GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-04-29 15:35:38 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP0802N rev.TK100-24 Running: flw9iqwm.exe; Driver: C:\DOCUME~1\MICHA~1\USTAWI~1\Temp\uftyrkoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xBA4CEDF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xBA583A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xBA4CF85E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xBA4FBD5D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xBA4D42E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xBA4D4330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xBA4D4422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xBA4FB711] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xBA4D4252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xBA4D4374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xBA4D429A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xBA4D43DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xBA4CEE44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xBA4FC423] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xBA4FC6D9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xBA4D19A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xBA4FC28E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xBA4FC0F9] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xBA583B34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xBA4CEAD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xBA4CEE90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xBA4D1D1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xBA4CFB02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xBA4D430E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xBA4D4352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xBA4D4446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xBA4FBA6D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xBA4D4278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xBA4D1518] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xBA4D43AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xBA4D42C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xBA4D174C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xBA4D4400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xBA583CA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xBA4FBF74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xBA4CF9CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xBA4FBDC6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xBA58DB68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xBA4FAD84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xBA4CEEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xBA4CEF28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xBA4CEB46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xBA4CECEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xBA4FC52A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xBA4CEC92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xBA4CED5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xBA583D60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xBA4CEF74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xBA583BE0] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xBA599D92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 1D0 804E283C 4 Bytes JMP F5C3BA4C .text ntoskrnl.exe!_abnormal_termination + 450 804E2ABC 2 Bytes [60, 3D] .text ntoskrnl.exe!_abnormal_termination + 453 804E2ABF 1 Byte [BA] PAGE ntoskrnl.exe!ObInsertObject 805650BA 5 Bytes JMP BA59874C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056BB08 4 Bytes CALL BA4D019F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8058124C 7 Bytes JMP BA599D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 805A038B 5 Bytes JMP BA596C8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF8098F2 5 Bytes JMP BA4D3180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C84E 5 Bytes JMP BA4D307C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138E6 5 Bytes JMP BA4D3036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C550 5 Bytes JMP BA4D2724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8240C0 5 Bytes JMP BA4D1F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A2A 5 Bytes JMP BA4D32EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831475 5 Bytes JMP BA4D34F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B68E BF839EB3 5 Bytes JMP BA4D2F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851745 5 Bytes JMP BA4D1E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC6A 5 Bytes JMP BA4D27E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2D4 5 Bytes JMP BA4D2384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E35F 5 Bytes JMP BA4D2562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F5D2 5 Bytes JMP BA4D1E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5457 BF8649A1 5 Bytes JMP BA4D30BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4128 BF873CF0 5 Bytes JMP BA4D251C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890FA2 5 Bytes JMP BA4D27FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF89454D 5 Bytes JMP BA4D3232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF895025 5 Bytes JMP BA4D3450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3857 BF89C3CB 5 Bytes JMP BA4D270C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89D960 5 Bytes JMP BA4D1FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9E0 BF8C1EE0 5 Bytes JMP BA4D2104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA342 5 Bytes JMP BA4D21AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA5C2 5 Bytes JMP BA4D22E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC017 5 Bytes JMP BA4D1D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB3D BF8F5016 5 Bytes JMP BA4D273C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19DF BF913566 5 Bytes JMP BA4D1F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25B3 BF91413A 5 Bytes JMP BA4D20B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F2C BF916AB3 5 Bytes JMP BA4D267C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1940 BF946632 5 Bytes JMP BA4D33A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text E:\Programy\avast! Free Antivirus\avastUI.exe[424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text E:\Programy\avast! Free Antivirus\avastUI.exe[424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[548] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[548] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[576] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[576] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\winlogon.exe[576] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\services.exe[620] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\services.exe[620] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\services.exe[620] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[808] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[808] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[808] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[808] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[876] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[1316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[1316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[1316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1316] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014 .text C:\WINDOWS\Explorer.EXE[1316] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[1316] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[1316] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C .text C:\WINDOWS\Explorer.EXE[1316] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10 .text C:\WINDOWS\Explorer.EXE[1316] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8 .text C:\WINDOWS\Explorer.EXE[1316] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC .text C:\WINDOWS\Explorer.EXE[1316] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600 .text C:\WINDOWS\Explorer.EXE[1316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\Explorer.EXE[1316] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\Explorer.EXE[1316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\Explorer.EXE[1316] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\Explorer.EXE[1316] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\Explorer.EXE[1316] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text E:\Programy\avast! Free Antivirus\AvastSvc.exe[1452] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text E:\Programy\avast! Free Antivirus\AvastSvc.exe[1452] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text E:\Programy\avast! Free Antivirus\AvastSvc.exe[1452] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1540] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[1540] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1540] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\spoolsv.exe[1540] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[1540] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[1540] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\spoolsv.exe[1540] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\spoolsv.exe[1540] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[1540] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[1540] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\spoolsv.exe[1540] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\spoolsv.exe[1540] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\spoolsv.exe[1540] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\spoolsv.exe[1540] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\spoolsv.exe[1540] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1616] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1616] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1616] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1616] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1732] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1732] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2120] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[2120] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2120] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[2120] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2120] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2120] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2120] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[2120] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2120] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2120] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[2120] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[2120] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[2120] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[2120] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[2120] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2120] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2120] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600 .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014 .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804 .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600 .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\Micha許Moje dokumenty\Pobieranie\flw9iqwm.exe[2332] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT E:\Programy\avast! Free Antivirus\avastUI.exe[424] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] E:\Programy\avast! Free Antivirus\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[620] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00630002 IAT C:\WINDOWS\system32\services.exe[620] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00630000 IAT E:\Programy\avast! Free Antivirus\AvastSvc.exe[1452] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] E:\Programy\avast! Free Antivirus\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows (R) 2000 DDK provider) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ----