GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-06-30 13:40:49 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3 WDC_WD7500AADS-00M2B0 rev.01.00A01 698,64GB Running: bkvliyx3.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\aftcaaog.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9141D610] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9531E5FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9141E0E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x91429F18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x91429F64] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9142A0FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x91429E86] SSDT 8687B598 ZwCreateProcess SSDT 8687B390 ZwCreateProcessEx SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x9531E992] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x91429ECE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x9141E5E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x9141E800] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9142A0B8] SSDT 8687CC60 ZwCreateUserProcess SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x9141EE9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9141D676] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x91422596] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9531E6C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x9531CC12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9141D6DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9142298C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9141F92C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x91429F42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x91429F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9142A122] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x91429EAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x91421E78] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9142A036] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x91429EF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9142226E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9142A0DC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9531E822] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9141F7F8] SSDT 8687CE40 ZwQueueApcThread SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x9141F506] SSDT 8687CCD8 ZwReadVirtualMemory SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9141D742] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9141D7A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x9141ED16] SSDT 8943DB10 ZwSetDefaultHardErrorPort SSDT 8687B2A0 ZwSetInformationProcess SSDT 8687CFA8 ZwSetInformationThread SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9141D2F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9141D4CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9141D45C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x9141F066] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x9141F1C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9141D556] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x9531E8EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x9141ECF6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9531CC42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9141D80E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x9531E76E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 832413C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8327AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83281D80 4 Bytes [10, D6, 41, 91] {ADC DH, DL; INC ECX; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83281DA8 4 Bytes [FA, E5, 31, 95] {CLI ; IN EAX, 0x31; XCHG EBP, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83281E08 4 Bytes [E6, E0, 41, 91] {OUT 0xe0, AL; INC ECX; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 83281E5C 8 Bytes [18, 9F, 42, 91, 64, 9F, 42, ...] {SBB [EDI-0x609b6ebe], BL; INC EDX; XCHG ECX, EAX} .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 83281E68 4 Bytes [FE, A0, 42, 91] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8340EC64 5 Bytes JMP 95334C9A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 83427290 5 Bytes JMP 953367CC \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8343C3D7 4 Bytes CALL 9141FFEF \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 834561E0 4 Bytes CALL 91420005 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9540E000, 0x3B8195, 0xE8000020] .text win32k.sys!EngFntCacheLookUp + 8B1B 9F2B09D5 5 Bytes JMP 914234DC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateRectRgn + 3819 9F2C4AA1 5 Bytes JMP 91423628 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateRectRgn + 47FC 9F2C5A84 5 Bytes JMP 914232F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 310 9F2E13CD 5 Bytes JMP 914241B2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 4C63 9F2E5D20 5 Bytes JMP 91422D54 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 60B0 9F2E716D 5 Bytes JMP 914243FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + BE21 9F2ECEDE 5 Bytes JMP 914236CE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + C070 9F2ED12D 5 Bytes JMP 914237E2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 650 9F306BE5 5 Bytes JMP 914229C2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 70E 9F306CA3 5 Bytes JMP 914236EC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 38FE 9F309E93 5 Bytes JMP 91422AD8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 39BC 9F309F51 5 Bytes JMP 91422BF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1EDA 9F30E5C5 5 Bytes JMP 91423508 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2B26 9F318019 5 Bytes JMP 9142322C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + ACDC 9F3201CF 5 Bytes JMP 91422DF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 14F8D 9F32A480 5 Bytes JMP 91424060 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 5066 9F341BDE 5 Bytes JMP 91424116 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngBitBlt + 42AA 9F34F581 5 Bytes JMP 91424614 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnlockSurface + B238 9F364DF7 5 Bytes JMP 91424162 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnlockSurface + CBF7 9F3667B6 5 Bytes JMP 914261FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteClip + 480C 9F37765B 5 Bytes JMP 91422CDC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEqualRgn + 41B2 9F3855EC 5 Bytes JMP 91423150 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEqualRgn + B3FE 9F38C838 5 Bytes JMP 914244BE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteRgn + 2198 9F3A35E7 5 Bytes JMP 91423008 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 8676 9F3C471E 5 Bytes JMP 9142456C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 2EC6 9F3DC703 5 Bytes JMP 