GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-11 17:45:54 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.HH10 Running: l2tdg8qi.exe; Driver: C:\Users\samsung\AppData\Local\Temp\pxroypoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8892C536] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8B8B77BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8892CF52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x88937D7A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x88937DC6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x88937F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x88937CE8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8B8B7BAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x88937D30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8892D146] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8892D2CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x88937F02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8892D8CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8892C584] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8B8B789E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8892C1EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8892C5D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x889312A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8892E292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x88937DA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x88937DE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x88937F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x88937D0E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x88937E8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x88937D58] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x88937F26] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8B8B7A1E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8892E15E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8892DE9A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8892C620] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8892C66E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8892D74A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8892C276] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8892C426] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8892C3CC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8892DA2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8892DB88] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8892C496] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8B8B7AE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8892D5CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8892C6BC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8B8B7954] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8B8CF744] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C85539 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 224 82CB1884 4 Bytes [36, C5, 92, 88] .text ntkrnlpa.exe!RtlSidHashLookup + 24C 82CB18AC 4 Bytes [BA, 77, 8B, 8B] .text ntkrnlpa.exe!RtlSidHashLookup + 2AC 82CB190C 4 Bytes [52, CF, 92, 88] .text ntkrnlpa.exe!RtlSidHashLookup + 300 82CB1960 8 Bytes [7A, 7D, 93, 88, C6, 7D, 93, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 30C 82CB196C 4 Bytes [48, 7F, 93, 88] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\windows\SYSTEM32\Rezip.exe[420] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001503FC .text C:\windows\SYSTEM32\Rezip.exe[420] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001501F8 .text C:\windows\SYSTEM32\Rezip.exe[420] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\SYSTEM32\Rezip.exe[420] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 002E0A08 .text C:\windows\SYSTEM32\Rezip.exe[420] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 002E03FC .text C:\windows\SYSTEM32\Rezip.exe[420] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 002E0804 .text C:\windows\SYSTEM32\Rezip.exe[420] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 002E01F8 .text C:\windows\SYSTEM32\Rezip.exe[420] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 002E0600 .text C:\windows\system32\csrss.exe[480] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[484] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[484] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[484] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\wininit.exe[520] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\csrss.exe[528] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\winlogon.exe[584] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\services.exe[628] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] ? C:\windows\system32\services.exe[628] C:\windows\system32\smss.exe image checksum mismatch; time/date stamp mismatch; unknown module: MSWSOCK.dll .text C:\windows\system32\lsass.exe[636] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\lsm.exe[644] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[740] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[836] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\System32\svchost.exe[924] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text ... .text C:\Users\samsung\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[1048] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\Users\samsung\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[1048] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\Users\samsung\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[1048] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Users\samsung\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[1048] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 003F0A08 .text C:\Users\samsung\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[1048] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 003F03FC .text C:\Users\samsung\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[1048] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 003F0804 .text C:\Users\samsung\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[1048] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 003F01F8 .text C:\Users\samsung\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe[1048] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 003F0600 .text C:\windows\system32\svchost.exe[1140] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[1316] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\svchost.exe[1444] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1484] kernel32.dll!SetUnhandledExceptionFilter 75C930E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1484] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\System32\spoolsv.exe[1672] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1804] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[1856] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Users\samsung\Desktop\l2tdg8qi.exe[1904] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\Users\samsung\Desktop\l2tdg8qi.exe[1904] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\Users\samsung\Desktop\l2tdg8qi.exe[1904] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Users\samsung\Desktop\l2tdg8qi.exe[1904] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00210A08 .text C:\Users\samsung\Desktop\l2tdg8qi.exe[1904] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 002103FC .text C:\Users\samsung\Desktop\l2tdg8qi.exe[1904] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00210804 .text C:\Users\samsung\Desktop\l2tdg8qi.exe[1904] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 002101F8 .text C:\Users\samsung\Desktop\l2tdg8qi.exe[1904] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00210600 .text