WINDOWS\system32\svchost.exe[1020] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00E41D10 .text C:\WINDOWS\system32\svchost.exe[1020] WS2_32.dll!send 71A54C27 5 Bytes JMP 00E47250 .text C:\WINDOWS\system32\svchost.exe[1020] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00E420A0 .text C:\WINDOWS\system32\svchost.exe[1020] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00E423A0 .text C:\WINDOWS\system32\svchost.exe[1020] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00E42160 .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02ED6390 .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02ED6640 .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 02ED53D0 .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02ED5300 .text C:\WINDOWS\Explorer.EXE[1308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02ED11C0 .text C:\WINDOWS\Explorer.EXE[1308] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02ED1290 .text C:\WINDOWS\Explorer.EXE[1308] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02ED2570 .text C:\WINDOWS\Explorer.EXE[1308] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02ED1000 .text C:\WINDOWS\Explorer.EXE[1308] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 02ED10A0 .text C:\WINDOWS\Explorer.EXE[1308] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02ED2510 .text C:\WINDOWS\Explorer.EXE[1308] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 02ED20A0 .text C:\WINDOWS\Explorer.EXE[1308] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 02ED23A0 .text C:\WINDOWS\Explorer.EXE[1308] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 02ED2160 .text C:\WINDOWS\Explorer.EXE[1308] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02ED1D10 .text C:\WINDOWS\Explorer.EXE[1308] WS2_32.dll!send 71A54C27 5 Bytes JMP 02ED7250 .text C:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 011D6390 .text C:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 011D6640 .text C:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 011D53D0 .text C:\WINDOWS\system32\spoolsv.exe[1340] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 011D5300 .text C:\WINDOWS\system32\spoolsv.exe[1340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011D11C0 .text C:\WINDOWS\system32\spoolsv.exe[1340] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 011D1290 .text C:\WINDOWS\system32\spoolsv.exe[1340] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 011D2570 .text C:\WINDOWS\system32\spoolsv.exe[1340] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 011D1000 .text C:\WINDOWS\system32\spoolsv.exe[1340] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 011D10A0 .text C:\WINDOWS\system32\spoolsv.exe[1340] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 011D2510 .text C:\WINDOWS\system32\spoolsv.exe[1340] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 011D1D10 .text C:\WINDOWS\system32\spoolsv.exe[1340] WS2_32.dll!send 71A54C27 5 Bytes JMP 011D7250 .text C:\WINDOWS\system32\spoolsv.exe[1340] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 011D20A0 .text C:\WINDOWS\system32\spoolsv.exe[1340] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 011D23A0 .text C:\WINDOWS\system32\spoolsv.exe[1340] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 011D2160 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00816390 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00816640 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 008153D0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00815300 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008111C0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00811290 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00812570 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00811000 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 008110A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00812510 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00811D10 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] WS2_32.dll!send 71A54C27 5 Bytes JMP 00817250 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 008120A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 008123A0 .text C:\Program Files\Bonjour\mDNSResponder.exe[1484] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00812160 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00876390 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00876640 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 008753D0 .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00875300 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 008711C0 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00871290 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00872570 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00871000 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 008710A0 .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00872510 .text C:\WINDOWS\system32\svchost.exe[1496] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00871D10 .text C:\WINDOWS\system32\svchost.exe[1496] WS2_32.dll!send 71A54C27 5 Bytes JMP 00877250 .text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 008720A0 .text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 008723A0 .text C:\WINDOWS\system32\svchost.exe[1496] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00872160 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00B76390 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00B76640 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00B753D0 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B75300 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B711C0 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B71290 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00B72570 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00B71000 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00B710A0 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00B72510 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B71D10 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B77250 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00B720A0 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00B723A0 .text C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe[1508] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00B72160 .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00EC6390 .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00EC6640 .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00EC53D0 .text C:\WINDOWS\system32\svchost.exe[1612] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00EC5300 .