GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-30 21:54:25 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502HJ rev.1AJ10001 Running: gng2ci2j.exe; Driver: C:\Users\Rodzina\AppData\Local\Temp\pgddqpoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x91AA24BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x94C16C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x91AA2ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x91AADFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x91AADFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x91AAE176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x91AADF16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x94C16FA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91AADF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x91AA311C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x91AA32F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x91AAE130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x91AA393E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x91AA2508] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x94C16CEA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x94C153EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x91AA2556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x91AA7534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x91AA43A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x91AADFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91AAE016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x91AAE19A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x91AADF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x91AAE0BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x91AADF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x91AAE154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x94C16E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x91AA4272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x91AA3F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x91AA25A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x91AA25F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x91AA37BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x91AA21FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x91AA23AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x91AA2350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x91AA3AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x91AA3C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x91AA241A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x94C16EFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x91AA3636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x94C1541C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x91AA2640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x94C16D96] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x94C2FE56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C46579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C6AF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 82C72714 4 Bytes [BA, 24, AA, 91] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82C7273C 4 Bytes [22, 6C, C1, 94] {AND CH, [ECX+EAX*8-0x6c]} .text ntkrnlpa.exe!RtlSidHashLookup + 29C 82C7279C 4 Bytes [D6, 2E, AA, 91] {SALC ; STOS BYTE CS:[EDI]; XCHG ECX, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82C727F0 8 Bytes [A8, DF, AA, 91, F4, DF, AA, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82C727FC 4 Bytes [76, E1, AA, 91] {JBE 0xffffffffffffffe3; STOSB ; XCHG ECX, EAX} .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E0BF59 5 Bytes JMP 94C2CCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 82E25C5F 5 Bytes JMP 94C2E828 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E700EA 4 Bytes CALL 91AA4A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E781C5 4 Bytes CALL 91AA4AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EDDE52 7 Bytes JMP 94C2FE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngMultiByteToUnicodeN + 7240 9BA99869 5 Bytes JMP 91AA7EB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngIsSemaphoreOwned + 8A1B 9BAB086D 5 Bytes JMP 91AA7FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngIsSemaphoreOwned + 8B72 9BAB09C4 5 Bytes JMP 91AA7CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + 7C90 9BACD15F 5 Bytes JMP 91AA80C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + BF73 9BAD1442 5 Bytes JMP 91AA8CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 1C30 9BAE356D 5 Bytes JMP 91AA8182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 3318 9BAE4C55 5 Bytes JMP 91AA77C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 401D 9BAE595A 5 Bytes JMP 91AA8A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 6CB 9BAEA1DB 5 Bytes JMP 91AA8090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 177B 9BAEB28B 5 Bytes JMP 91AA7EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAllocMem + 8F96 9BAF6291 5 Bytes JMP 91AA80A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bEnum + 7A2D 9BB0782C 5 Bytes JMP 91AA7834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bEnum + 8714 9BB08513 5 Bytes JMP 91AA7670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bEnum + 9311 9BB09110 5 Bytes JMP 91AA7C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateSemaphore + A7EB 9BB23FDB 5 Bytes JMP 91AA894C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateSemaphore + CB9D 9BB2638D 5 Bytes JMP 91AA756A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngBitBlt + 56E 9BB2F939 5 Bytes JMP 91AA89F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngBitBlt + 5201 9BB345CC 5 Bytes JMP 91AA8EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + 6119 9BB47842 5 Bytes JMP 91AA7688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + 11641 9BB52D6A 5 Bytes JMP 91AA8A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + 1AE7F 9BB5C5A8 5 Bytes JMP 