D:\xampp\filezillaftp\filezillaserver.exe[1916] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\ProgramData\DatacardService\HWDeviceService.exe[1992] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe[2040] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\System32\svchost.exe[2068] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\windows\System32\svchost.exe[2068] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\windows\System32\svchost.exe[2068] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\System32\svchost.exe[2068] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 001C0A08 .text C:\windows\System32\svchost.exe[2068] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001C03FC .text C:\windows\System32\svchost.exe[2068] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 001C0804 .text C:\windows\System32\svchost.exe[2068] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 001C01F8 .text C:\windows\System32\svchost.exe[2068] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 001C0600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2100] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 002103FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2100] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 002101F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2100] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2100] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 002B0A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2100] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 002B03FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2100] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 002B0804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2100] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 002B01F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2100] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 002B0600 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2164] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2164] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2164] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2164] USER32.dll!CharToOemA + 3A 768BB1DE 7 Bytes JMP 6940C453 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2164] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00110A08 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2164] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001103FC .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2164] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00110804 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2164] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 001101F8 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2164] USER32.dll!AdjustWindowRectEx + 117 768C660F 7 Bytes JMP 6940C3E2 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2164] USER32.dll!GetWindowInfo 768C6A82 5 Bytes JMP 691CBACC C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2164] USER32.dll!MenuItemFromPoint + F 768E4B36 7 Bytes JMP 691CC0F9 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2164] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00110600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2264] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2264] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2264] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2264] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00090A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2264] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 000903FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2264] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00090804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2264] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 000901F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2264] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00090600 .text C:\windows\system32\svchost.exe[2408] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[2408] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[2408] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2592] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2592] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2592] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2592] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00180A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2592] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001803FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2592] USER32.dll!SetWindowsHookExW 768C210A 3 Bytes JMP 00180804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2592] USER32.dll!SetWindowsHookExW + 4 768C210E 1 Byte [89] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2592] USER32.dll!SetWinEventHook 768C507E 3 Bytes JMP 001801F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2592] USER32.dll!SetWinEventHook + 4 768C5082 1 Byte [89] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[2592] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00180600 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2608] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2608] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2608] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2608] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2608] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 002003FC .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2608] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00200804 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2608] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 002001F8 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugin-container.exe[2608] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00200600 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtCreateFile + 6 77724876 4 Bytes [28, 00, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtCreateFile + B 7772487B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtCreateKey + 6 777248B6 4 Bytes [68, 01, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtCreateKey + B 777248BB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtCreateMutant + 6 777248F6 4 Bytes [68, 02, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtCreateMutant + B 777248FB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtCreateSection + 6 77724996 4 Bytes [A8, 02, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtCreateSection + B 7772499B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtMapViewOfSection + 6 77724ED6 4 Bytes CALL 767255DF .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtMapViewOfSection + B 77724EDB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenFile + 6 77724F86 4 Bytes [68, 00, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenFile + B 77724F8B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenKey + 6 77724FB6 4 Bytes [A8, 01, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenKey + B 77724FBB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenKeyEx + 6 77724FC6 4 Bytes CALL 767256CC .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenKeyEx + B 77724FCB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenMutant + 6 77725006 4 Bytes [28, 02, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenMutant + B 7772500B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenProcess + 6 77725036 1 Byte [68] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenProcess + 6 77725036 4 Bytes [68, 03, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenProcess + B 7772503B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenProcessToken + 6 77725046 1 Byte [A8] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenProcessToken + 6 77725046 4 Bytes [A8, 03, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenProcessToken + B 7772504B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenProcessTokenEx + 6 77725056 4 Bytes [68, 04, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenProcessTokenEx + B 7772505B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenSection + 6 77725076 4 Bytes CALL 7672577D .