GMER 2.1.18952 - http://www.gmer.net Rootkit scan 2013-02-19 21:37:26 Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD502IJ rev.1AA01112 465,76GB Running: dmodoyoz.exe; Driver: C:\Users\Bartek\AppData\Local\Temp\ufdiipow.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x936244BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x94195C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x93624ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9362FFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9362FFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x93630176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9362FF16] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x94195FA6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9362FF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x9362511C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x936252F4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x93630130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x9362593E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x93624508] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x94195CEA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x941943EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x93624556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x93629534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x936263A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9362FFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x93630016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9363019A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9362FF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x936300BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9362FF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x93630154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x94195E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x93626272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x93625F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x936245A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x936245F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x936257BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x936241FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x936243AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x93624350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x93625AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x93625C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9362441A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x94195EFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x93625636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x9419441C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x93624640] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x94195D96] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x941AEE56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C8B9E9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CC51C2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CCC1E0 4 Bytes [BA, 44, 62, 93] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CCC208 4 Bytes [22, 5C, 19, 94] {AND BL, [ECX+EBX-0x6c]} .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CCC268 4 Bytes [D6, 4E, 62, 93] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CCC2BC 8 Bytes [A8, FF, 62, 93, F4, FF, 62, ...] {TEST AL, 0xff; BOUND EDX, [EBX-0x6c9d000c]} .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82CCC2C8 4 Bytes JMP E5CE394F .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E59C6B 5 Bytes JMP 941ABCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 82E72280 5 Bytes JMP 941AD828 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E873C7 4 Bytes CALL 93626A8D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82EA11B0 4 Bytes CALL 93626AA3 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82F2B008 7 Bytes JMP 941AEE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9482F000, 0x2D5378, 0xE8000020] .text win32k.sys!EngFntCacheLookUp + 8B1D 9E780A6B 5 Bytes JMP 93629EB8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateRectRgn + 3819 9E794B44 5 Bytes JMP 93629FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateRectRgn + 47FC 9E795B27 5 Bytes JMP 93629CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 310 9E7B146D 5 Bytes JMP 9362AA86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 4CE9 9E7B5E46 5 Bytes JMP 936297C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + 6136 9E7B7293 5 Bytes JMP 9362ACB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + BEC1 9E7BD01E 5 Bytes JMP 9362A090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetGammaTable + C110 9E7BD26D 5 Bytes JMP 9362A182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 650 9E7D6D67 5 Bytes JMP 9362956A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 70E 9E7D6E25 5 Bytes JMP 9362A0A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 38FE 9E7DA015 5 Bytes JMP 93629670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMapFontFileFD + 39BC 9E7DA0D3 5 Bytes JMP 93629688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngIsSemaphoreOwnedByCurrentThread + 1F08 9E7DE775 5 Bytes JMP 93629EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2B22 9E7E81C5 5 Bytes JMP 93629C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + ACE0 9E7F0383 5 Bytes JMP 93629834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 14FA1 9E7FA644 5 Bytes JMP 9362A94C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 506C 9E811E1E 5 Bytes JMP 9362A9F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngBitBlt + 42AE 9E81F7C5 5 Bytes JMP 9362AEBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnlockSurface + B26B 9E8350AA 5 Bytes JMP 9362AA3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnlockSurface + CC2A 9E836A69 5 Bytes JMP 9362C8D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteClip + 480C 9E84790E 5 Bytes JMP 93629760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEqualRgn + 41B8 9E8558C8 5 Bytes JMP 93629B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEqualRgn + B44F 9E85CB5F 5 Bytes JMP 9362AD74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteRgn + 2198 9E87394F 5 Bytes JMP 93629A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 868D 9E894AC0 5 Bytes JMP 9362AE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 2EC7 9E8ACA40 5 Bytes JMP 9362ABFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 3458 9E8ACFD1 5 Bytes JMP 