91AAA8D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_bEnum + 9767 9BB6FA7F 5 Bytes JMP 91AA7B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26C1 9BB77B45 5 Bytes JMP 91AA8D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bPolyBezierTo + F8 9BB8B449 5 Bytes JMP 91AA7A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAcquireSemaphoreSharedNoWait + 1F5A 9BB9B437 5 Bytes JMP 91AA8E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + EB5 9BBC5C7F 5 Bytes JMP 91AA78F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetCurrentGamma + 1C7A 9BBC9C9C 5 Bytes JMP 91AA7944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetPointerShape + B31 9BBCC7C4 5 Bytes JMP 91AA816A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetPointerShape + C86 9BBCC919 5 Bytes JMP 91AA8BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_cEnumStart + 6CE0 9BBD55A5 5 Bytes JMP 91AA7760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_cEnumStart + A3D9 9BBD8C9E 5 Bytes JMP 91AA7AB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text autochk.exe 002711D1 2 Bytes [11, 27] {ADC [EDI], ESP} .text autochk.exe 002711D4 2 Bytes [FF, FF] .text autochk.exe 002711D8 14 Bytes [F2, F2, F2, FF, F0, F0, F0, ...] .text autochk.exe 002711E7 4 Bytes [08, F8, 76, 24] {OR AL, BH; JBE 0x28} .text autochk.exe 002711EC 3 Bytes [20, 50, 25] {AND [EAX+0x25], DL} .text ... .text sechost.dll!SetServiceObjectSecurity 77375181 5 Bytes [E9, 8E, BE, E7, 88] {JMP 0xffffffff88e7be93} .text sechost.dll!ChangeServiceConfigA 77375254 5 Bytes [E9, AB, B5, E7, 88] {JMP 0xffffffff88e7b5b0} .text sechost.dll!ChangeServiceConfigW 773753D5 5 Bytes [E9, 2E, B6, E7, 88] {JMP 0xffffffff88e7b633} .text sechost.dll!ChangeServiceConfig2A 773754C2 5 Bytes [E9, 45, B7, E7, 88] {JMP 0xffffffff88e7b74a} .text sechost.dll!ChangeServiceConfig2W 773755E2 5 Bytes [E9, 29, B8, E7, 88] {JMP 0xffffffff88e7b82e} .text sechost.dll!CreateServiceA 7737567C 5 Bytes [E9, 77, AB, E7, 88] {JMP 0xffffffff88e7ab7c} .text sechost.dll!CreateServiceW 7737589F 5 Bytes [E9, 58, AB, E7, 88] {JMP 0xffffffff88e7ab5d} .text sechost.dll!DeleteService 77375A22 5 Bytes [E9, D9, AB, E7, 88] {JMP 0xffffffff88e7abde} ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[416] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[472] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\wininit.exe[476] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\csrss.exe[488] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\services.exe[524] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text ... .text C:\Program Files\Nero\Update\NASvc.exe[1140] ntdll.dll!LdrUnloadDll 7786BE7F 5 Bytes JMP 000F03FC .text C:\Program Files\Nero\Update\NASvc.exe[1140] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 000F01F8 .text C:\Program Files\Nero\Update\NASvc.exe[1140] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\Nero\Update\NASvc.exe[1140] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Nero\Update\NASvc.exe[1140] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 001003FC .text C:\Program Files\Nero\Update\NASvc.exe[1140] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 00100804 .text C:\Program Files\Nero\Update\NASvc.exe[1140] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 001001F8 .text C:\Program Files\Nero\Update\NASvc.exe[1140] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 00100600 .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1156] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Users\Rodzina\Desktop\gng2ci2j.exe[1292] ntdll.dll!LdrUnloadDll 7786BE7F 5 Bytes JMP 001E03FC .text C:\Users\Rodzina\Desktop\gng2ci2j.exe[1292] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 001E01F8 .text C:\Users\Rodzina\Desktop\gng2ci2j.exe[1292] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Users\Rodzina\Desktop\gng2ci2j.exe[1292] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 00200A08 .text C:\Users\Rodzina\Desktop\gng2ci2j.exe[1292] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 002003FC .text C:\Users\Rodzina\Desktop\gng2ci2j.exe[1292] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 00200804 .text C:\Users\Rodzina\Desktop\gng2ci2j.exe[1292] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 002001F8 .text C:\Users\Rodzina\Desktop\gng2ci2j.exe[1292] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 00200600 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1312] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1324] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1380] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[1388] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1468] kernel32.dll!SetUnhandledExceptionFilter 773E3142 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1468] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1516] ntdll.dll!LdrUnloadDll 7786BE7F 5 Bytes JMP 000E03FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1516] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 000E01F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1516] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1516] USER32.dll!CharToOemA + 3A 772AB1DE 7 Bytes JMP 631432C0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1516] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1516] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 001003FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1516] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 00100804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1516] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 001001F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1516] USER32.dll!AdjustWindowRectEx + 117 772B660F 7 Bytes JMP 6314324F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1516] USER32.dll!GetWindowInfo 772B6A82 5 Bytes JMP 62F8A8A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1516] USER32.dll!MenuItemFromPoint + F 772D4B36 7 Bytes JMP 62F8AED5 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1516] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 00100600 .text C:\Windows\System32\rundll32.exe[1556] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\VDOTool\TBPANEL.exe[1564] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\afwServ.exe[1628] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1724] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1764] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text ... .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2240] ntdll.dll!LdrUnloadDll 7786BE7F 3 Bytes JMP 000703FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2240] ntdll.dll!LdrUnloadDll + 4 7786BE83 1 Byte [88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2240] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2240] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2240] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 00080A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2240] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 000803FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2240] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 00080804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2240] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 000801F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[2240] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 00080600 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2400] kernel32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2468] ntdll.dll!LdrUnloadDll 7786BE7F 5 Bytes JMP 002E03FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2468] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 002E01F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2468] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2468] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 002F0A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2468] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 002F03FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2468] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 002F0804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2468] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 002F01F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2468] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 002F0600 .text C:\Windows\system32\taskhost.exe[2964] ntdll.dll!LdrUnloadDll 7786BE7F 5 Bytes JMP 000D03FC .text C:\Windows\system32\taskhost.exe[2964] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 000D01F8 .text C:\Windows\system32\taskhost.exe[2964] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\taskhost.exe[2964] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 000E0A08 .text C:\Windows\system32\taskhost.exe[2964] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 000E03FC .text C:\Windows\system32\taskhost.exe[2964] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 000E0804 .text C:\Windows\system32\taskhost.exe[2964] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\taskhost.exe[2964] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 000E0600 .text C:\Windows\system32\svchost.exe[3008] ntdll.dll!LdrUnloadDll 7786BE7F 5 Bytes JMP 000E03FC .text C:\Windows\system32\svchost.exe[3008] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 000E01F8 .text C:\Windows\system32\svchost.exe[3008] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\svchost.exe[3008] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\svchost.exe[3008] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 001003FC .text C:\Windows\system32\svchost.exe[3008] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 00100804 .text C:\Windows\system32\svchost.exe[3008] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\svchost.exe[3008] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtCreateFile + 6 77854A16 4 Bytes [28, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtCreateFile + B 77854A1B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtCreateKey + 6 77854A56 4 Bytes [68, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtCreateKey + B 77854A5B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtCreateMutant + 6 77854A96 4 Bytes [68, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtCreateMutant + B 77854A9B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtCreateSection + 6 77854B36 4 Bytes [A8, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtCreateSection + B 77854B3B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtMapViewOfSection + B 7785507B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenFile + 6 77855126 4 Bytes [68, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenFile + B 7785512B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenKey + 6 77855156 4 Bytes [A8, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenKey + B 7785515B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenKeyEx + B 7785516B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenMutant + 6 778551A6 4 Bytes [28, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenMutant + B 778551AB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenProcess + 6 778551D6 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenProcess + 6 778551D6 4 Bytes [68, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenProcess + B 778551DB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenProcessToken + 6 778551E6 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenProcessToken + 6 778551E6 4 Bytes [A8, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenProcessToken + B 778551EB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenProcessTokenEx + 6 778551F6 4 Bytes [68, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenProcessTokenEx + B 778551FB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenSection + B 7785521B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenThread + 6 77855256 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenThread + 6 77855256 4 Bytes [28, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenThread + B 7785525B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenThreadToken + 6 77855266 4 Bytes [28, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenThreadToken + B 7785526B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenThreadTokenEx + 6 77855276 4 Bytes [A8, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtOpenThreadTokenEx + B 7785527B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtQueryAttributesFile + 6 77855386 4 Bytes [A8, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtQueryAttributesFile + B 7785538B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtQueryFullAttributesFile + B 7785543B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtSetInformationFile + 6 77855A86 4 Bytes [28, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtSetInformationFile + B 77855A8B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtSetInformationThread + 6 77855AE6 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtSetInformationThread + B 77855AEB 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtUnmapViewOfSection + 6 77855E06 4 Bytes [28, 05, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!NtUnmapViewOfSection + B 77855E0B 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!LdrUnloadDll 7786BE7F 5 Bytes JMP 000B03FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 000B01F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] KERNEL32.dll!CreateProcessW 7739202D 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] KERNEL32.dll!CreateProcessA 77392062 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!SelectObject 76C261D0 5 Bytes JMP 000D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!SetTextColor 76C26622 5 Bytes JMP 000D0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!SetBkMode 76C266CD 5 Bytes JMP 000D08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!DeleteObject 76C268B4 5 Bytes JMP 000D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!DeleteDC 76C26A2C 5 Bytes JMP 000D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!ExtSelectClipRgn 76C26C72 5 Bytes JMP 000D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!SelectClipRgn 76C26D84 5 Bytes JMP 000D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!GetDeviceCaps 76C26E03 5 Bytes JMP 000D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!SetStretchBltMode 76C273CE 5 Bytes JMP 000D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!GetCurrentObject 76C2777C 5 Bytes JMP 000D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!GetTextMetricsW 76C2798F 5 Bytes JMP 000D0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!IntersectClipRect 76C27CCA 5 Bytes JMP 000D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!GetTextAlign 76C27D15 5 Bytes JMP 000D0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!SetTextAlign 76C27F92 5 Bytes JMP 000D09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!ExtTextOutW 76C28053 5 Bytes JMP 000D0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!GetClipBox 76C281F2 5 Bytes JMP 000D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!MoveToEx 76C28A16 5 Bytes JMP 000D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!CreateDCA 76C29975 5 Bytes JMP 000D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!RestoreDC 76C29A10 5 Bytes JMP 000D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!SaveDC 76C29AD2 5 Bytes JMP 000D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!StretchDIBits 76C2AC38 5 Bytes JMP 000D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!GetTextFaceW 76C2B4CC 5 Bytes JMP 000D0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!GetTextExtentPoint32W 76C2B535 5 Bytes JMP 000D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!GetFontData 76C2B8E8 5 Bytes JMP 000D0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!CreateDCW 76C2BD21 5 Bytes JMP 000D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!CreateICW 76C2C660 5 Bytes JMP 000D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!LineTo 76C2CA20 5 Bytes JMP 000D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!SetWorldTransform 76C2CB42 5 Bytes JMP 000D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!GetTextMetricsA 76C2CE46 5 Bytes JMP 000D0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!Rectangle 76C2F5BE 5 Bytes JMP 000D09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!SetICMMode 76C2F8D4 5 Bytes JMP 000D0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!ExtTextOutA 76C30158 5 Bytes JMP 000D0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!GetTextExtentPoint32A 76C308BB 5 Bytes JMP 000D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!Escape 76C30B0D 5 Bytes JMP 000D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!ExtEscape 76C33472 5 Bytes JMP 000D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!GetTextFaceA 76C33E49 5 Bytes JMP 000D0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!SetPolyFillMode 76C36CE1 5 Bytes JMP 000D0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!SetMiterLimit 76C36E54 5 Bytes JMP 000D0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!ResetDCW 76C4031C 5 Bytes JMP 000D0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!EndPage 76C407CD 5 Bytes JMP 000D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!GetGlyphOutlineW 76C4C292 5 Bytes JMP 000D0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!CreateScalableFontResourceW 76C4E8EF 5 Bytes JMP 000D0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!AddFontResourceW 76C4ECEB 5 Bytes JMP 000D0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!RemoveFontResourceW 76C4F1E1 5 Bytes JMP 000D0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!AbortDoc 76C54D37 5 Bytes JMP 000D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!EndDoc 76C5517E 5 Bytes JMP 000D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!StartPage 76C55269 5 Bytes JMP 000D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!StartDocW 76C55BB6 5 Bytes JMP 000D07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!BeginPath 76C5635D 5 Bytes JMP 000D0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!SelectClipPath 76C563B4 5 Bytes JMP 000D0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!CloseFigure 76C5640F 5 Bytes JMP 000D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!EndPath 76C56466 5 Bytes JMP 000D0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!StrokePath 76C56699 5 Bytes JMP 000D07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!FillPath 76C56726 5 Bytes JMP 000D0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!PolylineTo 76C56B94 5 Bytes JMP 000D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!PolyBezierTo 76C56C25 5 Bytes JMP 000D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] GDI32.dll!PolyDraw 76C56CD7 5 Bytes JMP 000D08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!ActivateKeyboardLayout 772A817D 5 Bytes JMP 002504F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!ScreenToClient 772AC1F2 7 Bytes JMP 00250670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 00260A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 002603FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!RegisterClipboardFormatA 772AE6B1 5 Bytes JMP 002502F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!RegisterClipboardFormatW 772AEDFD 5 Bytes JMP 002502B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 00260804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 002601F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!SetCursor 772B52EA 5 Bytes JMP 00250530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!MonitorFromWindow 772B590A 7 Bytes JMP 00250630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!PostMessageW 772B6225 5 Bytes JMP 002505F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!IsWindowVisible 772B6939 7 Bytes JMP 002506B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!GetClientRect 772B74B1 7 Bytes JMP 002505B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!MapWindowPoints 772B7915 5 Bytes JMP 00250570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!GetParent 772B7AB3 7 Bytes JMP 002506F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!SetClipboardData 772C4979 5 Bytes JMP 00250170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!EmptyClipboard 772C4A28 5 Bytes JMP 00250130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!GetClipboardData 772C4B47 5 Bytes JMP 00250030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!EnumClipboardFormats 772C4D98 5 Bytes JMP 002501B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!GetClipboardFormatNameW 772C7EB2 5 Bytes JMP 00250230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!SetClipboardViewer 772C8F4D 5 Bytes JMP 002504B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!GetClipboardFormatNameA 772C8F61 5 Bytes JMP 00250270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!GetOpenClipboardWindow 772C902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!GetOpenClipboardWindow 772C902F 5 Bytes JMP 002503F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!ChangeClipboardChain 772D3425 5 Bytes JMP 00250430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!GetTopWindow 772D3A5D 7 Bytes JMP 00250730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!CloseClipboard 772D5BA7 5 Bytes JMP 002500B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!OpenClipboard 772D5BB9 5 Bytes JMP 00250070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!IsClipboardFormatAvailable 772D5C3A 5 Bytes JMP 002500F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!GetClipboardSequenceNumber 772D5C4E 5 Bytes JMP 00250330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!GetClipboardOwner 772D5C60 5 Bytes JMP 00250370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!CountClipboardFormats 772D5DC9 5 Bytes JMP 002501F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 00260600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!SetCursorPos 772EC1D8 5 Bytes JMP 00250770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!GetClipboardViewer 77304B57 5 Bytes JMP 00250470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] USER32.dll!GetPriorityClipboardFormat 77304C59 5 Bytes JMP 002503B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ole32.dll!OleSetClipboard 76E7F1F6 5 Bytes JMP 00280030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ole32.dll!OleIsCurrentClipboard 76E82370 5 Bytes JMP 00280070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe[3204] ole32.dll!OleGetClipboard 76EAF71D 5 Bytes JMP 002800B0 .text C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3308] ntdll.dll!LdrUnloadDll 7786BE7F 5 Bytes JMP 001E03FC .text C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3308] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 001E01F8 .text C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3308] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3308] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3308] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 001F03FC .text C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3308] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 001F0804 .text C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3308] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe[3308] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3324] ntdll.dll!LdrUnloadDll 7786BE7F 5 Bytes JMP 001F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3324] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 001F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3324] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3324] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3324] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 