GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2017-07-04 22:11:25 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000008b CT250BX1 rev.MU02 232,89GB Running: kuyexhup.exe; Driver: C:\Users\Arek\AppData\Local\Temp\fwddapog.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe[2316] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[2976] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 0000000075be2bdc 5 bytes JMP 0000000000bb8c60 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe[2592] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\kernel32.dll .text C:\Programy\Kadu\kadu.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000718617fa 2 bytes CALL 769f11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000071861860 2 bytes CALL 769f11a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000071861942 2 bytes JMP 75146da1 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007186194d 2 bytes JMP 7514e8de C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[4260] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[4784] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\vmnat.exe[2840] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 4 00000000711713b0 2 bytes JMP 75e15590 C:\Windows\syswow64\SHELL32.dll .text C:\Windows\SysWOW64\vmnat.exe[2840] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 20 00000000711713c0 2 bytes CALL 76f69cee C:\Windows\syswow64\msvcrt.dll .text ... * 20 .text C:\Windows\SysWOW64\vmnat.exe[2840] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 22 000000007117153e 2 bytes CALL 75ea7324 C:\Windows\syswow64\SHELL32.dll .text C:\Windows\SysWOW64\vmnat.exe[2840] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 43 0000000071171553 2 bytes CALL 769f10ff C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\kernel32.dll .text C:\Programy\VMware Player\vmware-authd.exe[5216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\kernel32.dll .text C:\Users\Arek\AppData\Roaming\Dropbox\bin\Dropbox.exe[6844] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamViewer\TeamViewer.exe[7016] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\kernel32.dll .text C:\Programy\DisplayFusion\DisplayFusionHookAppWIN6032.exe[9600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[7140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe[4352] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074d11401 2 bytes JMP 76a1b233 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074d11419 2 bytes JMP 76a1b35e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074d11431 2 bytes JMP 76a99149 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074d1144a 2 bytes CALL 769f4885 C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074d114dd 2 bytes JMP 76a98a42 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074d114f5 2 bytes JMP 76a98c18 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074d1150d 2 bytes JMP 76a98938 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074d11525 2 bytes JMP 76a98d02 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074d1153d 2 bytes JMP 76a0fcc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074d11555 2 bytes JMP 76a16907 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074d1156d 2 bytes JMP 76a99201 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074d11585 2 bytes JMP 76a98d62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074d1159d 2 bytes JMP 76a988fc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074d115b5 2 bytes JMP 76a0fd59 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074d115cd 2 bytes JMP 76a1b2f4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074d116b2 2 bytes JMP 76a990c4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[2564] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074d116bd 2 bytes JMP 76a98891 C:\Windows\syswow64\kernel32.dll ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamDWord] [7fee81d741c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSet] [7fee81d5f10] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmEndSession] [7fee81d5674] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartSession] [7fee81d5e2c] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmStartUpload] [7fee81d7f48] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppVersion] [7fee81d6a38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetMachineId] [7fee81d6ee8] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmWriteSharedMachineId] [7fee81d7b58] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmCreateNewId] [7fee81d7ea0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmReadSharedMachineId] [7fee81d78b0] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmGetSession] [7fee81d4fb4] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmSetAppId] [7fee81d5d38] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[5160] @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[sqmapi.dll!SqmAddToStreamString] [7fee81d7584] C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[8928] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [140af7d28] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[8928] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [140af738c] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[8928] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [140af7d10] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[8928] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [140af81bc] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[8928] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [140af7cfc] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[8948] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [140af7d28] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[8948] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [140af738c] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[8948] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [140af7d10] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[8948] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [140af81bc] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[8948] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [140af7cfc] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[9244] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenServiceW] [140af7d28] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[9244] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!CloseServiceHandle] [140af738c] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[9244] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!OpenSCManagerW] [140af7d10] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[9244] @ C:\Windows\system32\DWrite.dll[ADVAPI32.dll!StartServiceW] [140af81bc] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe IAT C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe[9244] @ C:\Windows\system32\DWrite.dll[ntdll.dll!NtAlpcConnectPort] [140af7cfc] C:\Users\Arek\AppData\Local\slack\app-2.6.3\slack.exe ---- Threads - GMER 2.2 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6756:8512] 000007fef8ea2bcc Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6756:8520] 000007fede138a28 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6756:10216] 000007feef175124 ---- Registry - GMER 2.2 ---- Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0E0733F3-A6DB-4CC1-CAD1-7F064CE83F97} ---- Files - GMER 2.2 ---- File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_03578d 0 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_03578e 37357 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_03578f 31934 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_035790 71896 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_035791 0 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_035795 81543 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_0357ab 1542677 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_035797 54563 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_035798 49929 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_035799 28160 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_03579a 28936 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_03579b 0 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_03579c 0 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_03579d 0 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_03579e 0 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_03579f 18356 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_0357a0 22973 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_0357a1 50037 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_0357a2 55175 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_0357a4 1269461 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_0357a5 318018 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_0357a6 1552654 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_0357a7 1462036 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_0357a8 821161 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_0357a9 936985 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_035796 41378 bytes File C:\Users\Arek\AppData\Local\Vivaldi\User Data\Default\Cache\f_0357aa 317797 bytes File C:\Users\Arek\AppData\Roaming\Kadu\history2.db-journal 1544 bytes ---- EOF - GMER 2.2 ----