9142433C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 3457 9F3DCC94 5 Bytes JMP 91422EBC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 6545 9F3DFD82 5 Bytes JMP 9142370A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 9678 9F3E2EB5 5 Bytes JMP 91422F24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + BF49 9F3E5786 5 Bytes JMP 914237C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text ... .text win32k.sys!EngCTGetCurrentGamma + 63F2 9F3F192E 5 Bytes JMP 914230AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B3A54000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B3A54123 629 Bytes [F5, A4, B3, FE, 05, 34, F5, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 B3A54399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F B3A543FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B B3A544AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\taskhost.exe[412] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\csrss.exe[440] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[524] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\csrss.exe[532] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\services.exe[572] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text ... .text D:\Samsung\Kies\KiesTrayAgent.exe[1308] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001E03FC .text D:\Samsung\Kies\KiesTrayAgent.exe[1308] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001E01F8 .text D:\Samsung\Kies\KiesTrayAgent.exe[1308] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text D:\Samsung\Kies\KiesTrayAgent.exe[1308] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 001F0A08 .text D:\Samsung\Kies\KiesTrayAgent.exe[1308] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001F03FC .text D:\Samsung\Kies\KiesTrayAgent.exe[1308] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 001F0804 .text D:\Samsung\Kies\KiesTrayAgent.exe[1308] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001F01F8 .text D:\Samsung\Kies\KiesTrayAgent.exe[1308] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1312] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\atieclxx.exe[1452] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1520] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text D:\Avast\AvastSvc.exe[1604] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Logitech Gaming Software\LCore.exe[1632] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Program Files\Logitech Gaming Software\LCore.exe[1632] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000E01F8 .text C:\Program Files\Logitech Gaming Software\LCore.exe[1632] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Logitech Gaming Software\LCore.exe[1632] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Logitech Gaming Software\LCore.exe[1632] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001003FC .text C:\Program Files\Logitech Gaming Software\LCore.exe[1632] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00100804 .text C:\Program Files\Logitech Gaming Software\LCore.exe[1632] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001001F8 .text C:\Program Files\Logitech Gaming Software\LCore.exe[1632] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\Dwm.exe[1772] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\Explorer.EXE[1856] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1932] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1964] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00090A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00090804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2136] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00090600 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2200] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2200] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000E01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2200] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2200] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2200] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001003FC .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2200] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00100804 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2200] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001001F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[2200] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00100600 .text D:\Blue Soleil\BlueSoleilCS.exe[2236] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001D03FC .text D:\Blue Soleil\BlueSoleilCS.exe[2236] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001D01F8 .text D:\Blue Soleil\BlueSoleilCS.exe[2236] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text D:\Blue Soleil\BlueSoleilCS.exe[2236] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 001E0A08 .text D:\Blue Soleil\BlueSoleilCS.exe[2236] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001E03FC .text D:\Blue Soleil\BlueSoleilCS.exe[2236] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 001E0804 .text D:\Blue Soleil\BlueSoleilCS.exe[2236] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001E01F8 .text D:\Blue Soleil\BlueSoleilCS.exe[2236] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 001E0600 .text D:\DAEMON Tools Lite\DTLite.exe[2356] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001E03FC .text D:\DAEMON Tools Lite\DTLite.exe[2356] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001E01F8 .text D:\DAEMON Tools Lite\DTLite.exe[2356] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text D:\DAEMON Tools Lite\DTLite.exe[2356] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00200A08 .text D:\DAEMON Tools Lite\DTLite.exe[2356] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 002003FC .text D:\DAEMON Tools Lite\DTLite.exe[2356] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00200804 .text D:\DAEMON Tools Lite\DTLite.exe[2356] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 002001F8 .text D:\DAEMON Tools Lite\DTLite.exe[2356] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00200600 .text D:\Blue Soleil\BsMobileCS.exe[2400] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001603FC .text D:\Blue Soleil\BsMobileCS.exe[2400] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001601F8 .text D:\Blue Soleil\BsMobileCS.exe[2400] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text D:\Blue Soleil\BsMobileCS.exe[2400] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00170A08 .text D:\Blue Soleil\BsMobileCS.exe[2400] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001703FC .text D:\Blue Soleil\BsMobileCS.exe[2400] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00170804 .text D:\Blue Soleil\BsMobileCS.exe[2400] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001701F8 .text D:\Blue Soleil\BsMobileCS.exe[2400] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00170600 .