936298F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 6547 9E8B00C0 5 Bytes JMP 9362A0C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + 9687 9E8B3200 5 Bytes JMP 93629944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_vGetBounds + BF6E 9E8B5AE7 5 Bytes JMP 9362A16A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCTGetCurrentGamma + 642C 9E8C1CD4 5 Bytes JMP 93629AB2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE spsys.sys!?SPRevision@@3PADA + 4F90 A3B0A000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 A3B0A123 629 Bytes [55, B0, A3, FE, 05, 34, 55, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 A3B0A399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F A3B0A3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B A3B0A4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... .text kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text user32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes [E9, 88, 3D, B0, 8A] {JMP 0x8ab03d8d} .text user32.dll!UnhookWinEvent 7568D924 5 Bytes [E9, D3, 2A, B0, 8A] {JMP 0x8ab02ad8} .text user32.dll!SetWindowsHookExW 7569210A 5 Bytes [E9, F5, E6, AF, 8A] {JMP 0x8aafe6fa} .text user32.dll!SetWinEventHook 7569507E 5 Bytes [E9, 75, B1, AF, 8A] {JMP 0x8aafb17a} .text user32.dll!SetWindowsHookExA 756B6DFA 5 Bytes [E9, 01, 98, AD, 8A] {JMP 0x8aad9806} .text sechost.dll!SetServiceObjectSecurity 75665181 5 Bytes [E9, 8E, BE, B1, 8A] {JMP 0x8ab1be93} .text sechost.dll!ChangeServiceConfigA 75665254 5 Bytes [E9, AB, B5, B1, 8A] {JMP 0x8ab1b5b0} .text sechost.dll!ChangeServiceConfigW 756653D5 5 Bytes [E9, 2E, B6, B1, 8A] {JMP 0x8ab1b633} .text sechost.dll!ChangeServiceConfig2A 756654C2 5 Bytes [E9, 45, B7, B1, 8A] {JMP 0x8ab1b74a} .text sechost.dll!ChangeServiceConfig2W 756655E2 5 Bytes [E9, 29, B8, B1, 8A] {JMP 0x8ab1b82e} .text sechost.dll!CreateServiceA 7566567C 5 Bytes [E9, 77, AB, B1, 8A] {JMP 0x8ab1ab7c} .text sechost.dll!CreateServiceW 7566589F 5 Bytes [E9, 58, AB, B1, 8A] {JMP 0x8ab1ab5d} .text sechost.dll!DeleteService 75665A22 5 Bytes [E9, D9, AB, B1, 8A] {JMP 0x8ab1abde} ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[456] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[516] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\csrss.exe[524] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\sppsvc.exe[528] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\services.exe[568] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1464] kernel32.dll!SetUnhandledExceptionFilter 7582F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1464] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1648] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1676] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1768] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1816] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000D03FC .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1816] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000D01F8 .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1816] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1816] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 000E0A08 .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1816] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 000E03FC .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1816] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 000E0804 .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1816] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 000E01F8 .text C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe[1816] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 000E0600 .text C:\Program Files\SearchProtect\bin\CltMngSvc.exe[1820] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text E:\Program Files\LogMeIn Hamachi\hamachi-2.exe[1896] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\srvany.exe[1924] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\KMService.exe[1948] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\conhost.exe[1956] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text ... .text C:\Program Files\ipla\ipla.exe[2172] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 001F03FC .text C:\Program Files\ipla\ipla.exe[2172] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 001F01F8 .text C:\Program Files\ipla\ipla.exe[2172] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\ipla\ipla.exe[2172] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00210A08 .text C:\Program Files\ipla\ipla.exe[2172] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 002103FC .text C:\Program Files\ipla\ipla.exe[2172] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00210804 .text C:\Program Files\ipla\ipla.exe[2172] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 002101F8 .text C:\Program Files\ipla\ipla.exe[2172] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00210600 .text C:\Windows\system32\taskhost.exe[2184] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2552] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000E03FC .text C:\Windows\system32\Dwm.exe[2552] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\Dwm.exe[2552] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2552] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\Dwm.exe[2552] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 000F03FC .text C:\Windows\system32\Dwm.exe[2552] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\Dwm.exe[2552] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\Dwm.exe[2552] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2608] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000E03FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2608] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000E01F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2608] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2608] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00110A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2608] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001103FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2608] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00110804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2608] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001101F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2608] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00110600 .text C:\Windows\Explorer.EXE[2912] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000F03FC .text