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenSection + B 7772507B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenThread + 6 777250B6 1 Byte [28] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenThread + 6 777250B6 4 Bytes [28, 03, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenThread + B 777250BB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenThreadToken + 6 777250C6 4 Bytes [28, 04, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenThreadToken + B 777250CB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenThreadTokenEx + 6 777250D6 4 Bytes [A8, 04, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtOpenThreadTokenEx + B 777250DB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtQueryAttributesFile + 6 777251E6 4 Bytes [A8, 00, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtQueryAttributesFile + B 777251EB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtQueryFullAttributesFile + 6 77725296 4 Bytes CALL 7672599B .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtQueryFullAttributesFile + B 7772529B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtSetInformationFile + 6 777258E6 4 Bytes [28, 01, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtSetInformationFile + B 777258EB 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtSetInformationThread + 6 77725946 1 Byte [E8] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtSetInformationThread + 6 77725946 4 Bytes CALL 7672604E .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtSetInformationThread + B 7772594B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtUnmapViewOfSection + 6 77725C66 4 Bytes [28, 05, 07, 00] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!NtUnmapViewOfSection + B 77725C6B 1 Byte [E2] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000803FC .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000801F8 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] kernel32.dll!CreateProcessW 75C4202D 5 Bytes JMP 00010030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] kernel32.dll!CreateProcessA 75C42062 5 Bytes JMP 00010070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!SelectObject 75D761D0 5 Bytes JMP 002305F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!SetTextColor 75D76622 5 Bytes JMP 002309F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!SetBkMode 75D766CD 5 Bytes JMP 002308B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!DeleteObject 75D768B4 5 Bytes JMP 002301B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!DeleteDC 75D76A2C 5 Bytes JMP 00230170 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!ExtSelectClipRgn 75D76C72 5 Bytes JMP 002302F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!SelectClipRgn 75D76D84 5 Bytes JMP 002305B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!GetDeviceCaps 75D76E03 5 Bytes JMP 002303B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!SetStretchBltMode 75D773CE 5 Bytes JMP 00230670 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!GetCurrentObject 75D7777C 5 Bytes JMP 00230370 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!GetTextMetricsW 75D7798F 5 Bytes JMP 00230DF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!IntersectClipRect 75D77CCA 5 Bytes JMP 002303F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!GetTextAlign 75D77D15 5 Bytes JMP 00230D30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!SetTextAlign 75D77F92 5 Bytes JMP 002309B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!ExtTextOutW 75D78053 5 Bytes JMP 00230930 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!GetClipBox 75D781F2 5 Bytes JMP 00230330 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!MoveToEx 75D78A16 5 Bytes JMP 00230470 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!CreateDCA 75D79975 5 Bytes JMP 002300B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!RestoreDC 75D79A10 5 Bytes JMP 00230530 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!SaveDC 75D79AD2 5 Bytes JMP 00230570 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!StretchDIBits 75D7AC38 5 Bytes JMP 00230730 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!GetTextFaceW 75D7B4CC 5 Bytes JMP 00230CF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!GetTextExtentPoint32W 75D7B535 5 Bytes JMP 00230630 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!GetFontData 75D7B8E8 5 Bytes JMP 00230C30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!CreateDCW 75D7BD21 5 Bytes JMP 002300F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!CreateICW 75D7C660 5 Bytes JMP 00230130 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!LineTo 75D7CA20 5 Bytes JMP 00230430 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!SetWorldTransform 75D7CB42 5 Bytes JMP 002306B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!GetTextMetricsA 75D7CE46 5 Bytes JMP 00230DB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!Rectangle 75D7F5BE 5 Bytes JMP 00230970 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!SetICMMode 75D7F8D4 5 Bytes JMP 00230D70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!ExtTextOutA 75D80158 5 Bytes JMP 002308F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!Escape 75D80B0D 5 Bytes JMP 00230270 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!ExtEscape 75D83472 5 Bytes JMP 002302B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!GetTextFaceA 75D83E49 5 Bytes JMP 00230CB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!SetPolyFillMode 75D86CE1 5 Bytes JMP 00230AF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!SetMiterLimit 75D86E54 5 Bytes JMP 00230B30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!ResetDCW 75D9031C 5 Bytes JMP 00230A70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!EndPage 75D907CD 5 Bytes JMP 00230230 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!GetGlyphOutlineW 75D9C292 5 Bytes JMP 00230C70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!CreateScalableFontResourceW 75D9E8EF 5 Bytes JMP 00230B70 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!AddFontResourceW 75D9ECEB 5 Bytes JMP 00230BB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!RemoveFontResourceW 75D9F1E1 5 Bytes JMP 00230BF0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!AbortDoc 75DA4D37 5 Bytes JMP 00230030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!EndDoc 75DA517E 5 Bytes JMP 002301F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!StartPage 75DA5269 5 Bytes JMP 002306F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!StartDocW 75DA5BB6 5 Bytes JMP 002307B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!BeginPath 75DA635D 5 Bytes JMP 002307F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!SelectClipPath 75DA63B4 5 Bytes JMP 00230AB0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!CloseFigure 75DA640F 5 Bytes JMP 00230070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!EndPath 75DA6466 5 Bytes JMP 00230A30 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!StrokePath 75DA6699 5 Bytes JMP 00230770 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!FillPath 75DA6726 5 Bytes JMP 00230830 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!PolylineTo 75DA6B94 5 Bytes JMP 002304F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!PolyBezierTo 75DA6C25 5 Bytes JMP 002304B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] GDI32.dll!PolyDraw 75DA6CD7 5 Bytes JMP 00230870 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!ActivateKeyboardLayout 768B817D 5 Bytes JMP 002404F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!ScreenToClient 768BC1F2 7 Bytes JMP 00240670 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 002F0A08 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 002F03FC .