GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-06-30 12:59:22 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST31000340NS rev.SN06 Running: d7h4b7z8.exe; Driver: C:\Users\Kuba\AppData\Local\Temp\aftcaaog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9281CDF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x95B03A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x9281D85E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x928222E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x92822330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x92822422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x92822252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x92822374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9282229A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x928223DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9281CE44] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x95B03B34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9281CAD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9281CE90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9281FD1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9281DB02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9282230E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x92822352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x92822446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x92822278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x928223AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x928222C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x92822400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x95B03CA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9281D9CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9281CEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9281CF28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9281CB46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9281CCEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9281CC92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9281CD5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x95B03D60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9281CF74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x95B03BE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x95B19D92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83094579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830B8F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 830C0714 4 Bytes [F8, CD, 81, 92] {CLC ; INT 0x81; XCHG EDX, EAX} .text ntkrnlpa.exe!RtlSidHashLookup + 23C 830C073C 4 Bytes [5A, 3A, B0, 95] .text ntkrnlpa.exe!RtlSidHashLookup + 29C 830C079C 4 Bytes [5E, D8, 81, 92] .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 830C07F0 8 Bytes [E4, 22, 82, 92, 30, 23, 82, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 830C07FC 4 Bytes [22, 24, 82, 92] {AND AH, [EDX+EAX*4]; XCHG EDX, EAX} .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 83259F59 3 Bytes JMP 95B16C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject + 4 83259F5D 1 Byte [12] PAGE ntkrnlpa.exe!ObInsertObject + 27 83273C5F 5 Bytes JMP 95B18764 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 832BE0EA 4 Bytes CALL 9281E1B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 832C61C5 4 Bytes CALL 9281E1CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 8332BE52 7 Bytes JMP 95B19D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngMultiByteToUnicodeN + 7240 82869869 5 Bytes JMP 92820536 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngIsSemaphoreOwned + 8A1B 8288086D 5 Bytes JMP 9282067C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + 7C90 8289D15F 5 Bytes JMP 9282073C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + BF73 828A1442 5 Bytes JMP 928212EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 1C30 828B356D 5 Bytes JMP 928207FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 3318 828B4C55 5 Bytes JMP 9281FF84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XFORMOBJ_iGetXform + 401D 828B595A 5 Bytes JMP 928210BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 6CB 828BA1DB 5 Bytes JMP 9282070C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 177B 828BB28B 5 Bytes JMP 92820562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAllocMem + 8F96 828C6291 5 Bytes JMP 92820724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bEnum + 7A2D 828D782C 5 Bytes JMP 9281FFF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bEnum + 8714 828D8513 5 Bytes JMP 9281FE4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bEnum + 9311 828D9110 5 Bytes JMP 92820384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateSemaphore + A7EB 828F3FDB 5 Bytes JMP 92820F8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateSemaphore + CB9D 828F638D 5 Bytes JMP 9281FD52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngBitBlt + 56E 828FF939 5 Bytes JMP 92821036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngBitBlt + 5201 829045CC 5 Bytes JMP 928214F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + 6119 82917842 5 Bytes JMP 9281FE66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + 11641 82922D6A 5 Bytes JMP 9282107C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngLpkInstalled + 1AE7F 8292C5A8 5 Bytes JMP 92822544 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!STROBJ_bEnum + 9767 8293FA7F 5 Bytes JMP 928202E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 26C1 82947B45 5 Bytes JMP 928213A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bPolyBezierTo + F8 8295B449 5 Bytes JMP 928201AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAcquireSemaphoreSharedNoWait + 1F5A 8296B437 5 Bytes JMP 92821450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + EB5 82995C7F 5 Bytes JMP 928200B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetCurrentGamma + 1C7A 82999C9C 5 Bytes JMP 92820104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetPointerShape + B31 8299C7C4 5 Bytes JMP 928207E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetPointerShape + C86 8299C919 5 Bytes JMP 92821232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_cEnumStart + 6CE0 829A55A5 5 Bytes JMP 9281FF22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!CLIPOBJ_cEnumStart + A3D9 829A8C9E 5 Bytes JMP 92820248 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B5059000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B5059123 629 Bytes [45, 05, B5, FE, 05, 34, 45, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 B5059399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F B50593FF 51 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 53C3 B5059433 96 Bytes [04, B5, 85, C9, 7C, 18, 8D, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\PROGRA~1\Raptr\raptr.exe[124] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\PROGRA~1\Raptr\raptr.exe[124] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\PROGRA~1\Raptr\raptr.exe[124] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00200A08 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!SetForegroundWindow 772CD3AE 5 Bytes JMP 075D8A78 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!DestroyWindow 772CD5EF 5 Bytes JMP 075D5A60 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 002003FC .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!ShowWindow 772D147A 5 Bytes JMP 075D4A58 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00200804 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!PeekMessageA 772D2EB2 5 Bytes JMP 075DB290 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!DispatchMessageA 772D3569 5 Bytes JMP 075D2A48 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!SetWindowPos 772D3581 5 Bytes JMP 075D6A68 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 002001F8 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!EndPaint 772D7B73 5 Bytes JMP 6632B990 C:\PROGRA~1\Raptr\QtWebKit4.dll (C++ application development framework./Nokia Corporation and/or its subsidiary(-ies)) .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!BeginPaint 772D7B87 5 Bytes JMP 6632B920 C:\PROGRA~1\Raptr\QtWebKit4.dll (C++ application development framework./Nokia Corporation and/or its subsidiary(-ies)) .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!DispatchMessageW 772D8E8D 5 Bytes JMP 075D3A50 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!PeekMessageW 772D91B5 5 Bytes JMP 075DC298 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!BringWindowToTop 772F1B1D 5 Bytes JMP 075DD2A0 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!AnimateWindow 772F1D32 5 Bytes JMP 075D7A70 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!SetCapture 772F6B2A 5 Bytes JMP 075D9A80 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!WindowFromPoint 772F6D0C 5 Bytes JMP 075D1A40 .text C:\PROGRA~1\Raptr\raptr.exe[124] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00200600 .text C:\PROGRA~1\Raptr\raptr.exe[124] GDI32.dll!BitBlt 75D57180 5 Bytes JMP 075D0A38 .text C:\Program Files\Xfire\Xfire.exe[128] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Xfire\Xfire.exe[128] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Program Files\Xfire\Xfire.exe[128] kernel32.dll!CreateProcessA 75AD2062 5 Bytes JMP 06B29904 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] kernel32.dll!CreateThread 75B227FD 5 Bytes JMP 06B291AE C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Xfire\Xfire.exe[128] GDI32.dll!BitBlt 75D57180 5 Bytes JMP 06B28B45 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!InvalidateRgn 772C8099 5 Bytes JMP 06B28D76 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!CreateDialogParamW 772C9BFF 5 Bytes JMP 06B2932B C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!GetCursorPos 772CC198 5 Bytes JMP 06B28EDE C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!SetFocus 772CCBA9 5 Bytes JMP 06B28C0E C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!SetForegroundWindow 772CD3AE 5 Bytes JMP 06B294AB C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001F03FC .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!RegisterClassA 772CE225 5 Bytes JMP 06B290FD C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!CreateWindowExW 772D0E51 5 Bytes JMP 06B2955C C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 001F0804 .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!SetWindowPos 772D3581 5 Bytes JMP 06B293E8 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!RedrawWindow 772D52A2 5 Bytes JMP 06B29043 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!IsWindowVisible 772D6939 7 Bytes JMP 06B2962E C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!GetDC 772D7041 5 Bytes JMP 06B289E9 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!ReleaseDC 772D7055 5 Bytes JMP 06B28A91 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!BeginPaint 772D7B87 5 Bytes JMP 06B2894D C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!InvalidateRect 772D7BC9 5 Bytes JMP 06B28CBF C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!TrackPopupMenu 772F4B3B 5 Bytes JMP 06B29841 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!DialogBoxParamW 772F564A 5 Bytes JMP 06B2926E C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!SetCapture 772F6B2A 5 Bytes JMP 06B28E2D C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!WindowFromPoint 772F6D0C 5 Bytes JMP 06B28F8F C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Xfire\Xfire.exe[128] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 001F0600 .text C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\wininit.exe[560] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[560] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[560] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\wininit.exe[560] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wininit.exe[560] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000C03FC .text C:\Windows\system32\wininit.exe[560] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 000C0804 .text C:\Windows\system32\wininit.exe[560] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wininit.exe[560] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 000C0600 .text C:\Windows\system32\csrss.exe[572] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\services.exe[612] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000A03FC .text C:\Windows\system32\services.exe[612] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000A01F8 .text C:\Windows\system32\services.exe[612] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\winlogon.exe[656] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[656] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[656] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\winlogon.exe[656] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 000C0A08 .text C:\Windows\system32\winlogon.exe[656] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000C03FC .text C:\Windows\system32\winlogon.exe[656] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 000C0804 .text C:\Windows\system32\winlogon.exe[656] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000C01F8 .text C:\Windows\system32\winlogon.exe[656] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 000C0600 .text C:\Windows\system32\lsass.exe[692] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\lsass.exe[692] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsass.exe[692] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[696] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[696] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\Dwm.exe[696] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[696] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000803FC .text C:\Windows\system32\Dwm.exe[696] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[696] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[696] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00080600 .text C:\Windows\system32\lsm.exe[708] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\lsm.exe[708] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsm.exe[708] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\svchost.exe[824] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[824] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[824] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[904] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\nvvsvc.exe[904] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\nvvsvc.exe[904] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[904] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\nvvsvc.exe[904] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000F03FC .text C:\Windows\system32\nvvsvc.exe[904] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\nvvsvc.exe[904] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\nvvsvc.exe[904] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 000F0600 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[928] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001503FC .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[928] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001501F8 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[928] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[928] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[928] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001F03FC .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[928] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 001F0804 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[928] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001F01F8 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[928] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 001F0600 .text C:\Windows\Explorer.EXE[956] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[956] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[956] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\Explorer.EXE[956] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 000A0A08 .text C:\Windows\Explorer.EXE[956] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000A03FC .text C:\Windows\Explorer.EXE[956] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 000A0804 .text C:\Windows\Explorer.EXE[956] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000A01F8 .text C:\Windows\Explorer.EXE[956] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 000A0600 .text C:\Windows\system32\svchost.exe[972] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[972] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\System32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\System32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00830A08 .text C:\Windows\System32\svchost.exe[1056] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 008303FC .text C:\Windows\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00830804 .text C:\Windows\System32\svchost.exe[1056] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 008301F8 .text C:\Windows\System32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00830600 .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1120] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\System32\svchost.exe[1120] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00860A08 .text C:\Windows\System32\svchost.exe[1120] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 008603FC .text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00860804 .text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 008601F8 .text C:\Windows\System32\svchost.exe[1120] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00860600 .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1148] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1148] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00D20A08 .text C:\Windows\system32\svchost.exe[1148] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 00D203FC .text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00D20804 .text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 00D201F8 .text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00D20600 .text C:\Windows\system32\AUDIODG.EXE[1244] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\AUDIODG.EXE[1244] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\AUDIODG.EXE[1244] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[1244] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\AUDIODG.EXE[1244] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001003FC .text C:\Windows\system32\AUDIODG.EXE[1244] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00100804 .text C:\Windows\system32\AUDIODG.EXE[1244] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\AUDIODG.EXE[1244] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1300] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1300] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 008B0A08 .text C:\Windows\system32\svchost.exe[1300] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 008B03FC .