GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-04-14 00:12:22 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_MK5055GSXF rev.FH305B 465,76GB Running: jzeetjog.exe; Driver: C:\Users\seb\AppData\Local\Temp\pfldypob.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90249FC4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x90702510] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9024C456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9024C4AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9024C5C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9024C3AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9024C4FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9024C400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9024C572] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90249FE8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x907025C0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90249DB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9024A00C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9024C9BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9024AAA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9024C486] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9024C4D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9024C5EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9024C3D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9024C53E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9024C42E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9024C59C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90702658] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9024A96A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9024A030] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9024A054] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90249E0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90249F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90249F24] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90249F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9024A078] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x907167A2] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83043579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83067F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 8306F714 4 Bytes [C4, 9F, 24, 90] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 8306F73C 4 Bytes [10, 25, 70, 90] .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 8306F7F0 8 Bytes [56, C4, 24, 90, AE, C4, 24, ...] {PUSH ESI; LES ESP, [EAX+EDX*4]; SCASB ; LES ESP, [EAX+EDX*4]} .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 8306F7FC 4 Bytes [C4, C5, 24, 90] .text ntkrnlpa.exe!RtlSidHashLookup + 318 8306F818 4 Bytes [AC, C3, 24, 90] {LODSB ; RET ; AND AL, 0x90} .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83208F59 5 Bytes JMP 9071369C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 83222C5F 5 Bytes JMP 90715174 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8326D0EA 4 Bytes CALL 9024B025 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 832751C5 4 Bytes CALL 9024B03B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 832DAE52 7 Bytes JMP 907167A6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\AUDIODG.EXE[168] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\svchost.exe[408] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[408] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[408] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\svchost.exe[408] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 008D0A08 .text C:\Windows\system32\svchost.exe[408] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 008D03FC .text C:\Windows\system32\svchost.exe[408] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 008D0804 .text C:\Windows\system32\svchost.exe[408] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 008D01F8 .text C:\Windows\system32\svchost.exe[408] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 008D0600 .text C:\Windows\system32\csrss.exe[424] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\wininit.exe[508] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[508] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[508] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\wininit.exe[508] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wininit.exe[508] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 000C03FC .text C:\Windows\system32\wininit.exe[508] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 000C0804 .text C:\Windows\system32\wininit.exe[508] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wininit.exe[508] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 000C0600 .text C:\Windows\system32\csrss.exe[516] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\services.exe[568] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\services.exe[568] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\services.exe[568] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\lsass.exe[592] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsass.exe[592] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\lsass.exe[592] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 001E0A08 .text C:\Windows\system32\lsass.exe[592] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001E03FC .text C:\Windows\system32\lsass.exe[592] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 001E0804 .text C:\Windows\system32\lsass.exe[592] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001E01F8 .text C:\Windows\system32\lsass.exe[592] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 001E0600 .text C:\Windows\system32\lsm.exe[600] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\lsm.exe[600] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsm.exe[600] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\winlogon.exe[652] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[652] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[652] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\winlogon.exe[652] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 000C0A08 .text C:\Windows\system32\winlogon.exe[652] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 000C03FC .text C:\Windows\system32\winlogon.exe[652] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 000C0804 .text C:\Windows\system32\winlogon.exe[652] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\winlogon.exe[652] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[760] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[760] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[832] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 001603FC .text C:\Windows\system32\nvvsvc.exe[832] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 001601F8 .text C:\Windows\system32\nvvsvc.exe[832] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[832] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00180A08 .text C:\Windows\system32\nvvsvc.exe[832] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001803FC .text C:\Windows\system32\nvvsvc.exe[832] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00180804 .text C:\Windows\system32\nvvsvc.exe[832] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001801F8 .text C:\Windows\system32\nvvsvc.exe[832] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00180600 .text C:\Windows\system32\svchost.exe[872] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[872] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[872] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\System32\svchost.exe[1008] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[1008] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[1008] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\System32\svchost.exe[1008] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00360A08 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 003603FC .text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00360804 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 003601F8 .text C:\Windows\System32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00360600 .text C:\Windows\System32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[1040] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[1040] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\System32\svchost.exe[1040] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00270A08 .text C:\Windows\System32\svchost.exe[1040] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 002703FC .text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00270804 .text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 002701F8 .text C:\Windows\System32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00270600 .text C:\Windows\system32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[1072] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[1072] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00960A08 .text C:\Windows\system32\svchost.exe[1072] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 009603FC .text C:\Windows\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00960804 .text C:\Windows\system32\svchost.exe[1072] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 009601F8 .text C:\Windows\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00960600 .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1200] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00AE0A08 .text C:\Windows\system32\svchost.exe[1200] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 00AE03FC .text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00AE0804 .text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 00AE01F8 .text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00AE0600 .text C:\Windows\system32\nvvsvc.exe[1300] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 001603FC .text C:\Windows\system32\nvvsvc.exe[1300] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 001601F8 .text C:\Windows\system32\nvvsvc.exe[1300] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 001F0A08 .text C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001F03FC .text C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 001F0804 .text C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001F01F8 .text C:\Windows\system32\nvvsvc.exe[1300] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 001F0600 .text C:\Windows\system32\svchost.exe[1388] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1388] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1388] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1388] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00930A08 .text C:\Windows\system32\svchost.exe[1388] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 009303FC .text C:\Windows\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00930804 .text C:\Windows\system32\svchost.exe[1388] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 009301F8 .text C:\Windows\system32\svchost.exe[1388] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00930600 .text C:\Windows\system32\WLANExt.exe[1492] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\WLANExt.exe[1492] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\WLANExt.exe[1492] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\WLANExt.exe[1492] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00110A08 .text C:\Windows\system32\WLANExt.exe[1492] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001103FC .text C:\Windows\system32\WLANExt.exe[1492] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00110804 .text C:\Windows\system32\WLANExt.exe[1492] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001101F8 .text C:\Windows\system32\WLANExt.exe[1492] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00110600 .text C:\Windows\system32\conhost.exe[1500] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000303FC .text C:\Windows\system32\conhost.exe[1500] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000301F8 .text C:\Windows\system32\conhost.exe[1500] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\conhost.exe[1500] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 000C0A08 .text C:\Windows\system32\conhost.exe[1500] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 000C03FC .text C:\Windows\system32\conhost.exe[1500] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 000C0804 .text C:\Windows\system32\conhost.exe[1500] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\conhost.exe[1500] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 000C0600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1576] kernel32.dll!SetUnhandledExceptionFilter 76663142 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1576] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[1592] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Program Files\iPod\bin\iPodService.exe[1592] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Program Files\iPod\bin\iPodService.exe[1592] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[1592] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00100A08 .text C:\Program Files\iPod\bin\iPodService.exe[1592] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001003FC .text C:\Program Files\iPod\bin\iPodService.exe[1592] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00100804 .text C:\Program Files\iPod\bin\iPodService.exe[1592] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001001F8 .text C:\Program Files\iPod\bin\iPodService.exe[1592] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00100600 .text C:\Program Files\iTunes\iTunesHelper.exe[1696] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Program Files\iTunes\iTunesHelper.exe[1696] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Program Files\iTunes\iTunesHelper.exe[1696] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[1696] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00090A08 .text C:\Program Files\iTunes\iTunesHelper.exe[1696] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 000903FC .text C:\Program Files\iTunes\iTunesHelper.exe[1696] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00090804 .text C:\Program Files\iTunes\iTunesHelper.exe[1696] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 000901F8 .text C:\Program