C:\Windows\Explorer.EXE[2912] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000F01F8 .text C:\Windows\Explorer.EXE[2912] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\Explorer.EXE[2912] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00110A08 .text C:\Windows\Explorer.EXE[2912] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001103FC .text C:\Windows\Explorer.EXE[2912] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00110804 .text C:\Windows\Explorer.EXE[2912] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001101F8 .text C:\Windows\Explorer.EXE[2912] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00110600 .text C:\Windows\system32\WUDFHost.exe[3076] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000E03FC .text C:\Windows\system32\WUDFHost.exe[3076] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\WUDFHost.exe[3076] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\WUDFHost.exe[3076] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\WUDFHost.exe[3076] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001003FC .text C:\Windows\system32\WUDFHost.exe[3076] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00100804 .text C:\Windows\system32\WUDFHost.exe[3076] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\WUDFHost.exe[3076] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00100600 .text C:\Program Files\Ninja\ninja.exe[3184] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 001E03FC .text C:\Program Files\Ninja\ninja.exe[3184] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 001E01F8 .text C:\Program Files\Ninja\ninja.exe[3184] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\Ninja\ninja.exe[3184] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Ninja\ninja.exe[3184] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 002003FC .text C:\Program Files\Ninja\ninja.exe[3184] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00200804 .text C:\Program Files\Ninja\ninja.exe[3184] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 002001F8 .text C:\Program Files\Ninja\ninja.exe[3184] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00200600 .text C:\Program Files\AVG Secure Search\vprot.exe[3544] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000E03FC .text C:\Program Files\AVG Secure Search\vprot.exe[3544] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000E01F8 .text C:\Program Files\AVG Secure Search\vprot.exe[3544] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\AVG Secure Search\vprot.exe[3544] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\AVG Secure Search\vprot.exe[3544] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 000F03FC .text C:\Program Files\AVG Secure Search\vprot.exe[3544] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 000F0804 .text C:\Program Files\AVG Secure Search\vprot.exe[3544] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 000F01F8 .text C:\Program Files\AVG Secure Search\vprot.exe[3544] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 000F0600 .text C:\Windows\system32\svchost.exe[3588] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000E03FC .text C:\Windows\system32\svchost.exe[3588] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\svchost.exe[3588] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[3588] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00140A08 .text C:\Windows\system32\svchost.exe[3588] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001403FC .text C:\Windows\system32\svchost.exe[3588] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00140804 .text C:\Windows\system32\svchost.exe[3588] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001401F8 .text C:\Windows\system32\svchost.exe[3588] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00140600 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3612] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 001703FC .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3612] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 001701F8 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3612] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3612] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00180A08 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3612] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001803FC .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3612] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00180804 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3612] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001801F8 .text E:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe[3612] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00180600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3620] kernel32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3636] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 001F03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3636] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 001F01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3636] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3636] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00210A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3636] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 002103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3636] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00210804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3636] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 002101F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3636] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00210600 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[3656] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 001E03FC .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[3656] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 001E01F8 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[3656] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[3656] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[3656] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001F03FC .