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EC11C0 .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EC1290 .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00EC2570 .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00EC1000 .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00EC10A0 .text C:\WINDOWS\system32\svchost.exe[1612] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00EC2510 .text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EC1D10 .text C:\WINDOWS\system32\svchost.exe[1612] WS2_32.dll!send 71A54C27 5 Bytes JMP 00EC7250 .text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00EC20A0 .text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00EC23A0 .text C:\WINDOWS\system32\svchost.exe[1612] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00EC2160 .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 018D6390 .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 018D6640 .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 018D53D0 .text C:\WINDOWS\system32\svchost.exe[1632] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 018D5300 .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 018D11C0 .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 018D1290 .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 018D2570 .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 018D1000 .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 018D10A0 .text C:\WINDOWS\system32\svchost.exe[1632] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 018D2510 .text C:\WINDOWS\system32\svchost.exe[1632] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 018D1D10 .text C:\WINDOWS\system32\svchost.exe[1632] WS2_32.dll!send 71A54C27 5 Bytes JMP 018D7250 .text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 018D20A0 .text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 018D23A0 .text C:\WINDOWS\system32\svchost.exe[1632] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 018D2160 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00BD6390 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00BD6640 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00BD53D0 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BD5300 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD11C0 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BD1290 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00BD2570 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00BD1000 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00BD10A0 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00BD2510 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BD1D10 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] WS2_32.dll!send 71A54C27 5 Bytes JMP 00BD7250 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00BD20A0 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00BD23A0 .text C:\WINDOWS\system32\RUNDLL32.EXE[1736] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00BD2160 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 02B06390 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 02B06640 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 02B053D0 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 02B05300 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02B011C0 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 02B01290 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 02B02570 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 02B01000 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 02B010A0 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 02B02510 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 02B01D10 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] WS2_32.dll!send 71A54C27 5 Bytes JMP 02B07250 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 02B020A0 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 02B023A0 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[1752] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 02B02160 .text C:\WINDOWS\system32\rundll32.exe[1788] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00C26390 .text C:\WINDOWS\system32\rundll32.exe[1788] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00C26640 .text C:\WINDOWS\system32\rundll32.exe[1788] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00C253D0 .text C:\WINDOWS\system32\rundll32.exe[1788] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00C25300 .text C:\WINDOWS\system32\rundll32.exe[1788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C211C0 .text C:\WINDOWS\system32\rundll32.exe[1788] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C21290 .text C:\WINDOWS\system32\rundll32.exe[1788] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00C22570 .text C:\WINDOWS\system32\rundll32.exe[1788] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00C21000 .text C:\WINDOWS\system32\rundll32.exe[1788] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00C210A0 .text C:\WINDOWS\system32\rundll32.exe[1788] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00C22510 .text C:\WINDOWS\system32\rundll32.exe[1788] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00C21D10 .text C:\WINDOWS\system32\rundll32.exe[1788] WS2_32.dll!send 71A54C27 5 Bytes JMP 00C27250 .text C:\WINDOWS\system32\rundll32.exe[1788] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00C220A0 .text C:\WINDOWS\system32\rundll32.exe[1788] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00C223A0 .text C:\WINDOWS\system32\rundll32.exe[1788] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00C22160 .text C:\WINDOWS\System32\svchost.exe[1796] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 006F6390 .text C:\WINDOWS\System32\svchost.exe[1796] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 006F6640 .text C:\WINDOWS\System32\svchost.exe[1796] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 006F53D0 .text C:\WINDOWS\System32\svchost.exe[1796] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006F5300 .text C:\WINDOWS\System32\svchost.exe[1796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006F11C0 .text C:\WINDOWS\System32\svchost.exe[1796] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 006F1290 .text C:\WINDOWS\System32\svchost.exe[1796] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 006F2570 .text C:\WINDOWS\System32\svchost.exe[1796] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 006F1000 .text C:\WINDOWS\System32\svchost.exe[1796] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 