Files\iTunes\iTunesHelper.exe[1696] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00090600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1704] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1704] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1704] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1704] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1704] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 002103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1704] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00210804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1704] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 002101F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1704] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00210600 .text C:\Windows\Explorer.EXE[1728] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[1728] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[1728] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\Explorer.EXE[1728] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00150A08 .text C:\Windows\Explorer.EXE[1728] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001503FC .text C:\Windows\Explorer.EXE[1728] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00150804 .text C:\Windows\Explorer.EXE[1728] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001501F8 .text C:\Windows\Explorer.EXE[1728] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00150600 .text C:\Program Files\Skype\Phone\Skype.exe[1772] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Program Files\Skype\Phone\Skype.exe[1772] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Program Files\Skype\Phone\Skype.exe[1772] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Skype\Phone\Skype.exe[1772] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Skype\Phone\Skype.exe[1772] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 002103FC .text C:\Program Files\Skype\Phone\Skype.exe[1772] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00210804 .text C:\Program Files\Skype\Phone\Skype.exe[1772] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 002101F8 .text C:\Program Files\Skype\Phone\Skype.exe[1772] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00210600 .text C:\Windows\system32\Dwm.exe[1812] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[1812] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[1812] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1812] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[1812] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 000803FC .text C:\Windows\system32\Dwm.exe[1812] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[1812] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[1812] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1876] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000A03FC .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1876] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000A01F8 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1876] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1876] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00240A08 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1876] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 002403FC .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1876] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00240804 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1876] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 002401F8 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[1876] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00240600 .text C:\Program Files\Boot Camp\Bootcamp.exe[1888] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Boot Camp\Bootcamp.exe[1888] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 001601F8 .text C:\Program Files\Boot Camp\Bootcamp.exe[1888] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Boot Camp\Bootcamp.exe[1888] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Boot Camp\Bootcamp.exe[1888] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001F03FC .text C:\Program Files\Boot Camp\Bootcamp.exe[1888] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 001F0804 .text C:\Program Files\Boot Camp\Bootcamp.exe[1888] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Boot Camp\Bootcamp.exe[1888] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1924] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[2304] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\spoolsv.exe[2304] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\spoolsv.exe[2304] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[2304] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00140A08 .text C:\Windows\System32\spoolsv.exe[2304] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001403FC .text C:\Windows\System32\spoolsv.exe[2304] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00140804 .text C:\Windows\System32\spoolsv.exe[2304] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001401F8 .text C:\Windows\System32\spoolsv.exe[2304] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00140600 .text C:\Windows\system32\svchost.exe[2368] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2368] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2368] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\svchost.exe[2368] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00800A08 .text C:\Windows\system32\svchost.exe[2368] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 008003FC .text C:\Windows\system32\svchost.exe[2368] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00800804 .text C:\Windows\system32\svchost.exe[2368] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 008001F8 .text C:\Windows\system32\svchost.exe[2368] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00800600 .text C:\Windows\system32\taskhost.exe[2460] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[2460] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[2460] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\taskhost.exe[2460] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 000E0A08 .text C:\Windows\system32\taskhost.exe[2460] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 000E03FC .text C:\Windows\system32\taskhost.exe[2460] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 000E0804 .text C:\Windows\system32\taskhost.exe[2460] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\taskhost.exe[2460] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 000E0600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2632] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2632] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2632] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2632] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00110A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2632] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001103FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2632] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00110804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2632] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001101F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[2632] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00110600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2652] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2652] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2652] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2652] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00090A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2652] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2652] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00090804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2652] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2652] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00090600 .text C:\Windows\system32\AppleOSSMgr.exe[2676] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 001603FC .text C:\Windows\system32\AppleOSSMgr.exe[2676] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 001601F8 .text C:\Windows\system32\AppleOSSMgr.exe[2676] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\AppleOSSMgr.exe[2676] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00300A08 .text C:\Windows\system32\AppleOSSMgr.exe[2676] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 003003FC .text C:\Windows\system32\AppleOSSMgr.exe[2676] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00300804 .text C:\Windows\system32\AppleOSSMgr.exe[2676] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 003001F8 .text C:\Windows\system32\AppleOSSMgr.exe[2676] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00300600 .text C:\Windows\system32\AppleTimeSrv.exe[2708] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 001603FC .text C:\Windows\system32\AppleTimeSrv.exe[2708] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 001601F8 .text C:\Windows\system32\AppleTimeSrv.exe[2708] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\AppleTimeSrv.exe[2708] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 001F0A08 .text C:\Windows\system32\AppleTimeSrv.exe[2708] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001F03FC .text C:\Windows\system32\AppleTimeSrv.exe[2708] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 001F0804 .text C:\Windows\system32\AppleTimeSrv.exe[2708] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001F01F8 .text C:\Windows\system32\AppleTimeSrv.exe[2708] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[2752] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2752] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2752] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2752] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[2752] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 002003FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2752] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00200804 .text C:\Program Files\Bonjour\mDNSResponder.exe[2752] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 002001F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2752] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00200600 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2916] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 001703FC .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2916] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 001701F8 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2916] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2916] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2916] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 002103FC .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2916] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00210804 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2916] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 002101F8 .text C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe[2916] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00210600 .text C:\Users\seb\AppData\Local\FilesFrog Update Checker\update_checker.exe[2948] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 001703FC .text C:\Users\seb\AppData\Local\FilesFrog Update Checker\update_checker.exe[2948] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 001701F8 .text C:\Users\seb\AppData\Local\FilesFrog Update Checker\update_checker.exe[2948] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Users\seb\AppData\Local\FilesFrog Update Checker\update_checker.exe[2948] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00210A08 .text C:\Users\seb\AppData\Local\FilesFrog Update Checker\update_checker.exe[2948] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 002103FC .text C:\Users\seb\AppData\Local\FilesFrog Update Checker\update_checker.exe[2948] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00210804 .text C:\Users\seb\AppData\Local\FilesFrog Update Checker\update_checker.exe[2948] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 002101F8 .text C:\Users\seb\AppData\Local\FilesFrog Update Checker\update_checker.exe[2948] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00210600 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[3020] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[3020] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[3020] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[3020] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00110A08 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[3020] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001103FC .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[3020] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00110804 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[3020] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001101F8 .text C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe[3020] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00110600 .text C:\Program Files\LPT\srpts.exe[3116] KERNEL32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3380] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 001603FC .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3380] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 001601F8 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3380] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3380] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00200A08 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3380] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 002003FC .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3380] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00200804 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3380] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 002001F8 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[3380] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00200600 .text C:\Windows\system32\svchost.exe[3416] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[3416] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[3416] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 68AB1FD9 C:\Program Files\Mozilla Firefox\mozglue.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 7665C0CF 7 Bytes JMP 672A40E1 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] kernel32.dll!CloseHandle + 38 766605EF 7 Bytes JMP 672A4104 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] kernel32.dll!GetExitCodeProcess + 2C 7666313D 7 Bytes JMP 66973255 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00920A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 009203FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00920804 .