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!RegisterClipboardFormatA 768BE6B1 5 Bytes JMP 002402F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!RegisterClipboardFormatW 768BEDFD 5 Bytes JMP 002402B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 002F0804 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 002F01F8 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!SetCursor 768C52EA 5 Bytes JMP 00240530 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!MonitorFromWindow 768C590A 7 Bytes JMP 00240630 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!PostMessageW 768C6225 5 Bytes JMP 002405F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!IsWindowVisible 768C6939 7 Bytes JMP 002406B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!GetClientRect 768C74B1 7 Bytes JMP 002405B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!MapWindowPoints 768C7915 5 Bytes JMP 00240570 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!GetParent 768C7AB3 7 Bytes JMP 002406F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!SetClipboardData 768D4979 5 Bytes JMP 00240170 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!EmptyClipboard 768D4A28 5 Bytes JMP 00240130 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!GetClipboardData 768D4B47 5 Bytes JMP 00240030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!EnumClipboardFormats 768D4D98 5 Bytes JMP 002401B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!GetClipboardFormatNameW 768D7EB2 5 Bytes JMP 00240230 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!SetClipboardViewer 768D8F4D 5 Bytes JMP 002404B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!GetClipboardFormatNameA 768D8F61 5 Bytes JMP 00240270 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!GetOpenClipboardWindow 768D902F 1 Byte [E9] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!GetOpenClipboardWindow 768D902F 5 Bytes JMP 002403F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!ChangeClipboardChain 768E3425 5 Bytes JMP 00240430 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!GetTopWindow 768E3A5D 7 Bytes JMP 00240730 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!CloseClipboard 768E5BA7 5 Bytes JMP 002400B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!OpenClipboard 768E5BB9 5 Bytes JMP 00240070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!IsClipboardFormatAvailable 768E5C3A 5 Bytes JMP 002400F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!GetClipboardSequenceNumber 768E5C4E 5 Bytes JMP 00240330 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!GetClipboardOwner 768E5C60 5 Bytes JMP 00240370 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!CountClipboardFormats 768E5DC9 5 Bytes JMP 002401F0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 002F0600 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!SetCursorPos 768FC1D8 5 Bytes JMP 00240770 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!GetClipboardViewer 76914B57 5 Bytes JMP 00240470 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] USER32.dll!GetPriorityClipboardFormat 76914C59 5 Bytes JMP 002403B0 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ole32.dll!OleSetClipboard 7650F2FE 5 Bytes JMP 00250030 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ole32.dll!OleIsCurrentClipboard 76512489 5 Bytes JMP 00250070 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] ole32.dll!OleGetClipboard 7653F825 5 Bytes JMP 002500B0 .text C:\windows\system32\Dwm.exe[2728] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\windows\system32\Dwm.exe[2728] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\windows\system32\Dwm.exe[2728] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\Dwm.exe[2728] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00080A08 .text C:\windows\system32\Dwm.exe[2728] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 000803FC .text C:\windows\system32\Dwm.exe[2728] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00080804 .text C:\windows\system32\Dwm.exe[2728] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 000801F8 .text C:\windows\system32\Dwm.exe[2728] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00080600 .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2752] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2752] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2752] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2752] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2752] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001F03FC .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2752] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 001F0804 .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2752] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe[2752] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 001F0600 .text C:\windows\Explorer.EXE[2760] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\windows\Explorer.EXE[2760] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\windows\Explorer.EXE[2760] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\Explorer.EXE[2760] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00110A08 .text C:\windows\Explorer.EXE[2760] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001103FC .text C:\windows\Explorer.EXE[2760] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00110804 .text C:\windows\Explorer.EXE[2760] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 001101F8 .text C:\windows\Explorer.EXE[2760] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00110600 .text C:\windows\system32\taskhost.exe[2768] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000503FC .text C:\windows\system32\taskhost.exe[2768] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000501F8 .text C:\windows\system32\taskhost.exe[2768] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\taskhost.exe[2768] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 000E0A08 .text C:\windows\system32\taskhost.exe[2768] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 000E03FC .text C:\windows\system32\taskhost.exe[2768] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 000E0804 .text C:\windows\system32\taskhost.exe[2768] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 000E01F8 .text C:\windows\system32\taskhost.exe[2768] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 000E0600 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2864] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2864] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2864] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2864] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00340A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2864] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 003403FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2864] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00340804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2864] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 003401F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe[2864] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00340600 .text C:\ProgramData\DatacardService\DCSHelper.exe[2948] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\ProgramData\DatacardService\DCSHelper.exe[2948] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\ProgramData\DatacardService\DCSHelper.exe[2948] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\ProgramData\DatacardService\DCSHelper.exe[2948] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 