006F10A0 .text C:\WINDOWS\System32\svchost.exe[1796] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 006F2510 .text C:\WINDOWS\System32\svchost.exe[1796] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 006F1D10 .text C:\WINDOWS\System32\svchost.exe[1796] WS2_32.dll!send 71A54C27 5 Bytes JMP 006F7250 .text C:\WINDOWS\System32\svchost.exe[1796] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 006F20A0 .text C:\WINDOWS\System32\svchost.exe[1796] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 006F23A0 .text C:\WINDOWS\System32\svchost.exe[1796] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 006F2160 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 009E6390 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 009E6640 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 009E53D0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 009E5300 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009E11C0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 009E1290 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 009E2570 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 009E1000 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 009E10A0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 009E2510 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 009E1D10 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] WS2_32.dll!send 71A54C27 5 Bytes JMP 009E7250 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 009E20A0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 009E23A0 .text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[1824] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 009E2160 .text C:\WINDOWS\system32\ctfmon.exe[1840] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00B36390 .text C:\WINDOWS\system32\ctfmon.exe[1840] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00B36640 .text C:\WINDOWS\system32\ctfmon.exe[1840] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00B353D0 .text C:\WINDOWS\system32\ctfmon.exe[1840] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B35300 .text C:\WINDOWS\system32\ctfmon.exe[1840] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B311C0 .text C:\WINDOWS\system32\ctfmon.exe[1840] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B31290 .text C:\WINDOWS\system32\ctfmon.exe[1840] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00B32570 .text C:\WINDOWS\system32\ctfmon.exe[1840] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00B31000 .text C:\WINDOWS\system32\ctfmon.exe[1840] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00B310A0 .text C:\WINDOWS\system32\ctfmon.exe[1840] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00B32510 .text C:\WINDOWS\system32\ctfmon.exe[1840] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B31D10 .text C:\WINDOWS\system32\ctfmon.exe[1840] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B37250 .text C:\WINDOWS\system32\ctfmon.exe[1840] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00B320A0 .text C:\WINDOWS\system32\ctfmon.exe[1840] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00B323A0 .text C:\WINDOWS\system32\ctfmon.exe[1840] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00B32160 .text C:\WINDOWS\system32\nvsvc32.exe[1880] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00F36390 .text C:\WINDOWS\system32\nvsvc32.exe[1880] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00F36640 .text C:\WINDOWS\system32\nvsvc32.exe[1880] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00F353D0 .text C:\WINDOWS\system32\nvsvc32.exe[1880] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F35300 .text C:\WINDOWS\system32\nvsvc32.exe[1880] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F311C0 .text C:\WINDOWS\system32\nvsvc32.exe[1880] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00F31290 .text C:\WINDOWS\system32\nvsvc32.exe[1880] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00F32570 .text C:\WINDOWS\system32\nvsvc32.exe[1880] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00F31000 .text C:\WINDOWS\system32\nvsvc32.exe[1880] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00F310A0 .text C:\WINDOWS\system32\nvsvc32.exe[1880] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00F32510 .text C:\WINDOWS\system32\nvsvc32.exe[1880] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00F31D10 .text C:\WINDOWS\system32\nvsvc32.exe[1880] WS2_32.dll!send 71A54C27 5 Bytes JMP 00F37250 .text C:\WINDOWS\system32\nvsvc32.exe[1880] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00F320A0 .text C:\WINDOWS\system32\nvsvc32.exe[1880] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00F323A0 .text C:\WINDOWS\system32\nvsvc32.exe[1880] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00F32160 .text C:\WINDOWS\System32\svchost.exe[1908] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 006F6390 .text C:\WINDOWS\System32\svchost.exe[1908] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 006F6640 .text C:\WINDOWS\System32\svchost.exe[1908] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 006F53D0 .text C:\WINDOWS\System32\svchost.exe[1908] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006F5300 .text C:\WINDOWS\System32\svchost.exe[1908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006F11C0 .text C:\WINDOWS\System32\svchost.exe[1908] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 006F1290 .text C:\WINDOWS\System32\svchost.exe[1908] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 006F2570 .text C:\WINDOWS\System32\svchost.exe[1908] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 006F1000 .text C:\WINDOWS\System32\svchost.exe[1908] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 006F10A0 .text C:\WINDOWS\System32\svchost.exe[1908] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 006F2510 .text C:\WINDOWS\System32\svchost.exe[1908] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 006F1D10 .text C:\WINDOWS\System32\svchost.exe[1908] WS2_32.dll!send 71A54C27 5 Bytes JMP 006F7250 .text C:\WINDOWS\System32\svchost.exe[1908] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 006F20A0 .text C:\WINDOWS\System32\svchost.exe[1908] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 006F23A0 .text C:\WINDOWS\System32\svchost.exe[1908] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 006F2160 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00EF6390 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00EF6640 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00EF53D0 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00EF5300 