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 009201F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00920600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3700] GDI32.dll!GetViewportOrgEx + 21C 779785EB 7 Bytes JMP 672A4062 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\LPT\srptm.exe[3752] KERNEL32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\conhost.exe[3760] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000303FC .text C:\Windows\system32\conhost.exe[3760] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000301F8 .text C:\Windows\system32\conhost.exe[3760] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\conhost.exe[3760] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 000C0A08 .text C:\Windows\system32\conhost.exe[3760] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 000C03FC .text C:\Windows\system32\conhost.exe[3760] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 000C0804 .text C:\Windows\system32\conhost.exe[3760] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\conhost.exe[3760] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 000C0600 .text C:\Windows\system32\SearchIndexer.exe[4144] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[4144] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[4144] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[4144] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00170A08 .text C:\Windows\system32\SearchIndexer.exe[4144] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001703FC .text C:\Windows\system32\SearchIndexer.exe[4144] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00170804 .text C:\Windows\system32\SearchIndexer.exe[4144] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001701F8 .text C:\Windows\system32\SearchIndexer.exe[4144] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00170600 .text C:\Windows\system32\svchost.exe[4280] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[4280] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[4280] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00090A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 000903FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00090804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4500] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00090600 .text C:\Users\seb\Downloads\jzeetjog.exe[4680] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 001603FC .text C:\Users\seb\Downloads\jzeetjog.exe[4680] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 001601F8 .text C:\Users\seb\Downloads\jzeetjog.exe[4680] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Users\seb\Downloads\jzeetjog.exe[4680] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 001A0A08 .text C:\Users\seb\Downloads\jzeetjog.exe[4680] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001A03FC .text C:\Users\seb\Downloads\jzeetjog.exe[4680] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 001A0804 .text C:\Users\seb\Downloads\jzeetjog.exe[4680] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001A01F8 .text C:\Users\seb\Downloads\jzeetjog.exe[4680] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 001A0600 .text C:\Windows\System32\svchost.exe[5460] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000A03FC .text C:\Windows\System32\svchost.exe[5460] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000A01F8 .text C:\Windows\System32\svchost.exe[5460] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\System32\svchost.exe[5460] user32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00210A08 .text C:\Windows\System32\svchost.exe[5460] user32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 002103FC .text C:\Windows\System32\svchost.exe[5460] user32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00210804 .text C:\Windows\System32\svchost.exe[5460] user32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 002101F8 .text C:\Windows\System32\svchost.exe[5460] user32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00210600 .text C:\Windows\System32\svchost.exe[6012] ntdll.dll!LdrUnloadDll 7787BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[6012] ntdll.dll!LdrLoadDll 7787F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[6012] kernel32.dll!GetBinaryTypeW + 70 76677964 1 Byte [62] .text C:\Windows\System32\svchost.exe[6012] USER32.dll!UnhookWindowsHookEx 75EACC7B 5 Bytes JMP 00150A08 .text C:\Windows\System32\svchost.exe[6012] USER32.dll!UnhookWinEvent 75EAD924 5 Bytes JMP 001503FC .text C:\Windows\System32\svchost.exe[6012] USER32.dll!SetWindowsHookExW 75EB210A 5 Bytes JMP 00150804 .text C:\Windows\System32\svchost.exe[6012] USER32.dll!SetWinEventHook 75EB507E 5 Bytes JMP 001501F8 .text C:\Windows\System32\svchost.exe[6012] USER32.dll!SetWindowsHookExA 75ED6DFA 5 Bytes JMP 00150600 ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\BTHUSB \Device\00000091 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) Device \Driver\BTHUSB \Device\00000093 bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize 976 Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{8A467970-3195-11E1-B971-806E6F6E6963} 1393226848 ---- Files - GMER 2.1 ---- File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\01bd0706f246592666fb400a4cb7a274.png 33501 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\07bdb653cd25ae796ed59141785f1256.png 0 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\15ebc3592d66c46f5eb5bcd1d5ac302b.png 44994 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\1732698b23d926c3e535f017813e0acf.png 37597 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\9daa14b4147347d30637720be0867fa3.png 0 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\a2b6889d0fb68b1901c0ca28fb531b3a.png 0 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\ab242cd24d9db4bc493edc73ac6d197f.png 43109 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\d0b8258e13953fc2f108a5c2e6fa4ca6.png 0 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\d1acf9535965e493adf89fb1d3d64243.png 0 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\dd680523b745218fc0f3af046b1fae31.png 43849 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\dd90a9fed86ed742def9b3ce3bd759cc.png 0 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\227bc068fa69e59c8876300f3596e3e7.png 0 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\23aa3de2a422f0362974a8530c05c6b7.png 38184 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\388e9a8d201b9e27d844707d331b23df.png 33501 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\f857980695f5516934aaf22e6abcf144.png 0 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\528720bd231ee372957f8c23c613e29a.png 0 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\54ca05af79216af63c7cab306f917966.png 0 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\72c590e0710e2b01893806bf90511dcf.png 38916 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\7b7f5564a2d7f594e1e401d7146e5e07.png 40532 bytes File C:\Users\seb\AppData\Local\Mozilla\Firefox\Profiles\kgyvow17.default-1397056163264\thumbnails\85ab058b3f701224cec623383dbf56a0.png 0 bytes File C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.145.gthr 0 bytes ---- EOF - GMER 2.1 ----