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 008B0804 .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 008B01F8 .text C:\Windows\system32\svchost.exe[1300] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 008B0600 .text C:\Windows\system32\svchost.exe[1408] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1408] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1408] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1408] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 010C0A08 .text C:\Windows\system32\svchost.exe[1408] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 010C03FC .text C:\Windows\system32\svchost.exe[1408] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 010C0804 .text C:\Windows\system32\svchost.exe[1408] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 010C01F8 .text C:\Windows\system32\svchost.exe[1408] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 010C0600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] kernel32.dll!SetUnhandledExceptionFilter 75B23142 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1488] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1488] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1488] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1488] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1488] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001F03FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1488] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 001F0804 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1488] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001F01F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1488] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 001F0600 .text C:\Users\Kuba\Desktop\Nowy folder (6)\d7h4b7z8.exe[1508] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Users\Kuba\Desktop\Nowy folder (6)\d7h4b7z8.exe[1508] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Users\Kuba\Desktop\Nowy folder (6)\d7h4b7z8.exe[1508] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Users\Kuba\Desktop\Nowy folder (6)\d7h4b7z8.exe[1508] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00210A08 .text C:\Users\Kuba\Desktop\Nowy folder (6)\d7h4b7z8.exe[1508] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 002103FC .text C:\Users\Kuba\Desktop\Nowy folder (6)\d7h4b7z8.exe[1508] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00210804 .text C:\Users\Kuba\Desktop\Nowy folder (6)\d7h4b7z8.exe[1508] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 002101F8 .text C:\Users\Kuba\Desktop\Nowy folder (6)\d7h4b7z8.exe[1508] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00210600 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000F03FC .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 000F0804 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000F01F8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 000F0600 .text C:\Windows\system32\nvvsvc.exe[1548] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\nvvsvc.exe[1548] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\nvvsvc.exe[1548] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000F03FC .text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1616] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1616] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1616] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1616] USER32.dll!SetWindowLongA 772CB1E3 5 Bytes JMP 60BDFB5F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1616] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1616] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 002003FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1616] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00200804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1616] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 002001F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1616] USER32.dll!SetWindowLongW 772D6614 5 Bytes JMP 60BDFAEE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1616] USER32.dll!GetWindowInfo 772D6A82 5 Bytes JMP 609BA76C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1616] USER32.dll!TrackPopupMenu 772F4B3B 5 Bytes JMP 609BAD79 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[1616] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00200600 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1664] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1664] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1664] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1664] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1664] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001F03FC .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1664] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 001F0804 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1664] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[1664] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 001F0600 .text C:\Windows\system32\taskhost.exe[1776] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[1776] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[1776] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\taskhost.exe[1776] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 000E0A08 .text C:\Windows\system32\taskhost.exe[1776] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000E03FC .text C:\Windows\system32\taskhost.exe[1776] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 000E0804 .text C:\Windows\system32\taskhost.exe[1776] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\taskhost.exe[1776] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 000E0600 .text