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[3656] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 001F0804 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[3656] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001F01F8 .text C:\Program Files\DAEMON Tools Lite\DTLite.exe[3656] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 001F0600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[3728] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000E03FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[3728] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[3728] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[3728] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[3728] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 000F03FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[3728] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[3728] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[3728] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 000F0600 .text C:\Users\Bartek\AppData\Roaming\SearchProtect\bin\cltmng.exe[3740] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000E03FC .text C:\Users\Bartek\AppData\Roaming\SearchProtect\bin\cltmng.exe[3740] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000E01F8 .text C:\Users\Bartek\AppData\Roaming\SearchProtect\bin\cltmng.exe[3740] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Users\Bartek\AppData\Roaming\SearchProtect\bin\cltmng.exe[3740] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 000F0A08 .text C:\Users\Bartek\AppData\Roaming\SearchProtect\bin\cltmng.exe[3740] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 000F03FC .text C:\Users\Bartek\AppData\Roaming\SearchProtect\bin\cltmng.exe[3740] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 000F0804 .text C:\Users\Bartek\AppData\Roaming\SearchProtect\bin\cltmng.exe[3740] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 000F01F8 .text C:\Users\Bartek\AppData\Roaming\SearchProtect\bin\cltmng.exe[3740] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 000F0600 .text C:\Windows\system32\wbem\unsecapp.exe[3868] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 001E03FC .text C:\Windows\system32\wbem\unsecapp.exe[3868] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 001E01F8 .text C:\Windows\system32\wbem\unsecapp.exe[3868] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\wbem\unsecapp.exe[3868] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 001F0A08 .text C:\Windows\system32\wbem\unsecapp.exe[3868] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001F03FC .text C:\Windows\system32\wbem\unsecapp.exe[3868] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 001F0804 .text C:\Windows\system32\wbem\unsecapp.exe[3868] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001F01F8 .text C:\Windows\system32\wbem\unsecapp.exe[3868] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 001F0600 .text C:\Windows\system32\wbem\wmiprvse.exe[4024] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000E03FC .text C:\Windows\system32\wbem\wmiprvse.exe[4024] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\wbem\wmiprvse.exe[4024] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[4024] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\wbem\wmiprvse.exe[4024] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001003FC .text C:\Windows\system32\wbem\wmiprvse.exe[4024] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00100804 .text C:\Windows\system32\wbem\wmiprvse.exe[4024] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\wbem\wmiprvse.exe[4024] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\SearchIndexer.exe[4076] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000E03FC .text C:\Windows\system32\SearchIndexer.exe[4076] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000E01F8 .text C:\Windows\system32\SearchIndexer.exe[4076] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[4076] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\SearchIndexer.exe[4076] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001003FC .text C:\Windows\system32\SearchIndexer.exe[4076] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00100804 .text C:\Windows\system32\SearchIndexer.exe[4076] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\SearchIndexer.exe[4076] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00100600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4848] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 001703FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4848] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 001701F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4848] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4848] USER32.dll!CharToOemA + 3A 7568B1DE 7 Bytes JMP 61D91678 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4848] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00240A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4848] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 002403FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4848] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00240804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4848] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 002401F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4848] USER32.dll!AdjustWindowRectEx + 117 7569660F 7 Bytes JMP 61D91607 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4848] USER32.dll!GetWindowInfo 75696A82 5 Bytes JMP 619BFBF7 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4848] USER32.dll!MenuItemFromPoint + F 756B4B36 7 Bytes JMP 619C0118 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[4848] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00240600 .text C:\Windows\System32\svchost.exe[5944] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[5944] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[5944] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[5944] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 000D0A08 .text C:\Windows\System32\svchost.exe[5944] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 000D03FC .text C:\Windows\System32\svchost.exe[5944] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 000D0804 .text C:\Windows\System32\svchost.exe[5944] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 000D01F8 .text C:\Windows\System32\svchost.exe[5944] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 000D0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[7144] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[7144] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 617F8BF0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[7144] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 7582941E 7 Bytes JMP 61B47FCD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[7144] KERNEL32.dll!QueryPerformanceCounter + 13 7582C435 7 Bytes JMP 61B47FF0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[7144] KERNEL32.dll!LoadAppInitDlls + 355 7582F4F6 7 Bytes JMP 6180F1AD C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[7144] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[7144] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[7144] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 000F03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[7144] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 000F0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[7144] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[7144] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[7144] GDI32.dll!GetViewportOrgEx + 26C 772E884B 7 Bytes JMP 61B47F4E C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtCreateFile + 6 771455CE 4 Bytes [28, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtCreateFile + B 771455D3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtCreateKey + 6 7714560E 4 Bytes [68, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtCreateKey + B 77145613 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtCreateMutant + 6 7714564E 4 Bytes [68, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtCreateMutant + B 77145653 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtCreateSection + 6 771456EE 4 Bytes [A8, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtCreateSection + B 771456F3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtMapViewOfSection + B 77145C33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenFile + 6 77145CDE 4 Bytes [68, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenFile + B 77145CE3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenKey + 6 77145D0E 4 Bytes [A8, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenKey + B 77145D13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenKeyEx + B 77145D23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenMutant + 6 77145D5E 4 Bytes [28, 02, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenMutant + B 77145D63 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenProcess + 6 77145D8E 1 Byte [68] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenProcess + 6 77145D8E 4 Bytes [68, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenProcess + B 77145D93 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenProcessToken + 6 77145D9E 1 Byte [A8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenProcessToken + 6 77145D9E 4 Bytes [A8, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenProcessToken + B 77145DA3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenProcessTokenEx + 6 77145DAE 4 Bytes [68, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenProcessTokenEx + B 77145DB3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenSection + B 77145DD3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenThread + 6 77145E0E 1 Byte [28] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenThread + 6 77145E0E 4 Bytes [28, 03, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenThread + B 77145E13 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenThreadToken + 6 77145E1E 4 Bytes [28, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenThreadToken + B 77145E23 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenThreadTokenEx + 6 77145E2E 4 Bytes [A8, 04, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtOpenThreadTokenEx + B 77145E33 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtQueryAttributesFile + 6 77145F3E 4 Bytes [A8, 00, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtQueryAttributesFile + B 77145F43 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtQueryFullAttributesFile + B 77145FF3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtSetInformationFile + 6 7714663E 4 Bytes [28, 01, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtSetInformationFile + B 77146643 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtSetInformationThread + 6 7714669E 1 Byte [E8] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtSetInformationThread + B 771466A3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtUnmapViewOfSection + 6 771469BE 4 Bytes [28, 05, 07, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!NtUnmapViewOfSection + B 771469C3 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 002203FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 002201F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] KERNEL32.dll!CreateProcessW 757E204D 5 Bytes JMP 00010030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] KERNEL32.dll!CreateProcessA 757E2082 5 Bytes JMP 00010070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!DeleteObject 772E5F14 5 Bytes JMP 002401B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!SelectObject 772E6640 5 Bytes JMP 002405F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!SetTextColor 772E6906 5 Bytes JMP 00240A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!SetBkMode 772E69B1 5 Bytes JMP 002408F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!DeleteDC 772E6EAA 5 Bytes JMP 00240170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetDeviceCaps 772E6F7F 5 Bytes JMP 002403B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!ExtSelectClipRgn 772E7114 5 Bytes JMP 002402F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!SelectClipRgn 772E7242 5 Bytes JMP 002405B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!SetStretchBltMode 772E7705 5 Bytes JMP 002406B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetCurrentObject 772E7917 5 Bytes JMP 00240370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetTextMetricsW 772E7B8F 5 Bytes JMP 00240E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetTextAlign 772E7DAF 5 Bytes JMP 00240D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!IntersectClipRect 772E7DFE 5 Bytes JMP 002403F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!ExtTextOutW 772E8192 5 Bytes JMP 00240970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!SetTextAlign 772E828E 5 Bytes JMP 002409F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetClipBox 772E8525 5 Bytes JMP 00240330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!MoveToEx 772E8C21 5 Bytes JMP 00240470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!StretchDIBits 772EA53E 5 Bytes JMP 00240770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!RestoreDC 772EA67B 5 Bytes JMP 00240530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!SaveDC 772EA74B 5 Bytes JMP 00240570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetTextExtentPoint32W 772EB4B5 5 Bytes JMP 