001F0A08 .text C:\ProgramData\DatacardService\DCSHelper.exe[2948] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001F03FC .text C:\ProgramData\DatacardService\DCSHelper.exe[2948] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 001F0804 .text C:\ProgramData\DatacardService\DCSHelper.exe[2948] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 001F01F8 .text C:\ProgramData\DatacardService\DCSHelper.exe[2948] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 001F0600 .text C:\windows\system32\SearchIndexer.exe[3072] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\windows\system32\SearchIndexer.exe[3072] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\windows\system32\SearchIndexer.exe[3072] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\SearchIndexer.exe[3072] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00100A08 .text C:\windows\system32\SearchIndexer.exe[3072] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001003FC .text C:\windows\system32\SearchIndexer.exe[3072] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00100804 .text C:\windows\system32\SearchIndexer.exe[3072] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 001001F8 .text C:\windows\system32\SearchIndexer.exe[3072] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00100600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3168] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3168] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3168] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3168] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00190A08 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3168] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001903FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3168] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00190804 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3168] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 001901F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[3168] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00190600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3208] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3208] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3208] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3208] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3208] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001F03FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3208] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 001F0804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3208] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3208] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 001F0600 .text C:\Windows\WindowsMobile\wmdc.exe[3220] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\Windows\WindowsMobile\wmdc.exe[3220] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\Windows\WindowsMobile\wmdc.exe[3220] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Windows\WindowsMobile\wmdc.exe[3220] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00090A08 .text C:\Windows\WindowsMobile\wmdc.exe[3220] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 000903FC .text C:\Windows\WindowsMobile\wmdc.exe[3220] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00090804 .text C:\Windows\WindowsMobile\wmdc.exe[3220] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 000901F8 .text C:\Windows\WindowsMobile\wmdc.exe[3220] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00090600 .text C:\Windows\System32\igfxtray.exe[3232] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\Windows\System32\igfxtray.exe[3232] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\Windows\System32\igfxtray.exe[3232] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Windows\System32\igfxtray.exe[3232] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00210A08 .text C:\Windows\System32\igfxtray.exe[3232] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 002103FC .text C:\Windows\System32\igfxtray.exe[3232] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00210804 .text C:\Windows\System32\igfxtray.exe[3232] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 002101F8 .text C:\Windows\System32\igfxtray.exe[3232] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00210600 .text C:\Windows\System32\hkcmd.exe[3240] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\Windows\System32\hkcmd.exe[3240] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\Windows\System32\hkcmd.exe[3240] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[3240] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00190A08 .text C:\Windows\System32\hkcmd.exe[3240] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001903FC .text C:\Windows\System32\hkcmd.exe[3240] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00190804 .text C:\Windows\System32\hkcmd.exe[3240] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 001901F8 .text C:\Windows\System32\hkcmd.exe[3240] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00190600 .text C:\Windows\System32\igfxpers.exe[3248] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\Windows\System32\igfxpers.exe[3248] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\Windows\System32\igfxpers.exe[3248] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[3248] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00190A08 .text C:\Windows\System32\igfxpers.exe[3248] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001903FC .text C:\Windows\System32\igfxpers.exe[3248] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00190804 .text C:\Windows\System32\igfxpers.exe[3248] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 001901F8 .text C:\Windows\System32\igfxpers.exe[3248] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00190600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 002103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00210804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 002101F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3316] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00210600 .text C:\windows\system32\igfxsrvc.exe[3348] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\windows\system32\igfxsrvc.exe[3348] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\windows\system32\igfxsrvc.exe[3348] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\igfxsrvc.exe[3348] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 002F0A08 .text C:\windows\system32\igfxsrvc.exe[3348] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 002F03FC .text C:\windows\system32\igfxsrvc.exe[3348] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 002F0804 .text C:\windows\system32\igfxsrvc.exe[3348] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 002F01F8 .text C:\windows\system32\igfxsrvc.exe[3348] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 002F0600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3376] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[3408] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[3408] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[3408] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[3408] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00080A08 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[3408] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 000803FC .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[3408] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00080804 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[3408] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 000801F8 .text C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[3408] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00080600 .text C:\windows\system32\notepad.exe[3460] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\windows\system32\notepad.exe[3460] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\windows\system32\notepad.exe[3460] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\system32\notepad.exe[3460] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00100A08 .text C:\windows\system32\notepad.exe[3460] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001003FC .text C:\windows\system32\notepad.exe[3460] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00100804 .text C:\windows\system32\notepad.exe[3460] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 001001F8 .text C:\windows\system32\notepad.exe[3460] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00100600 .text C:\windows\system32\svchost.exe[3608] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[3608] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[3608] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3700] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 001603FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3700] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 001601F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3700] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3700] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00580A08 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3700] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 005803FC .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3700] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00580804 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3700] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 005801F8 .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3700] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00580600 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[3840] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[3840] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 6904B52A C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[3840] kernel32.dll!K32GetDeviceDriverBaseNameW + 16F 75C8C057 7 Bytes JMP 692FB6D2 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[3840] kernel32.dll!CloseHandle + 38 75C9058F 7 Bytes JMP 692FB6F5 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[3840] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[3840] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00080A08 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[3840] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[3840] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00080804 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[3840] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 000801F8 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[3840] USER32.dll!GetWindowInfo 768C6A82 5 Bytes JMP 691D2BD4 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[3840] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00080600 .text C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe[3840] GDI32.dll!GetViewportOrgEx + 21C 75D785EB 7 Bytes JMP 692FB653 C:\Program Files\Mozilla Firefox 4.0 Beta 7\xul.dll (Mozilla Foundation) .text C:\windows\notepad.exe[3920] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\windows\notepad.exe[3920] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\windows\notepad.exe[3920] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\notepad.exe[3920] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00110A08 .text C:\windows\notepad.exe[3920] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 001103FC .text C:\windows\notepad.exe[3920] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00110804 .text C:\windows\notepad.exe[3920] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 001101F8 .text C:\windows\notepad.exe[3920] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00110600 .text C:\windows\system32\svchost.exe[4804] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\windows\system32\svchost.exe[4804] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\windows\system32\svchost.exe[4804] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4896] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4896] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4896] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4896] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00090A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4896] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 000903FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4896] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00090804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4896] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4896] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00090600 .text D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000703FC .text D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000701F8 .text D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] kernel32.dll!SetUnhandledExceptionFilter 75C930E2 5 Bytes JMP 63825B49 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) .text D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00220A08 .text D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 002203FC .text D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00220804 .text D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 002201F8 .text D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00220600 .text D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] ole32.dll!OleLoadFromStream 764B5BF6 5 Bytes JMP 63B40DB5 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation) .text C:\windows\notepad.exe[6068] ntdll.dll!LdrUnloadDll 7773BEAF 5 Bytes JMP 000603FC .text C:\windows\notepad.exe[6068] ntdll.dll!LdrLoadDll 7773F5B5 5 Bytes JMP 000601F8 .text C:\windows\notepad.exe[6068] kernel32.dll!GetBinaryTypeW + 70 75CA78FC 1 Byte [62] .text C:\windows\notepad.exe[6068] USER32.dll!UnhookWindowsHookEx 768BCC7B 5 Bytes JMP 00090A08 .text C:\windows\notepad.exe[6068] USER32.dll!UnhookWinEvent 768BD924 5 Bytes JMP 000903FC .text C:\windows\notepad.exe[6068] USER32.dll!SetWindowsHookExW 768C210A 5 Bytes JMP 00090804 .text C:\windows\notepad.exe[6068] USER32.dll!SetWinEventHook 768C507E 5 Bytes JMP 000901F8 .text C:\windows\notepad.exe[6068] USER32.dll!SetWindowsHookExA 768E6DFA 5 Bytes JMP 00090600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlFreeHeap] 51EC8B55 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlFreeUnicodeString] 8B565351 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!DbgPrintEx] FF560875 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlUpcaseUnicodeChar] 73510815 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtClose] 85D88B00 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtSetInformationFile] C2840FDB IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtOpenFile] 57000000 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtQueryInformationFile] 0068406A IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlCompareUnicodeString] FF000010 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeStringToString] 006A5073 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlAllocateHeap] 508415FF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToInteger] F88B0073 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtCreatePagingFile] 85FC7D89 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!_alldiv] 9E840FFF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtQuerySystemInformation] 8B000000 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!