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[2500] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001E03FC .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[2500] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001E01F8 .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[2500] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[2500] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[2500] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 002003FC .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[2500] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00200804 .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[2500] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 002001F8 .text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[2500] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00200600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2520] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001703FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2520] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001701F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2520] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2520] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00190A08 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2520] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001903FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2520] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00190804 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2520] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001901F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2520] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00190600 .text E:\EslWire\EslWire\service\WireHelperSvc.exe[2556] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text E:\EslWire\EslWire\service\WireHelperSvc.exe[2556] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000E01F8 .text E:\EslWire\EslWire\service\WireHelperSvc.exe[2556] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text E:\EslWire\EslWire\service\WireHelperSvc.exe[2556] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00110A08 .text E:\EslWire\EslWire\service\WireHelperSvc.exe[2556] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001103FC .text E:\EslWire\EslWire\service\WireHelperSvc.exe[2556] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00110804 .text E:\EslWire\EslWire\service\WireHelperSvc.exe[2556] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001101F8 .text E:\EslWire\EslWire\service\WireHelperSvc.exe[2556] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00110600 .text C:\Windows\system32\svchost.exe[2600] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001003FC .text C:\Windows\system32\svchost.exe[2600] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001001F8 .text C:\Windows\system32\svchost.exe[2600] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2600] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00120A08 .text C:\Windows\system32\svchost.exe[2600] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001203FC .text C:\Windows\system32\svchost.exe[2600] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00120804 .text C:\Windows\system32\svchost.exe[2600] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001201F8 .text C:\Windows\system32\svchost.exe[2600] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00120600 .text D:\Nero 8\Nero 8\Nero BackItUp\NBService.exe[2656] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001E03FC .text D:\Nero 8\Nero 8\Nero BackItUp\NBService.exe[2656] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001E01F8 .text D:\Nero 8\Nero 8\Nero BackItUp\NBService.exe[2656] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text D:\Nero 8\Nero 8\Nero BackItUp\NBService.exe[2656] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 001F0A08 .text D:\Nero 8\Nero 8\Nero BackItUp\NBService.exe[2656] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001F03FC .text D:\Nero 8\Nero 8\Nero BackItUp\NBService.exe[2656] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 001F0804 .text D:\Nero 8\Nero 8\Nero BackItUp\NBService.exe[2656] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001F01F8 .text D:\Nero 8\Nero 8\Nero BackItUp\NBService.exe[2656] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2664] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2664] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000E01F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2664] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2664] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2664] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2664] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2664] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2664] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00100600 .text D:\Avast\AvastUI.exe[2676] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2708] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2708] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000E01F8 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2708] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2708] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2708] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 000F03FC .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2708] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 000F0804 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2708] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2708] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Creative\Shared Files\CTSched.exe[2812] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001D03FC .text C:\Program Files\Creative\Shared Files\CTSched.exe[2812] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001D01F8 .text C:\Program Files\Creative\Shared Files\CTSched.exe[2812] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Creative\Shared Files\CTSched.exe[2812] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 001E0A08 .text C:\Program Files\Creative\Shared Files\CTSched.exe[2812] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001E03FC .text C:\Program Files\Creative\Shared Files\CTSched.exe[2812] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 001E0804 .text C:\Program Files\Creative\Shared Files\CTSched.exe[2812] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001E01F8 .text C:\Program Files\Creative\Shared Files\CTSched.exe[2812] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 001E0600 .text C:\Windows\system32\svchost.exe[2828] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000F03FC .text C:\Windows\system32\svchost.exe[2828] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\svchost.exe[2828] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2828] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00150A08 .text C:\Windows\system32\svchost.exe[2828] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001503FC .text C:\Windows\system32\svchost.exe[2828] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00150804 .text C:\Windows\system32\svchost.exe[2828] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001501F8 .text C:\Windows\system32\svchost.exe[2828] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00150600 .text C:\Windows\system32\svchost.exe[2900] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000F03FC .text C:\Windows\system32\svchost.exe[2900] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\svchost.exe[2900] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2900] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00220A08 .text C:\Windows\system32\svchost.exe[2900] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 002203FC .text C:\Windows\system32\svchost.exe[2900] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00220804 .text C:\Windows\system32\svchost.exe[2900] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 002201F8 .text C:\Windows\system32\svchost.exe[2900] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00220600 .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2980] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2980] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000E01F8 .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2980] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2980] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2980] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001F03FC .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2980] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 001F0804 .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2980] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001F01F8 .text C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe[2980] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 001F0600 .text D:\Webroot Security\SpySweeper.exe[3112] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001703FC .text D:\Webroot Security\SpySweeper.exe[3112] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001701F8 .text D:\Webroot Security\SpySweeper.exe[3112] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text D:\Webroot Security\SpySweeper.exe[3112] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00180A08 .text D:\Webroot Security\SpySweeper.exe[3112] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001803FC .text D:\Webroot Security\SpySweeper.exe[3112] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00180804 .text D:\Webroot Security\SpySweeper.exe[3112] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001801F8 .text D:\Webroot Security\SpySweeper.exe[3112] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00180600 .text D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3212] ntdll.dll!DbgBreakPoint 77CF410C 1 Byte [C3] .text D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3212] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 002903FC .text D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3212] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 002901F8 .text D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3212] ntdll.dll!DbgUiRemoteBreakin 77D5F17D 5 Bytes JMP 77D1E342 C:\Windows\SYSTEM32\ntdll.dll (Biblioteka NT Layer DLL/Microsoft Corporation) .text D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3212] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3212] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00450A08 .text D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3212] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 004503FC .text D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3212] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00450804 .text D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3212] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 004501F8 .text D:\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3212] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00450600 .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[3316] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001F03FC .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[3316] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001F01F8 .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[3316] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[3316] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[3316] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 002003FC .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[3316] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00200804 .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[3316] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 002001F8 .text C:\Program Files\Creative\Shared Files\Software Update\AutoUpdate.exe[3316] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00200600 .text C:\Program Files\Windows Sidebar\sidebar.exe[3324] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3324] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000E01F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3324] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[3324] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[3324] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001003FC .text C:\Program Files\Windows Sidebar\sidebar.exe[3324] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00100804 .text C:\Program Files\Windows Sidebar\sidebar.exe[3324] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001001F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[3324] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00100600 .text C:\Program Files\Skype\Phone\Skype.exe[3332] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Program Files\Skype\Phone\Skype.exe[3332] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000E01F8 .text C:\Program Files\Skype\Phone\Skype.exe[3332] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[3332] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Skype\Phone\Skype.exe[3332] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 000F03FC .text C:\Program Files\Skype\Phone\Skype.exe[3332] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 000F0804 .text C:\Program Files\Skype\Phone\Skype.exe[3332] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Skype\Phone\Skype.exe[3332] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 000F0600 .text D:\Samsung\Kies\Kies.exe[3396] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000703FC .text D:\Samsung\Kies\Kies.exe[3396] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000701F8 .text D:\Samsung\Kies\Kies.exe[3396] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text