00240670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetTextFaceW 772EB73A 2 Bytes JMP 00240D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetTextFaceW + 3 772EB73D 2 Bytes [F5, 88] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetFontData 772EBCC4 5 Bytes JMP 00240C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!SetWorldTransform 772EC90A 5 Bytes JMP 002406F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!CreateDCA 772ECCA9 5 Bytes JMP 002400B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!CreateDCW 772ECF79 5 Bytes JMP 002400F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!CreateICW 772ECFD0 5 Bytes JMP 00240130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetTextMetricsA 772ED0F2 5 Bytes JMP 00240DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!Rectangle 772EF1FF 5 Bytes JMP 002409B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!LineTo 772EF59B 5 Bytes JMP 00240430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!SetICMMode 772EFAA4 5 Bytes JMP 00240DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!ExtTextOutA 772F03F9 5 Bytes JMP 00240930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetTextExtentPoint32A 772F07B0 5 Bytes JMP 00240630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!ExtEscape 772F2949 5 Bytes JMP 002402B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!Escape 772F3939 5 Bytes JMP 00240270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetTextFaceA 772F3E6A 5 Bytes JMP 00240CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!SetPolyFillMode 772FD851 5 Bytes JMP 00240B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!SetMiterLimit 772FDA0D 5 Bytes JMP 00240B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!EndPage 773000D7 5 Bytes JMP 00240230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!ResetDCW 7730050D 5 Bytes JMP 00240AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!GetGlyphOutlineW 7730C1BA 5 Bytes JMP 00240CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!CreateScalableFontResourceW 7730E817 5 Bytes JMP 00240BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!AddFontResourceW 7730EC13 5 Bytes JMP 00240BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!RemoveFontResourceW 7730F109 5 Bytes JMP 00240C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!AbortDoc 77314C63 5 Bytes JMP 00240030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!EndDoc 773150AA 5 Bytes JMP 002401F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!StartPage 77315195 5 Bytes JMP 00240730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!StartDocW 77315BB0 5 Bytes JMP 002407F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!BeginPath 7731635D 5 Bytes JMP 00240830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!SelectClipPath 773163B4 5 Bytes JMP 00240AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!CloseFigure 7731640F 5 Bytes JMP 00240070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!EndPath 77316466 5 Bytes JMP 00240A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!StrokePath 77316699 5 Bytes JMP 002407B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!FillPath 77316726 5 Bytes JMP 00240870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!PolylineTo 77316B94 5 Bytes JMP 002404F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!PolyBezierTo 77316C25 5 Bytes JMP 002404B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] GDI32.dll!PolyDraw 77316CD7 5 Bytes JMP 002408B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!ActivateKeyboardLayout 7568817D 5 Bytes JMP 002504F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!ScreenToClient 7568C1F2 7 Bytes JMP 00250670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00260A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 002603FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!RegisterClipboardFormatA 7568E6B1 5 Bytes JMP 002502F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!RegisterClipboardFormatW 7568EDFD 5 Bytes JMP 002502B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00260804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 002601F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!SetCursor 756952EA 5 Bytes JMP 00250530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!MonitorFromWindow 7569590A 7 Bytes JMP 00250630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!PostMessageW 75696225 5 Bytes JMP 002505F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!IsWindowVisible 75696939 7 Bytes JMP 002506B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!GetClientRect 756974B1 7 Bytes JMP 002505B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!MapWindowPoints 75697915 5 Bytes JMP 00250570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!GetParent 75697AB3 7 Bytes JMP 002506F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!SetClipboardData 756A4979 5 Bytes JMP 00250170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!EmptyClipboard 756A4A28 5 Bytes JMP 00250130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!GetClipboardData 756A4B47 5 Bytes JMP 00250030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!EnumClipboardFormats 756A4D98 5 Bytes JMP 002501B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!GetClipboardFormatNameW 756A7EB2 5 Bytes JMP 00250230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!SetClipboardViewer 756A8F4D 5 Bytes JMP 002504B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!GetClipboardFormatNameA 756A8F61 5 Bytes JMP 00250270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!GetOpenClipboardWindow 756A902F 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!GetOpenClipboardWindow 756A902F 5 Bytes JMP 002503F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!ChangeClipboardChain 756B3425 5 Bytes JMP 00250430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!GetTopWindow 756B3A5D 7 Bytes JMP 00250730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!CloseClipboard 756B5BA7 5 Bytes JMP 002500B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!OpenClipboard 756B5BB9 5 Bytes JMP 00250070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!IsClipboardFormatAvailable 756B5C3A 5 Bytes JMP 002500F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!GetClipboardSequenceNumber 756B5C4E 5 Bytes JMP 00250330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!GetClipboardOwner 756B5C60 5 Bytes JMP 00250370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!CountClipboardFormats 756B5DC9 5 Bytes JMP 