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EF11C0 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EF1290 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00EF2570 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00EF1000 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00EF10A0 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00EF2510 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00EF1D10 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] WS2_32.dll!send 71A54C27 5 Bytes JMP 00EF7250 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00EF20A0 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00EF23A0 .text C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe[1944] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00EF2160 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 017E6390 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 017E6640 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 017E53D0 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 017E5300 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 017E11C0 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 017E1290 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 017E2570 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 017E1000 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 017E10A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 017E2510 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 017E1D10 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] WS2_32.dll!send 71A54C27 5 Bytes JMP 017E7250 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 017E20A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 017E23A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[1972] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 017E2160 .text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00BD6390 .text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00BD6640 .text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00BD53D0 .text C:\WINDOWS\system32\svchost.exe[2024] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00BD5300 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BD11C0 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00BD1290 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00BD2570 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00BD1000 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00BD10A0 .text C:\WINDOWS\system32\svchost.exe[2024] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00BD2510 .text C:\WINDOWS\system32\svchost.exe[2024] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00BD1D10 .text C:\WINDOWS\system32\svchost.exe[2024] WS2_32.dll!send 71A54C27 5 Bytes JMP 00BD7250 .text C:\WINDOWS\system32\svchost.exe[2024] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00BD20A0 .text C:\WINDOWS\system32\svchost.exe[2024] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00BD23A0 .text C:\WINDOWS\system32\svchost.exe[2024] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00BD2160 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00756390 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00756640 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 007553D0 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00755300 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 007511C0 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00751290 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00752570 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00751000 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 007510A0 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00752510 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00751D10 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] WS2_32.dll!send 71A54C27 5 Bytes JMP 00757250 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 007520A0 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 007523A0 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2280] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00752160 .text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00B06390 .text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00B06640 .text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 00B053D0 .text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00B05300 .text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B011C0 .text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00B01290 .text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00B02570 .text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00B01000 .text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 00B010A0 .text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00B02510 .text C:\WINDOWS\System32\alg.exe[2384] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00B01D10 .text C:\WINDOWS\System32\alg.exe[2384] WS2_32.dll!send 71A54C27 5 Bytes JMP 00B07250 .text C:\WINDOWS\System32\alg.exe[2384] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 00B020A0 .text C:\WINDOWS\System32\alg.exe[2384] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 00B023A0 .text C:\WINDOWS\System32\alg.exe[2384] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00B02160 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000A6390 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000A6640 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000A53D0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A5300 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000A11C0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000A1290 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000A2570 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000A1000 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000A10A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000A2510 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000A1D10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] WS2_32.dll!send 71A54C27 5 Bytes JMP 000A7250 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 000A20A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 000A23A0 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2536] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 000A2160 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 013F6390 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 013F6640 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 013F53D0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 013F5300 