_allmul] A4F3544B IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtFlushKey] 1443B70F IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtDeleteValueKey] 0653B70F IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtSetValueKey] 1818448D IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtCreateKey] 8B0CC083 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlCompareMemory] 08758B08 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtDeviceIoControlFile] 03FC7D8B IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeStringEx] 8BF903F1 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlExtendedIntegerMultiply] C083FC48 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtQueryVolumeInformationFile] A4F34A28 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtQueryInformationProcess] 758BE975 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlAppendUnicodeToString] 443D8BFC IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlInitUnicodeString] 2B007351 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtSetSystemInformation] 458D0875 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlDosPathNameToNtPathName_U] 056A50F8 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlExpandEnvironmentStrings_U] 75FF016A IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtQueryValueKey] 85D7FFFC IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtCreateFile] EB2574C0 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtOpenKey] 04488B1D IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!_vsnwprintf] 56F84D29 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!EtwEventWrite] 8B08508D IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!EtwEventEnabled] FC450300 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtSetSecurityObject] 52F8C183 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlSetOwnerSecurityDescriptor] 5051E9D1 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlSetDaclSecurityDescriptor] 514015FF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlAddAccessAllowedAce] 7D830073 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlCreateAcl] DD7500F8 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlCreateSecurityDescriptor] 50F8458D IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlAllocateAndInitializeSid] 016A016A IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlCreateUnicodeString] FFFC75FF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtReadFile] 74C085D7 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!_chkstk] 0C488D20 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtMakeTemporaryObject] C085018B IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtCreateSymbolicLinkObject] F18B1774 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtOpenDirectoryObject] 03FC4D8B IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlAnsiStringToUnicodeString] 15FF50C1 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlInitAnsiString] [00735080] C:\windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!_stricmp] 8B14C683 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!qsort] [75C08506] C:\windows\system32\RPCRT4.dll (Czas wykonania zdalnego wywoływania procedury/Microsoft Corporation) IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlRandomEx] FC458BEB IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!LdrVerifyImageMatchesChecksumEx] C95B5E5F IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtCreateDirectoryObject] 560004C2 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlEqualUnicodeString] 7140BF57 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!memcpy] 8B570073 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!_wcsicmp] 7C15FFF1 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlSetEnvironmentVariable] 6A007350 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!iswspace] 3C83580F IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlQueryEnvironmentVariable_U] 73715885 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlFindSetBits] 09740000 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlInterlockedSetBitRun] 8548C88B IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlTestBit] EBEF75C9 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlUnlockBootStatusData] 85348907 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlGetSetBootStatusData] [00737158] C:\windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlLockBootStatusData] 3415FF57 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlSetSaclSecurityDescriptor] 5F007350 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlAddMandatoryAce] 5756C35E IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlLengthSid] 737140BF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlGetAce] F18B5700 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlPrefixUnicodeString] 507C15FF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtQuerySymbolicLinkObject] 0F6A0073 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtOpenSymbolicLinkObject] 85343958 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtQueryDirectoryObject] [00737158] C:\windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlTimeToTimeFields] C88B0974 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtSerializeBoot] [75C98548] C:\windows\system32\kernel32.dll (Biblioteka DLL klienta Windows NT BASE API/Microsoft Corporation) IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!memset] 8308EBF0 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtMapViewOfSection] 71588524 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtCreateSection] 57000073 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlQueryRegistryValues] 503415FF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlDosSearchPath_U] 5E5F0073 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtResumeThread] 800068C3 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtWaitForSingleObject] 006A0000 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtTerminateProcess] 7815FF51 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlDestroyProcessParameters] 50007350 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlCreateUserProcess] 513C15FF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlCreateProcessParametersEx] 55C30073 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtDisplayString] 5351EC8B IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtWriteFile] 35FF5756 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!_wcsupr] [00737198] C:\windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlAdjustPrivilege] 513815FF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtInitializeRegistry] 8D590073 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!TpReleaseWork] E8400044 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!TpPostWork] 00002B8C IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!TpAllocWork] 75FFFC8B IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtSetEvent] FC7D8908 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlSetCurrentEnvironment] 719835FF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlCreateEnvironment] EC680073 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtOpenEvent] 57007353 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlSetBits] 513415FF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlClearAllBits] DB330073 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlInitializeBitMap] 3910C483 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtAlpcCreatePort] 6E7D085D IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtSetInformationProcess] FFF63357 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlCreateTagHeap] 73507415 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockExclusive] 85F88B00 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockExclusive] 8D3774FF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtSetInformationThread] 