002501F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00260600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!SetCursorPos 756CC1D8 5 Bytes JMP 00250770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!GetClipboardViewer 756E4B57 5 Bytes JMP 00250470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] USER32.dll!GetPriorityClipboardFormat 756E4C59 5 Bytes JMP 002503B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ole32.dll!OleSetClipboard 75D90045 5 Bytes JMP 00280030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ole32.dll!OleIsCurrentClipboard 75D936B2 5 Bytes JMP 00280070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] ole32.dll!OleGetClipboard 75DBFDCD 5 Bytes JMP 002800B0 .text C:\Program Files\Gadu-Gadu 10\gg.exe[9528] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000F03FC .text C:\Program Files\Gadu-Gadu 10\gg.exe[9528] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000F01F8 .text C:\Program Files\Gadu-Gadu 10\gg.exe[9528] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\Gadu-Gadu 10\gg.exe[9528] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Gadu-Gadu 10\gg.exe[9528] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001003FC .text C:\Program Files\Gadu-Gadu 10\gg.exe[9528] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00100804 .text C:\Program Files\Gadu-Gadu 10\gg.exe[9528] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001001F8 .text C:\Program Files\Gadu-Gadu 10\gg.exe[9528] USER32.dll!EndPaint 75697B73 5 Bytes JMP 020D9250 C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll .text C:\Program Files\Gadu-Gadu 10\gg.exe[9528] USER32.dll!BeginPaint 75697B87 5 Bytes JMP 020D91E0 C:\Program Files\Gadu-Gadu 10\QtWebKit4.dll .text C:\Program Files\Gadu-Gadu 10\gg.exe[9528] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\AUDIODG.EXE[10004] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000703FC .text C:\Windows\system32\AUDIODG.EXE[10004] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000701F8 .text C:\Windows\system32\AUDIODG.EXE[10004] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[10004] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 000A0A08 .text C:\Windows\system32\AUDIODG.EXE[10004] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 000A03FC .text C:\Windows\system32\AUDIODG.EXE[10004] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 000A0804 .text C:\Windows\system32\AUDIODG.EXE[10004] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 000A01F8 .text C:\Windows\system32\AUDIODG.EXE[10004] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 000A0600 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[13324] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 001E03FC .text C:\Program Files\Real\RealPlayer\update\realsched.exe[13324] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 001E01F8 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[13324] KERNEL32.dll!SetUnhandledExceptionFilter 7582F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Real\RealPlayer\update\realsched.exe[13324] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\Real\RealPlayer\update\realsched.exe[13324] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[13324] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001F03FC .text C:\Program Files\Real\RealPlayer\update\realsched.exe[13324] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 001F0804 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[13324] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Real\RealPlayer\update\realsched.exe[13324] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[14020] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 001E03FC .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[14020] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 001E01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[14020] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[14020] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00200A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[14020] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 002003FC .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[14020] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00200804 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[14020] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 002001F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe[14020] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00200600 .text C:\Program Files\Winamp\winamp.exe[14584] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 001E03FC .text C:\Program Files\Winamp\winamp.exe[14584] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 001E01F8 .text C:\Program Files\Winamp\winamp.exe[14584] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\Winamp\winamp.exe[14584] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Winamp\winamp.exe[14584] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001F03FC .text C:\Program Files\Winamp\winamp.exe[14584] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 001F0804 .text C:\Program Files\Winamp\winamp.exe[14584] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Winamp\winamp.exe[14584] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Java\jre7\bin\jp2launcher.exe[15164] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000803FC .text C:\Program Files\Java\jre7\bin\jp2launcher.exe[15164] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000801F8 .text C:\Program Files\Java\jre7\bin\jp2launcher.exe[15164] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jp2launcher.exe[15164] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Java\jre7\bin\jp2launcher.exe[15164] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 002003FC .text C:\Program Files\Java\jre7\bin\jp2launcher.exe[15164] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00200804 .text C:\Program Files\Java\jre7\bin\jp2launcher.exe[15164] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 002001F8 .text C:\Program Files\Java\jre7\bin\jp2launcher.exe[15164] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00200600 .text C:\Program Files\Java\jre7\bin\java.exe[15188] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 001003FC .text C:\Program Files\Java\jre7\bin\java.exe[15188] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 001001F8 .text C:\Program Files\Java\jre7\bin\java.exe[15188] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Program Files\Java\jre7\bin\java.exe[15188] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00120A08 .text C:\Program Files\Java\jre7\bin\java.exe[15188] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001203FC .text C:\Program Files\Java\jre7\bin\java.exe[15188] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00120804 .text C:\Program Files\Java\jre7\bin\java.exe[15188] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001201F8 .text C:\Program Files\Java\jre7\bin\java.exe[15188] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00120600 .text C:\Windows\system32\conhost.exe[15220] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 000403FC .text C:\Windows\system32\conhost.exe[15220] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 000401F8 .text C:\Windows\system32\conhost.exe[15220] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Windows\system32\conhost.exe[15220] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00110A08 .text C:\Windows\system32\conhost.exe[15220] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001103FC .text C:\Windows\system32\conhost.exe[15220] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00110804 .text C:\Windows\system32\conhost.exe[15220] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001101F8 .text C:\Windows\system32\conhost.exe[15220] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00110600 .text C:\Users\Bartek\Desktop\dmodoyoz.exe[26832] ntdll.dll!LdrUnloadDll 7715C86E 5 Bytes JMP 001703FC .text C:\Users\Bartek\Desktop\dmodoyoz.exe[26832] ntdll.dll!LdrLoadDll 7716223E 5 Bytes JMP 001701F8 .text C:\Users\Bartek\Desktop\dmodoyoz.exe[26832] KERNEL32.dll!GetBinaryTypeW + 70 758469F4 1 Byte [62] .text C:\Users\Bartek\Desktop\dmodoyoz.exe[26832] USER32.dll!UnhookWindowsHookEx 7568CC7B 5 Bytes JMP 00190A08 .text C:\Users\Bartek\Desktop\dmodoyoz.exe[26832] USER32.dll!UnhookWinEvent 7568D924 5 Bytes JMP 001903FC .text C:\Users\Bartek\Desktop\dmodoyoz.exe[26832] USER32.dll!SetWindowsHookExW 7569210A 5 Bytes JMP 00190804 .text C:\Users\Bartek\Desktop\dmodoyoz.exe[26832] USER32.dll!SetWinEventHook 7569507E 5 Bytes JMP 001901F8 .text C:\Users\Bartek\Desktop\dmodoyoz.exe[26832] USER32.dll!SetWindowsHookExA 756B6DFA 5 Bytes JMP 00190600 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1464] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7334F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DC24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73DA562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73DA56EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DC2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DB85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DB4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DB5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DB51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73DB6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DB8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73DB8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DB90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73DBE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2912] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73DB4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3620] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7334F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] @ C:\Windows\system32\ole32.dll [USER32.dll!GetKeyState] 002507D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetFocus] 00250790 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetKeyState] 002507D0 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe[7396] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] 00010090 IAT C:\Program Files\Gadu-Gadu 10\gg.exe[9528] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[9528] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[9528] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[9528] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[9528] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[9528] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Gadu-Gadu 10\gg.exe[9528] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Java\jre7\bin\jp2launcher.exe[15164] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Java\jre7\bin\jp2launcher.exe[15164] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Java\jre7\bin\jp2launcher.exe[15164] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Java\jre7\bin\jp2launcher.exe[15164] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Java\jre7\bin\java.exe[15188] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Java\jre7\bin\java.exe[15188] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Java\jre7\bin\java.exe[15188] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Java\jre7\bin\java.exe[15188] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Java\jre7\bin\java.exe[15188] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [751CFFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel (null) Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ (null) Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel (null) Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ (null) Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel (null) Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ (null) Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel (null) Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ (null) Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel (null) Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ (null) Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel (null) Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ (null) Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel (null) Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ (null) Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel (null) Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ (null) Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel (null) Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ (null) Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel (null) Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ (null) Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0xB1 0xCD 0x45 0x5A ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel (null) Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ (null) Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xF8 0x31 0x0F 0xA9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel (null) Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ (null) Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- EOF - GMER 2.1 ----