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013F11C0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 013F1290 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 013F2570 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 013F1000 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 013F10A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 013F2510 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 013F1D10 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] WS2_32.dll!send 71A54C27 5 Bytes JMP 013F7250 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 013F20A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 013F23A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2732] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 013F2160 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 013C6390 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 013C6640 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 013C53D0 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 013C5300 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013C11C0 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 013C1290 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 013C2570 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 013C1000 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 013C10A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 013C2510 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 013C1D10 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] WS2_32.dll!send 71A54C27 5 Bytes JMP 013C7250 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 013C20A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 013C23A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2760] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 013C2160 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 01306390 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 01306640 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 013053D0 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 01305300 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 013011C0 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01301290 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 01302570 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 01301000 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 013010A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 01302510 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 01301D10 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] WS2_32.dll!send 71A54C27 3 Bytes JMP 01307250 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] WS2_32.dll!send + 4 71A54C2B 1 Byte [8F] .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 013020A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 013023A0 .text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2872] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 01302160 .text C:\WINDOWS\notepad.exe[3704] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 000B6390 .text C:\WINDOWS\notepad.exe[3704] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 000B6640 .text C:\WINDOWS\notepad.exe[3704] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 000B53D0 .text C:\WINDOWS\notepad.exe[3704] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000B5300 .text C:\WINDOWS\notepad.exe[3704] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 000B11C0 .text C:\WINDOWS\notepad.exe[3704] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 000B1290 .text C:\WINDOWS\notepad.exe[3704] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 000B2570 .text C:\WINDOWS\notepad.exe[3704] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 000B1000 .text C:\WINDOWS\notepad.exe[3704] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 000B10A0 .text C:\WINDOWS\notepad.exe[3704] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 000B2510 .text C:\WINDOWS\notepad.exe[3704] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 000B1D10 .text C:\WINDOWS\notepad.exe[3704] WS2_32.dll!send 71A54C27 5 Bytes JMP 000B7250 .text C:\WINDOWS\notepad.exe[3704] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 000B20A0 .text C:\WINDOWS\notepad.exe[3704] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 000B23A0 .text C:\WINDOWS\notepad.exe[3704] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 000B2160 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] ntdll.dll!NtEnumerateValueKey 7C90D2D0 5 Bytes JMP 00176390 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] ntdll.dll!NtQueryDirectoryFile 7C90D750 5 Bytes JMP 00176640 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] ntdll.dll!NtResumeThread 7C90DB20 5 Bytes JMP 001753D0 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00175300 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001711C0 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00171290 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] kernel32.dll!MoveFileW 7C821249 5 Bytes JMP 00172570 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] kernel32.dll!CopyFileA 7C8286D6 5 Bytes JMP 00171000 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] kernel32.dll!CopyFileW 7C82F863 5 Bytes JMP 001710A0 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] kernel32.dll!MoveFileA 7C835EA7 5 Bytes JMP 00172510 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] WS2_32.dll!GetAddrInfoW 71A52899 5 Bytes JMP 00171D10 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] WS2_32.dll!send 71A54C27 5 Bytes JMP 00177250 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] WININET.dll!HttpSendRequestA 771C7519 5 Bytes JMP 001720A0 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] WININET.dll!InternetWriteFile 771D27A3 5 Bytes JMP 001723A0 .text C:\Documents and Settings\---\Pulpit\v17u71i4.exe[3988] WININET.dll!HttpSendRequestW 771DDB8E 5 Bytes JMP 00172160 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\008098985dd8 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\008098c4eb30 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\008098985dd8 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\008098c4eb30 (not active ControlSet) Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Run@Maninu C:\Documents and Settings\---\Dane aplikacji\Maninu.exe Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache@C:\Documents and Settings\---\Dane aplikacji\Maninu.exe Notepad++ : a free (GNU) source code editor ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\---\Dane aplikacji\Maninu.exe 249856 bytes executable ---- EOF - GMER 1.0.15 ----