C:\Windows\System32\spoolsv.exe[1832] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\spoolsv.exe[1832] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\spoolsv.exe[1832] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1832] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00090A08 .text C:\Windows\System32\spoolsv.exe[1832] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000903FC .text C:\Windows\System32\spoolsv.exe[1832] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00090804 .text C:\Windows\System32\spoolsv.exe[1832] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000901F8 .text C:\Windows\System32\spoolsv.exe[1832] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00090600 .text C:\Windows\system32\svchost.exe[1860] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1860] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1860] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1860] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00910A08 .text C:\Windows\system32\svchost.exe[1860] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 009103FC .text C:\Windows\system32\svchost.exe[1860] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00910804 .text C:\Windows\system32\svchost.exe[1860] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 009101F8 .text C:\Windows\system32\svchost.exe[1860] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00910600 .text C:\PROGRA~1\Raptr\raptr_im.exe[1968] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\PROGRA~1\Raptr\raptr_im.exe[1968] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\PROGRA~1\Raptr\raptr_im.exe[1968] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\PROGRA~1\Raptr\raptr_im.exe[1968] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00200A08 .text C:\PROGRA~1\Raptr\raptr_im.exe[1968] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 002003FC .text C:\PROGRA~1\Raptr\raptr_im.exe[1968] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00200804 .text C:\PROGRA~1\Raptr\raptr_im.exe[1968] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 002001F8 .text C:\PROGRA~1\Raptr\raptr_im.exe[1968] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00200600 .text C:\Program Files\SpeedyDrive\mounter.exe[1992] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000903FC .text C:\Program Files\SpeedyDrive\mounter.exe[1992] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000901F8 .text C:\Program Files\SpeedyDrive\mounter.exe[1992] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\PnkBstrA.exe[2236] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001503FC .text C:\Windows\system32\PnkBstrA.exe[2236] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001501F8 .text C:\Windows\system32\PnkBstrA.exe[2236] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\PnkBstrA.exe[2236] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 001E0A08 .text C:\Windows\system32\PnkBstrA.exe[2236] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001E03FC .text C:\Windows\system32\PnkBstrA.exe[2236] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 001E0804 .text C:\Windows\system32\PnkBstrA.exe[2236] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001E01F8 .text C:\Windows\system32\PnkBstrA.exe[2236] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 001E0600 .text C:\Windows\system32\svchost.exe[2260] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2260] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2260] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Steam\Steam.exe[2344] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Steam\Steam.exe[2344] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Program Files\Steam\Steam.exe[2344] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Steam\Steam.exe[2344] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Steam\Steam.exe[2344] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001F03FC .text C:\Program Files\Steam\Steam.exe[2344] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 001F0804 .text C:\Program Files\Steam\Steam.exe[2344] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Steam\Steam.exe[2344] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2596] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2596] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2596] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2596] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2596] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 002003FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2596] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00200804 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2596] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 002001F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2596] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00200600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2604] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 002103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00210804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 002101F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00210600 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2744] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2744] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2744] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2744] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2744] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 002003FC .