D:\Samsung\Kies\Kies.exe[3396] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00090A08 .text D:\Samsung\Kies\Kies.exe[3396] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 000903FC .text D:\Samsung\Kies\Kies.exe[3396] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00090804 .text D:\Samsung\Kies\Kies.exe[3396] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 000901F8 .text D:\Samsung\Kies\Kies.exe[3396] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00090600 .text C:\Windows\system32\AUDIODG.EXE[3736] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Windows\system32\AUDIODG.EXE[3736] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\AUDIODG.EXE[3736] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[3736] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00140A08 .text C:\Windows\system32\AUDIODG.EXE[3736] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001403FC .text C:\Windows\system32\AUDIODG.EXE[3736] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00140804 .text C:\Windows\system32\AUDIODG.EXE[3736] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001401F8 .text C:\Windows\system32\AUDIODG.EXE[3736] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00140600 .text D:\Blue Soleil\BsHelpCS.exe[3960] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001D03FC .text D:\Blue Soleil\BsHelpCS.exe[3960] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001D01F8 .text D:\Blue Soleil\BsHelpCS.exe[3960] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text D:\Blue Soleil\BsHelpCS.exe[3960] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 001E0A08 .text D:\Blue Soleil\BsHelpCS.exe[3960] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001E03FC .text D:\Blue Soleil\BsHelpCS.exe[3960] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 001E0804 .text D:\Blue Soleil\BsHelpCS.exe[3960] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001E01F8 .text D:\Blue Soleil\BsHelpCS.exe[3960] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 001E0600 .text C:\Users\Kuba\AppData\Local\GG\Application\gghub.exe[4000] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Users\Kuba\AppData\Local\GG\Application\gghub.exe[4000] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000E01F8 .text C:\Users\Kuba\AppData\Local\GG\Application\gghub.exe[4000] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Users\Kuba\AppData\Local\GG\Application\gghub.exe[4000] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 000F0A08 .text C:\Users\Kuba\AppData\Local\GG\Application\gghub.exe[4000] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 000F03FC .text C:\Users\Kuba\AppData\Local\GG\Application\gghub.exe[4000] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 000F0804 .text C:\Users\Kuba\AppData\Local\GG\Application\gghub.exe[4000] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 000F01F8 .text C:\Users\Kuba\AppData\Local\GG\Application\gghub.exe[4000] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 000F0600 .text C:\Users\Kuba\Downloads\bkvliyx3.exe[4012] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001E03FC .text C:\Users\Kuba\Downloads\bkvliyx3.exe[4012] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001E01F8 .text C:\Users\Kuba\Downloads\bkvliyx3.exe[4012] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Users\Kuba\Downloads\bkvliyx3.exe[4012] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00200A08 .text C:\Users\Kuba\Downloads\bkvliyx3.exe[4012] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 002003FC .text C:\Users\Kuba\Downloads\bkvliyx3.exe[4012] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00200804 .text C:\Users\Kuba\Downloads\bkvliyx3.exe[4012] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 002001F8 .text C:\Users\Kuba\Downloads\bkvliyx3.exe[4012] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00200600 .text C:\Windows\system32\SearchIndexer.exe[4080] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Windows\system32\SearchIndexer.exe[4080] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\SearchIndexer.exe[4080] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[4080] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\SearchIndexer.exe[4080] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001003FC .text C:\Windows\system32\SearchIndexer.exe[4080] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00100804 .text C:\Windows\system32\SearchIndexer.exe[4080] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\SearchIndexer.exe[4080] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00100600 .text C:\Users\Kuba\Downloads\bkvliyx3.exe[4136] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 6155C533 C:\Users\Kuba\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] KERNEL32.dll!MapViewOfFile 77A693DB 5 Bytes JMP 61D4F6AA C:\Users\Kuba\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] KERNEL32.dll!VirtualAlloc 77A6C43A 5 Bytes JMP 61D4F664 C:\Users\Kuba\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] USER32.dll!SetWindowLongA 7730B1E3 5 Bytes JMP 61BD5B3E C:\Users\Kuba\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 000F0A08 .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 000F03FC .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 000F0804 .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 000F01F8 .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] USER32.dll!SetWindowLongW 77316614 3 Bytes JMP 61BD5B9E C:\Users\Kuba\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] USER32.dll!SetWindowLongW + 4 77316618 1 Byte [EA] .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 000F0600 .text C:\Users\Kuba\AppData\Local\GG\Application\ggapp.exe[4236] GDI32.dll!CreateDIBSection 776C8850 5 Bytes JMP 61D4F6D1 C:\Users\Kuba\AppData\Local\GG\Application\xulrunner\xul.dll (GG application/GG Network S.A.) .text C:\Windows\System32\svchost.exe[4540] kernel32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[4640] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000703FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[4640] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000701F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[4640] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[4640] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 001F0A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[4640] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001F03FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[4640] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 001F0804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[4640] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001F01F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[4640] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 001F0600 .text C:\Users\Kuba\AppData\Local\GG\Application\ggdrive\ggdrive.exe[4852] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 001E03FC .text C:\Users\Kuba\AppData\Local\GG\Application\ggdrive\ggdrive.exe[4852] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 001E01F8 .text C:\Users\Kuba\AppData\Local\GG\Application\ggdrive\ggdrive.exe[4852] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Users\Kuba\AppData\Local\GG\Application\ggdrive\ggdrive.exe[4852] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 001F0A08 .text C:\Users\Kuba\AppData\Local\GG\Application\ggdrive\ggdrive.exe[4852] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001F03FC .text C:\Users\Kuba\AppData\Local\GG\Application\ggdrive\ggdrive.exe[4852] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 001F0804 .text C:\Users\Kuba\AppData\Local\GG\Application\ggdrive\ggdrive.exe[4852] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001F01F8 .text C:\Users\Kuba\AppData\Local\GG\Application\ggdrive\ggdrive.exe[4852] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 001F0600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtCreateFile + 6 77D055CE 4 Bytes [28, 48, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtCreateFile + B 77D055D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtCreateKey + 6 77D0560E 4 Bytes [68, 49, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtCreateKey + B 77D05613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtCreateMutant + 6 77D0564E 4 Bytes [68, 4A, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtCreateMutant + B 77D05653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtCreateSection + 6 77D056EE 4 Bytes [A8, 4A, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtCreateSection + B 77D056F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtMapViewOfSection + 6 77D05C2E 4 Bytes CALL 76D0637F C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtMapViewOfSection + B 77D05C33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenFile + 6 77D05CDE 4 Bytes [68, 48, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenFile + B 77D05CE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenKey + 6 77D05D0E 4 Bytes [A8, 49, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenKey + B 77D05D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenKeyEx + 6 77D05D1E 4 Bytes CALL 76D0646C C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenKeyEx + B 77D05D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenMutant + 6 77D05D5E 4 Bytes [28, 4A, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenMutant + B 77D05D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenProcess + 6 77D05D8E 4 Bytes [68, 4B, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenProcess + B 77D05D93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenProcessToken + 6 77D05D9E 4 Bytes [A8, 4B, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenProcessToken + B 77D05DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenProcessTokenEx + 6 77D05DAE 4 Bytes [68, 4C, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenProcessTokenEx + B 77D05DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenSection + 6 77D05DCE 4 Bytes CALL 76D0651D C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenSection + B 77D05DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenThread + 6 77D05E0E 4 Bytes [28, 4B, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenThread + B 77D05E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenThreadToken + 6 77D05E1E 4 Bytes [28, 4C, 07, 00] {SUB [EDI+EAX+0x0], CL} .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenThreadToken + B 77D05E23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenThreadTokenEx + 6 77D05E2E 4 Bytes [A8, 4C, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtOpenThreadTokenEx + B 77D05E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtQueryAttributesFile + 6 77D05F3E 4 Bytes [A8, 48, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtQueryAttributesFile + B 77D05F43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtQueryFullAttributesFile + 6 77D05FEE 4 Bytes CALL 76D0673B C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtQueryFullAttributesFile + B 77D05FF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtSetInformationFile + 6 77D0663E 4 Bytes [28, 49, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtSetInformationFile + B 77D06643 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtSetInformationThread + 6 77D0669E 4 Bytes CALL 76D06DEE C:\Windows\system32\SHELL32.dll (Wsp鏊na biblioteka DLL Pow這ki systemu Windows/Microsoft Corporation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtSetInformationThread + B 77D066A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtUnmapViewOfSection + 6 77D069BE 4 Bytes [28, 4D, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!NtUnmapViewOfSection + B 77D069C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 002503FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 002501F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] KERNEL32.dll!CreateProcessW 77A2204D 5 Bytes JMP 00090030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] KERNEL32.dll!CreateProcessA 77A22082 5 Bytes JMP 00090070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!DeleteObject 776C5F14 5 Bytes JMP 002701B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!SelectObject 776C6640 5 Bytes JMP 002705F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!SetTextColor 776C6906 5 Bytes JMP 00270A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!SetBkMode 776C69B1 5 Bytes JMP 002708F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!DeleteDC 776C6EAA 5 Bytes JMP 00270170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetDeviceCaps 776C6F7F 5 Bytes JMP 002703B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!ExtSelectClipRgn 776C7114 5 Bytes JMP 002702F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!SelectClipRgn 776C7242 5 Bytes JMP 002705B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!SetStretchBltMode 776C7705 5 Bytes JMP 002706B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetCurrentObject 776C7917 5 Bytes JMP 00270370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetTextMetricsW 776C7B8F 5 Bytes JMP 00270E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetTextAlign 776C7DAF 5 Bytes JMP 00270D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!IntersectClipRect 776C7DFE 5 Bytes JMP 002703F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!ExtTextOutW 776C8192 5 Bytes JMP 00270970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!SetTextAlign 776C828E 5 Bytes JMP 002709F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetClipBox 776C8525 5 Bytes JMP 00270330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!MoveToEx 776C8C21 5 Bytes JMP 00270470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!StretchDIBits 776CA53E 5 Bytes JMP 00270770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!RestoreDC 776CA67B 5 Bytes JMP 00270530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!SaveDC 776CA74B 5 Bytes JMP 00270570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetTextExtentPoint32W 776CB4B5 5 Bytes JMP 00270670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetTextFaceW 776CB73A 2 Bytes JMP 00270D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetTextFaceW + 3 776CB73D 2 Bytes [BA, 88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetFontData 776CBCC4 5 Bytes JMP 00270C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!SetWorldTransform 776CC90A 5 Bytes JMP 002706F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!CreateDCA 776CCCA9 5 Bytes JMP 002700B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!CreateDCW 776CCF79 5 Bytes JMP 002700F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!CreateICW 776CCFD0 5 Bytes JMP 00270130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetTextMetricsA 776CD0F2 5 Bytes JMP 00270DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!Rectangle 776CF1FF 5 Bytes JMP 002709B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!LineTo 776CF59B 5 Bytes JMP 00270430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!SetICMMode 776CFAA4 5 Bytes JMP 00270DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!ExtTextOutA 776D03F9 5 Bytes JMP 00270930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetTextExtentPoint32A 776D07B0 5 Bytes JMP 00270630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!ExtEscape 776D2949 5 Bytes JMP 002702B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!Escape 776D3939 5 Bytes JMP 00270270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetTextFaceA 776D3E6A 5 Bytes JMP 00270CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!SetPolyFillMode 776DD851 5 Bytes JMP 00270B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!SetMiterLimit 776DDA0D 5 Bytes JMP 00270B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!EndPage 776E00D7 5 Bytes JMP 00270230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!ResetDCW 776E050D 5 Bytes JMP 00270AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!GetGlyphOutlineW 776EC1BA 5 Bytes JMP 00270CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!CreateScalableFontResourceW 776EE817 5 Bytes JMP 00270BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!AddFontResourceW 776EEC13 5 Bytes JMP 00270BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!RemoveFontResourceW 776EF109 5 Bytes JMP 00270C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!AbortDoc 776F4C63 5 Bytes JMP 00270030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!EndDoc 776F50AA 5 Bytes JMP 002701F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!StartPage 776F5195 5 Bytes JMP 00270730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!StartDocW 776F5BB0 5 Bytes JMP 002707F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!BeginPath 776F635D 5 Bytes JMP 00270830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!SelectClipPath 776F63B4 5 Bytes JMP 00270AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!CloseFigure 776F640F 5 Bytes JMP 00270070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!EndPath 776F6466 5 Bytes JMP 00270A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!StrokePath 776F6699 5 Bytes JMP 002707B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!FillPath 776F6726 5 Bytes JMP 00270870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!PolylineTo 776F6B94 5 Bytes JMP 002704F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!PolyBezierTo 776F6C25 5 Bytes JMP 002704B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] GDI32.dll!PolyDraw 776F6CD7 5 Bytes JMP 002708B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!ActivateKeyboardLayout 7730817D 5 Bytes JMP 002804F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!ScreenToClient 7730C1F2 7 Bytes JMP 00280670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00290A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 002903FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!RegisterClipboardFormatA 7730E6B1 5 Bytes JMP 002802F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!RegisterClipboardFormatW 7730EDFD 5 Bytes JMP 002802B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00290804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 002901F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!SetCursor 773152EA 5 Bytes JMP 00280530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!MonitorFromWindow 7731590A 7 Bytes JMP 00280630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!PostMessageW 77316225 5 Bytes JMP 002805F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!IsWindowVisible 77316939 7 Bytes JMP 002806B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!GetClientRect 773174B1 7 Bytes JMP 002805B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!MapWindowPoints 77317915 5 Bytes JMP 00280570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!GetParent 77317AB3 7 Bytes JMP 002806F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!SetClipboardData 77324979 5 Bytes JMP 00280170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!EmptyClipboard 77324A28 5 Bytes JMP 00280130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!GetClipboardData 77324B47 5 Bytes JMP 00280030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!EnumClipboardFormats 77324D98 5 Bytes JMP 002801B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!GetClipboardFormatNameW 77327EB2 5 Bytes JMP 00280230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!SetClipboardViewer 77328F4D 5 Bytes JMP 002804B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!GetClipboardFormatNameA 77328F61 5 Bytes JMP 00280270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!GetOpenClipboardWindow 7732902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!GetOpenClipboardWindow 7732902F 5 Bytes JMP 002803F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!ChangeClipboardChain 77333425 5 Bytes JMP 00280430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!GetTopWindow 77333A5D 7 Bytes JMP 00280730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!CloseClipboard 77335BA7 5 Bytes JMP 002800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!OpenClipboard 77335BB9 5 Bytes JMP 00280070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!IsClipboardFormatAvailable 77335C3A 5 Bytes JMP 002800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!GetClipboardSequenceNumber 77335C4E 5 Bytes JMP 00280330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!GetClipboardOwner 77335C60 5 Bytes JMP 00280370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!CountClipboardFormats 77335DC9 5 