002103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3324] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 00210804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3324] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 002101F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3324] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 00210600 .text C:\Windows\system32\SearchIndexer.exe[3336] ntdll.dll!LdrUnloadDll 7786BE7F 5 Bytes JMP 000E03FC .text C:\Windows\system32\SearchIndexer.exe[3336] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 000E01F8 .text C:\Windows\system32\SearchIndexer.exe[3336] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3336] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 00140A08 .text C:\Windows\system32\SearchIndexer.exe[3336] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 001403FC .text C:\Windows\system32\SearchIndexer.exe[3336] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 00140804 .text C:\Windows\system32\SearchIndexer.exe[3336] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 001401F8 .text C:\Windows\system32\SearchIndexer.exe[3336] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 00140600 .text C:\Windows\system32\WUDFHost.exe[3388] ntdll.dll!LdrUnloadDll 7786BE7F 3 Bytes JMP 000703FC .text C:\Windows\system32\WUDFHost.exe[3388] ntdll.dll!LdrUnloadDll + 4 7786BE83 1 Byte [88] .text C:\Windows\system32\WUDFHost.exe[3388] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\WUDFHost.exe[3388] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\system32\WUDFHost.exe[3388] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 00090A08 .text C:\Windows\system32\WUDFHost.exe[3388] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 000903FC .text C:\Windows\system32\WUDFHost.exe[3388] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 00090804 .text C:\Windows\system32\WUDFHost.exe[3388] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 000901F8 .text C:\Windows\system32\WUDFHost.exe[3388] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 00090600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3724] ntdll.dll!LdrUnloadDll 7786BE7F 3 Bytes JMP 000703FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3724] ntdll.dll!LdrUnloadDll + 4 7786BE83 1 Byte [88] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3724] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3724] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3724] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 00090A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3724] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 000903FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3724] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 00090804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3724] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3724] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 00090600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3948] ntdll.dll!LdrUnloadDll 7786BE7F 5 Bytes JMP 000E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3948] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 62E24470 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3948] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 16F 773DC0CF 7 Bytes JMP 63070459 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3948] KERNEL32.dll!CloseHandle + 38 773E05EF 7 Bytes JMP 6307047C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3948] KERNEL32.dll!GetExitCodeProcess + 2C 773E313D 7 Bytes JMP 62E2F972 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3948] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3948] USER32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[3948] USER32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 000F03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3948] USER32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 000F0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[3948] USER32.dll!SetWinEventHook 772B507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3948] USER32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3948] GDI32.dll!GetViewportOrgEx + 21C 76C285EB 7 Bytes JMP 630703DA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\System32\svchost.exe[3984] ntdll.dll!LdrUnloadDll 7786BE7F 5 Bytes JMP 000E03FC .text C:\Windows\System32\svchost.exe[3984] ntdll.dll!LdrLoadDll 7786F585 5 Bytes JMP 000E01F8 .text C:\Windows\System32\svchost.exe[3984] KERNEL32.dll!GetBinaryTypeW + 70 773F7964 1 Byte [62] .text C:\Windows\System32\svchost.exe[3984] user32.dll!UnhookWindowsHookEx 772ACC7B 5 Bytes JMP 00100A08 .text C:\Windows\System32\svchost.exe[3984] user32.dll!UnhookWinEvent 772AD924 5 Bytes JMP 001003FC .text C:\Windows\System32\svchost.exe[3984] user32.dll!SetWindowsHookExW 772B210A 5 Bytes JMP 00100804 .text C:\Windows\System32\svchost.exe[3984] user32.dll!SetWinEventHook 772B507E 5 Bytes JMP 001001F8 .text C:\Windows\System32\svchost.exe[3984] user32.dll!SetWindowsHookExA 772D6DFA 5 Bytes JMP 00100600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[472] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7129F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1468] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7129F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\System32\rundll32.exe[1556] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [758B5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[1556] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [758B5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[1556] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [758B5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\System32\rundll32.exe[1556] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [758B5D3D] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\afwServ.exe[1628] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7129F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) ---- EOF - GMER 1.0.15 ----