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2744] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00200804 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2744] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 002001F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2744] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00200600 .text C:\Windows\system32\SearchProtocolHost.exe[2872] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchProtocolHost.exe[2872] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchProtocolHost.exe[2872] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\SearchProtocolHost.exe[2872] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\SearchProtocolHost.exe[2872] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000F03FC .text C:\Windows\system32\SearchProtocolHost.exe[2872] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\SearchProtocolHost.exe[2872] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\SearchProtocolHost.exe[2872] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 009F03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 009F01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00AB0A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 00AB03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00AB0804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 00AB01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[2924] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00AB0600 .text C:\Windows\System32\svchost.exe[3040] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[3040] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[3040] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\System32\svchost.exe[3040] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00230A08 .text C:\Windows\System32\svchost.exe[3040] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 002303FC .text C:\Windows\System32\svchost.exe[3040] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00230804 .text C:\Windows\System32\svchost.exe[3040] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 002301F8 .text C:\Windows\System32\svchost.exe[3040] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00230600 .text C:\Windows\system32\svchost.exe[3080] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[3080] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[3080] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\svchost.exe[3080] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00420A08 .text C:\Windows\system32\svchost.exe[3080] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 004203FC .text C:\Windows\system32\svchost.exe[3080] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00420804 .text C:\Windows\system32\svchost.exe[3080] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 004201F8 .text C:\Windows\system32\svchost.exe[3080] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00420600 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[3224] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[3224] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00090A08 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000903FC .text C:\Windows\system32\wbem\wmiprvse.exe[3224] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00090804 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000901F8 .text C:\Windows\system32\wbem\wmiprvse.exe[3224] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00090600 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3388] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3388] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3388] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3388] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00180A08 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3388] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001803FC .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3388] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00180804 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3388] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001801F8 .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[3388] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00180600 .text C:\Windows\system32\WUDFHost.exe[3416] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\WUDFHost.exe[3416] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\WUDFHost.exe[3416] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\WUDFHost.exe[3416] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\WUDFHost.exe[3416] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001003FC .text C:\Windows\system32\WUDFHost.exe[3416] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00100804 .text C:\Windows\system32\WUDFHost.exe[3416] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\WUDFHost.exe[3416] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00100600 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3428] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3428] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3428] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3428] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3428] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001F03FC .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3428] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 001F0804 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3428] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001F01F8 .text C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3428] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 001F0600 .text C:\Windows\system32\SearchIndexer.exe[3540] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[3540] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[3540] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3540] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\SearchIndexer.exe[3540] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001003FC .text C:\Windows\system32\SearchIndexer.exe[3540] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00100804 .text C:\Windows\system32\SearchIndexer.exe[3540] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\SearchIndexer.exe[3540] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00100600 .text C:\Program Files\Gadu-Gadu 10\gg.exe[3576] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Program Files\Gadu-Gadu 10\gg.exe[3576] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Program Files\Gadu-Gadu 10\gg.exe[3576] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Gadu-Gadu 10\gg.exe[3576] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 023B0A08 .text C:\Program Files\Gadu-Gadu 10\gg.exe[3576] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 023B03FC .text C:\Program Files\Gadu-Gadu 10\gg.exe[3576] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 023B0804 .text C:\Program Files\Gadu-Gadu 10\gg.exe[3576] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 023B01F8 .text C:\Program Files\Gadu-Gadu 10\gg.exe[3576] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 023B0600 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00210A08 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 002103FC .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00210804 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 002101F8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[3808] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00210600 .text C:\Program Files\Internet Download Manager\IDMan.exe[4044] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Internet Download Manager\IDMan.exe[4044] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Program Files\Internet Download Manager\IDMan.exe[4044] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Internet Download Manager\IDMan.exe[4044] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00180A08 .text C:\Program Files\Internet Download Manager\IDMan.exe[4044] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001803FC .text C:\Program Files\Internet Download Manager\IDMan.exe[4044] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00180804 .text C:\Program Files\Internet Download Manager\IDMan.exe[4044] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001801F8 .text C:\Program Files\Internet Download Manager\IDMan.exe[4044] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00180600 .text C:\Program Files\uTorrent\uTorrent.exe[4068] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 003403FC .text C:\Program Files\uTorrent\uTorrent.exe[4068] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 003401F8 .text C:\Program Files\uTorrent\uTorrent.exe[4068] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\uTorrent\uTorrent.exe[4068] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 003E0A08 .text C:\Program Files\uTorrent\uTorrent.exe[4068] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 003E03FC .text C:\Program Files\uTorrent\uTorrent.exe[4068] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 003E0804 .text C:\Program Files\uTorrent\uTorrent.exe[4068] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 003E01F8 .text C:\Program Files\uTorrent\uTorrent.exe[4068] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 003E0600 .text C:\Windows\system32\SearchProtocolHost.exe[4072] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchProtocolHost.exe[4072] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchProtocolHost.exe[4072] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\SearchProtocolHost.exe[4072] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\SearchProtocolHost.exe[4072] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000F03FC .text C:\Windows\system32\SearchProtocolHost.exe[4072] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\SearchProtocolHost.exe[4072] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\SearchProtocolHost.exe[4072] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4244] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4244] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 001601F8 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4244] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4244] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4244] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001F03FC .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4244] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 001F0804 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4244] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Internet Download Manager\IEMonitor.exe[4244] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 001F0600 .text C:\Windows\system32\svchost.exe[4424] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[4424] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[4424] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Common Files\Steam\SteamService.exe[4808] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Steam\SteamService.exe[4808] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Steam\SteamService.exe[4808] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Common Files\Steam\SteamService.exe[4808] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Common Files\Steam\SteamService.exe[4808] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 000F03FC .text C:\Program Files\Common Files\Steam\SteamService.exe[4808] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 000F0804 .text C:\Program Files\Common Files\Steam\SteamService.exe[4808] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Common Files\Steam\SteamService.exe[4808] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 000F0600 .text C:\Windows\system32\SearchFilterHost.exe[4868] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000A03FC .text C:\Windows\system32\SearchFilterHost.exe[4868] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000A01F8 .text C:\Windows\system32\SearchFilterHost.exe[4868] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\SearchFilterHost.exe[4868] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00140A08 .text C:\Windows\system32\SearchFilterHost.exe[4868] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001403FC .text C:\Windows\system32\SearchFilterHost.exe[4868] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00140804 .text C:\Windows\system32\SearchFilterHost.exe[4868] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001401F8 .text C:\Windows\system32\SearchFilterHost.exe[4868] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00140600 .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 6083696F C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] kernel32.dll!MapViewOfFile 75B1C0D4 5 Bytes JMP 60AE0219 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] kernel32.dll!VirtualAlloc 75B205F4 5 Bytes JMP 60AE0240 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] kernel32.dll!LoadLibraryA 75B22864 5 Bytes JMP 1003ADA0 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] kernel32.dll!LoadLibraryW 75B228B2 5 Bytes JMP 1003AEA8 C:\Program Files\Xfire\xfire_toucan_45547.dll (Xfire Toucan DLL/Xfire Inc.) .