Bytes JMP 002801F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00290600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!SetCursorPos 7734C1D8 5 Bytes JMP 00280770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!GetClipboardViewer 77364B57 5 Bytes JMP 00280470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] USER32.dll!GetPriorityClipboardFormat 77364C59 5 Bytes JMP 002803B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ole32.dll!OleSetClipboard 777B0045 5 Bytes JMP 002B0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ole32.dll!OleIsCurrentClipboard 777B36B2 5 Bytes JMP 002B0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] ole32.dll!OleGetClipboard 777DFDCD 5 Bytes JMP 002B00B0 .text C:\Program Files\Mozilla Firefox\firefox.exe[5644] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5644] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 58829CF0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5644] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 77A693D6 7 Bytes JMP 58DD5408 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5644] KERNEL32.dll!QueryPerformanceCounter + 13 77A6C435 7 Bytes JMP 58DD542B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5644] KERNEL32.dll!LoadAppInitDlls + 355 77A6F4F6 7 Bytes JMP 5883369E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5644] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[5644] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[5644] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 000F03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5644] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 000F0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[5644] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5644] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[5644] GDI32.dll!GetViewportOrgEx + 26C 776C884B 7 Bytes JMP 58DD5389 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\sppsvc.exe[5868] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000F03FC .text C:\Windows\system32\sppsvc.exe[5868] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\sppsvc.exe[5868] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\system32\sppsvc.exe[5868] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00110A08 .text C:\Windows\system32\sppsvc.exe[5868] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001103FC .text C:\Windows\system32\sppsvc.exe[5868] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00110804 .text C:\Windows\system32\sppsvc.exe[5868] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001101F8 .text C:\Windows\system32\sppsvc.exe[5868] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00110600 .text C:\Windows\System32\svchost.exe[5908] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000803FC .text C:\Windows\System32\svchost.exe[5908] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000801F8 .text C:\Windows\System32\svchost.exe[5908] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[5908] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 000A0A08 .text C:\Windows\System32\svchost.exe[5908] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 000A03FC .text C:\Windows\System32\svchost.exe[5908] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 000A0804 .text C:\Windows\System32\svchost.exe[5908] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 000A01F8 .text C:\Windows\System32\svchost.exe[5908] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 000A0600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5944] ntdll.dll!LdrUnloadDll 77D1C86E 5 Bytes JMP 000E03FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5944] ntdll.dll!LdrLoadDll 77D2223E 5 Bytes JMP 000E01F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5944] KERNEL32.dll!GetBinaryTypeW + 70 77A869F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5944] USER32.dll!CharToOemA + 3A 7730B1DE 7 Bytes JMP 58EBEA03 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5944] USER32.dll!UnhookWindowsHookEx 7730CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5944] USER32.dll!UnhookWinEvent 7730D924 5 Bytes JMP 001003FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5944] USER32.dll!SetWindowsHookExW 7731210A 5 Bytes JMP 00100804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5944] USER32.dll!SetWinEventHook 7731507E 5 Bytes JMP 001001F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5944] USER32.dll!AdjustWindowRectEx + 117 7731660F 7 Bytes JMP 58EBE992 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5944] USER32.dll!GetWindowInfo 77316A82 5 Bytes JMP 58CF5238 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5944] USER32.dll!MenuItemFromPoint + F 77334B36 7 Bytes JMP 58CF5811 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5944] USER32.dll!SetWindowsHookExA 77336DFA 5 Bytes JMP 00100600 ---- User IAT/EAT - GMER 2.1 ---- IAT D:\Avast\AvastSvc.exe[1604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71B30790] D:\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BD24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BB562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BB56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BD2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BC85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BC4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BC5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BC51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73BC6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BC8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BC8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BC90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BCE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1856] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BC4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT D:\Avast\AvastUI.exe[2676] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71B30790] D:\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00090090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 002807D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00280790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 002807D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00090090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe[5188] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00090090 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com)) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\111111111111 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\111111111111 (not active ControlSet) Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{49575A24-217E-11E0-9A3B-806E6F6E6963} 12147830208 ---- Files - GMER 2.1 ---- File C:\Users\Kuba\AppData\Local\Mozilla\Firefox\Profiles\ff86cwig.default\Cache\2\4C\D1613m01 3238 bytes ---- EOF - GMER 2.1 ----