6A500845 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtQueryInformationToken] FF575602 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtOpenThreadToken] 73513015 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtAlpcImpersonateClientOfPort] 7CC08500 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlReleaseSRWLockShared] FF556A25 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlAcquireSRWLockShared] 15FFFC75 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!TpSetPoolMinThreads] [0073512C] C:\windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtAlpcDisconnectPort] C9335959 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlInitializeSRWLock] 08896657 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtConnectPort] FFFE1FE8 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!AlpcGetMessageAttribute] 85D88BFF IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtAlpcAcceptConnectPort] 8B0774DB IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtAlpcOpenSenderProcess] F72B0875 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtAlpcCancelMessage] FF57F303 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtAlpcSendWaitReceivePort] 73507015 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!AlpcInitializeMessageAttribute] [74F68500] C:\windows\system32\UBPM.dll (Biblioteka DLL Ujednoliconego menedżera procesów działających w tle/Microsoft Corporation) IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlSetThreadIsCritical] FC4D8B53 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtRequestWaitReplyPort] 737084BA IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtDuplicateObject] 85D6FF00 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtCreateEvent] 684575C0 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlWakeConditionVariable] 00008000 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlClearBits] 15FF5350 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlDeleteNoSplay] [00735078] C:\windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtClearEvent] 5D3936EB IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlSleepConditionVariableSRW] BB31740C IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlWakeAllConditionVariable] [00737140] C:\windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlFindClearBits] 7C15FF53 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlFreeSid] BE007350 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtRaiseHardError] [00737194] C:\windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtWaitForMultipleObjects] C085068B IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!TpAllocAlpcCompletion] 4D8B0774 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!TpAllocPool] FFD78B08 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlSetProcessIsCritical] 83C68BD0 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!EtwEventRegister] 583D04EE IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlSetHeapInformation] 75007371 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlInitializeConditionVariable] 15FF53E7 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtDelayExecution] [00735034] C:\windows\system32\smss.exe (Menedżer sesji systemu Windows/Microsoft Corporation) IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlUnicodeStringToAnsiString] 5FF0658D IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!NtQueryEvent] C2C95B5E IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlReleasePrivilege] 8B550008 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlAcquirePrivilege] B8EC81EC IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!LdrQueryImageFileExecutionOptions] 53000008 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!wcstoul] 0B6A5756 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!_wcsnicmp] 5420BE59 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlUnhandledExceptionFilter] BD8D0073 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlUnwind] FFFFFF4C IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlNormalizeProcessParams] 526AA5F3 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlConnectToSm] 858DFF33 IAT C:\windows\system32\services.exe[628] @ C:\windows\system32\smss.exe [ntdll.dll!RtlSendMsgToSm] FFFFFF78 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1484] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7163F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] @ C:\windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] @ C:\windows\system32\ole32.dll [USER32.dll!GetKeyState] 002407D0 IAT C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00240790 IAT C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] @ C:\windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 002407D0 IAT C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] @ C:\windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe[2700] @ C:\windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74222494] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74205624] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [742056E2] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipFree] [7422250F] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74218573] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74214D27] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [742150CE] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [742151A3] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [742166D0] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [742182CA] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74218819] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7421907A] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7421E21D] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\windows\Explorer.EXE[2760] @ C:\windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74214C59] C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3376] @ C:\windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7163F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] @ C:\windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75795E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] @ C:\windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75795E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] @ C:\windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75795E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] @ C:\windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75795E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] @ C:\windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75795E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT D:\Program Files\Microsoft Office\Office12\EXCEL.EXE[5268] @ C:\windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [75795E25] C:\windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0026b6d749d0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0026b6d749d0@001c353c87c6 0xE0 0xAA 0x7E 0x99 ... Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0026b6d749d0@0017e84e3e30 0x5B 0x68 0xF9 0xFD ... Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0026b6d749d0@0017e84a293a 0xA5 0x37 0x89 0xF2 ... Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0026b6d749d0@001b9866437f 0x44 0x24 0x18 0x9D ... Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0026b6d749d0@000dfd24afe3 0x5C 0xC7 0xAB 0xEA ... Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0026b6d749d0@b0ec7156e49a 0xA1 0x68 0xA5 0x6F ... Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0026b6d749d0@90c1155ef2b0 0x98 0x74 0x3E 0x70 ... Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0c6076e26c9c (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\services\BTHPORT\Parameters\Keys\0c6076fedcf2 (not active ControlSet) ---- EOF - GMER 1.0.15 ----