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00160A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001603FC .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00160804 .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001601F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00160600 .text C:\Program Files\Mozilla Firefox\firefox.exe[5268] GDI32.dll!CreateDIBSection 75D585F0 5 Bytes JMP 60AE01A3 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5600] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000603FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5600] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000601F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5600] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5600] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00120A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5600] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001203FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5600] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00120804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5600] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001201F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[5600] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00120600 .text C:\Windows\system32\sppsvc.exe[6128] ntdll.dll!LdrUnloadDll 7762BE7F 5 Bytes JMP 000703FC .text C:\Windows\system32\sppsvc.exe[6128] ntdll.dll!LdrLoadDll 7762F585 5 Bytes JMP 000701F8 .text C:\Windows\system32\sppsvc.exe[6128] kernel32.dll!GetBinaryTypeW + 70 75B37964 1 Byte [62] .text C:\Windows\system32\sppsvc.exe[6128] USER32.dll!UnhookWindowsHookEx 772CCC7B 5 Bytes JMP 00110A08 .text C:\Windows\system32\sppsvc.exe[6128] USER32.dll!UnhookWinEvent 772CD924 5 Bytes JMP 001103FC .text C:\Windows\system32\sppsvc.exe[6128] USER32.dll!SetWindowsHookExW 772D210A 5 Bytes JMP 00110804 .text C:\Windows\system32\sppsvc.exe[6128] USER32.dll!SetWinEventHook 772D507E 5 Bytes JMP 001101F8 .text C:\Windows\system32\sppsvc.exe[6128] USER32.dll!SetWindowsHookExA 772F6DFA 5 Bytes JMP 00110600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [731CF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2604] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [731CF6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004e halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Files - GMER 1.0.15 ---- File C:\Program Files\TeamSpeak 3 Client\config\cache\remote\image\jpeg;base64,\9j\4AAQSkZJRgABAQAAAQABAAD\2wBDAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys\RD84QzQ5Ojf\2wBDAQoKCg0MDRoPDxo3JR8lNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzf\wAARCAAQABADASIAAhEBAxEB 0 bytes File C:\Program Files\TeamSpeak 3 Client\config\cache\remote\image\jpeg;base64,\9j\4AAQSkZJRgABAQAAAQABAAD\2wBDAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys\RD84QzQ5Ojf\2wBDAQoKCg0MDRoPDxo3JR8lNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzf\wAARCAAQABADASIAAhEBAxEB\8QAFgABAQEAAAAAAAAAAAAAAAAAAAIF 0 bytes File C:\Program Files\TeamSpeak 3 Client\config\cache\remote\image\jpeg;base64,\9j\4AAQSkZJRgABAQAAAQABAAD\2wBDAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys\RD84QzQ5Ojf\2wBDAQoKCg0MDRoPDxo3JR8lNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzf\wAARCAAQABADASIAAhEBAxEB\8QAFgABAQEAAAAAAAAAAAAAAAAAAAIF\8QAIhAAAQQCAgEFAAAAAAAAAAAAAQIDBAUGERMhABIxMkFx 0 bytes File C:\Program Files\TeamSpeak 3 Client\config\cache\remote\image\jpeg;base64,\9j\4AAQSkZJRgABAQAAAQABAAD\2wBDAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys\RD84QzQ5Ojf\2wBDAQoKCg0MDRoPDxo3JR8lNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzf\wAARCAAQABADASIAAhEBAxEB\8QAFgABAQEAAAAAAAAAAAAAAAAAAAIF\8QAIhAAAQQCAgEFAAAAAAAAAAAAAQIDBAUGERMhABIxMkFx\8QAFQEBAQAAAAAAAAAAAAAAAAAABQb 0 bytes File C:\Program Files\TeamSpeak 3 Client\config\cache\remote\image\jpeg;base64,\9j\4AAQSkZJRgABAQAAAQABAAD\2wBDAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys\RD84QzQ5Ojf\2wBDAQoKCg0MDRoPDxo3JR8lNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzf\wAARCAAQABADASIAAhEBAxEB\8QAFgABAQEAAAAAAAAAAAAAAAAAAAIF\8QAIhAAAQQCAgEFAAAAAAAAAAAAAQIDBAUGERMhABIxMkFx\8QAFQEBAQAAAAAAAAAAAAAAAAAABQb\xAAdEQAABQUAAAAAAAAAAAAAAAAAERITQSIjUWGR 0 bytes File C:\Program Files\TeamSpeak 3 Client\config\cache\remote\image\jpeg;base64,\9j\4AAQSkZJRgABAQAAAQABAAD\2wBDAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys\RD84QzQ5Ojf\2wBDAQoKCg0MDRoPDxo3JR8lNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzf\wAARCAAQABADASIAAhEBAxEB\8QAFgABAQEAAAAAAAAAAAAAAAAAAAIF\8QAIhAAAQQCAgEFAAAAAAAAAAAAAQIDBAUGERMhABIxMkFx\8QAFQEBAQAAAAAAAAAAAAAAAAAABQb\xAAdEQAABQUAAAAAAAAAAAAAAAAAERITQSIjUWGR\9oADAMBAAIRAxEAPwDQnvUeP4TUW0yhh2c6w4ElcrjBdedT61Lcec3ofI7O 0 bytes File C:\Program Files\TeamSpeak 3 Client\config\cache\remote\image\jpeg;base64,\9j\4AAQSkZJRgABAQAAAQABAAD\2wBDAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys\RD84QzQ5Ojf\2wBDAQoKCg0MDRoPDxo3JR8lNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzf\wAARCAAQABADASIAAhEBAxEB\8QAFgABAQEAAAAAAAAAAAAAAAAAAAIF\8QAIhAAAQQCAgEFAAAAAAAAAAAAAQIDBAUGERMhABIxMkFx\8QAFQEBAQAAAAAAAAAAAAAAAAAABQb\xAAdEQAABQUAAAAAAAAAAAAAAAAAERITQSIjUWGR\9oADAMBAAIRAxEAPwDQnvUeP4TUW0yhh2c6w4ElcrjBdedT61Lcec3ofI7O\r2HYQHqPIMJt7aHQw6ydX86QuLxktPNJ9aVtvN62PidjX37js28iiu8Yxyvs7mBDcq3o7kqJMKQpSmUlC2VoWQRs7HYP4QfDKKKkxjI6+suYExy0ekORYkMpKkqeSEIZQhBJOjodAfgA8joKpxW88CNx2SH 0 bytes File C:\Program Files\TeamSpeak 3 Client\config\cache\remote\image\jpeg;base64,\9j\4AAQSkZJRgABAQAAAQABAAD\2wBDAAkGBwgHBgkIBwgKCgkLDRYPDQwMDRsUFRAWIB0iIiAdHx8kKDQsJCYxJx8fLT0tMTU3Ojo6Iys\RD84QzQ5Ojf\2wBDAQoKCg0MDRoPDxo3JR8lNzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzc3Nzf\wAARCAAQABADASIAAhEBAxEB\8QAFgABAQEAAAAAAAAAAAAAAAAAAAIF\8QAIhAAAQQCAgEFAAAAAAAAAAAAAQIDBAUGERMhABIxMkFx\8QAFQEBAQAAAAAAAAAAAAAAAAAABQb\xAAdEQAABQUAAAAAAAAAAAAAAAAAERITQSIjUWGR\9oADAMBAAIRAxEAPwDQnvUeP4TUW0yhh2c6w4ElcrjBdedT61Lcec3ofI7O\r2HYQHqPIMJt7aHQw6ydX86QuLxktPNJ9aVtvN62PidjX37js28iiu8Yxyvs7mBDcq3o7kqJMKQpSmUlC2VoWQRs7HYP4QfDKKKkxjI6+suYExy0ekORYkMpKkqeSEIZQhBJOjodAfgA8joKpxW88CNx2SH\9k= 455 bytes ---- EOF - GMER 1.0.15 ----