GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-09-28 12:56:14 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD800BB-55JKC0 rev.05.01C05 Running: gmer.exe; Driver: C:\Users\mik\AppData\Local\Temp\uxriypow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8BD2C708] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x914967C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8BD2D11C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8BD37F28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8BD37F74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8BD380F6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8BD37E96] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x91496BBA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8BD37EDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8BD2D310] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8BD2D498] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8BD380B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8BD2DA9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8BD2C756] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x914968AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8BD2C3BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8BD2C7A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8BD31456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8BD2E464] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8BD37F52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8BD37F96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8BD3811A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8BD37EBC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8BD3803A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8BD37F06] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8BD380D4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x91496A2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8BD2E330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8BD2E06C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8BD2C7F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8BD2C840] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8BD2D91C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8BD2C448] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8BD2C5F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8BD2C59E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8BD2DBFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8BD2DD5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8BD2C668] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x91496AF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8BD2D794] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8BD2C88E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x91496962] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x914AE966] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 830403C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83079D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83080D80 4 Bytes [08, C7, D2, 8B] .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83080DA8 4 Bytes [C8, 67, 49, 91] {ENTER 0x4967, 0x91} .text ntkrnlpa.exe!KeRemoveQueueEx + 1153 83080E08 4 Bytes [1C, D1, D2, 8B] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 83080E5C 8 Bytes [28, 7F, D3, 8B, 74, 7F, D3, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 83080E68 4 Bytes [F6, 80, D3, 8B] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8320DC64 5 Bytes JMP 914AB806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 83226290 5 Bytes JMP 914AD338 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 8323B3D7 4 Bytes CALL 8BD2EB07 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 832551E0 4 Bytes CALL 8BD2EB1D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 832DF11A 7 Bytes JMP 914AE96A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text sptd.sys 8B435000 8 Bytes [34, 12, 42, 83, A0, 77, 41, ...] .text sptd.sys 8B435009 23 Bytes [77, 41, 83, 48, 9B, 41, 83, ...] .text sptd.sys 8B435024 4 Bytes [44, 45, 56, 8B] .text sptd.sys 8B43502C 70 Bytes [B1, 77, 26, 83, C4, 39, 1E, ...] .text sptd.sys 8B435073 81 Bytes [83, B9, AE, 20, 83, 8B, 8F, ...] .text ... .sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x8B52CD38] ? C:\Windows\System32\Drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. PAGE PCIIDEX.SYS!DllUnload 837F8606 5 Bytes JMP 8596F1D8 .text USBPORT.SYS!DllUnload 91540DB9 5 Bytes JMP 869EE410 PAGE peauth.sys A4C22B9B 72 Bytes JMP CF9FAE79 ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\SearchFilterHost.exe[340] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchFilterHost.exe[340] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchFilterHost.exe[340] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\SearchFilterHost.exe[340] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00150A08 .text C:\Windows\system32\SearchFilterHost.exe[340] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 001503FC .text C:\Windows\system32\SearchFilterHost.exe[340] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00150804 .text C:\Windows\system32\SearchFilterHost.exe[340] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 001501F8 .text C:\Windows\system32\SearchFilterHost.exe[340] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00150600 .text C:\Windows\system32\svchost.exe[376] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[376] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[376] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[376] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00370A08 .text C:\Windows\system32\svchost.exe[376] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 003703FC .text C:\Windows\system32\svchost.exe[376] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00370804 .text C:\Windows\system32\svchost.exe[376] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 003701F8 .text C:\Windows\system32\svchost.exe[376] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00370600 .text C:\Windows\system32\csrss.exe[404] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\csrss.exe[448] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[456] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\winlogon.exe[492] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[540] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[540] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[540] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[540] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[540] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[540] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[540] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[540] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\services.exe[552] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\lsass.exe[560] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\lsm.exe[568] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[660] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[732] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text ... .text C:\komp7\gm\gmer.exe[976] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 001603FC .text C:\komp7\gm\gmer.exe[976] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 001601F8 .text C:\komp7\gm\gmer.exe[976] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\komp7\gm\gmer.exe[976] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00220A08 .text C:\komp7\gm\gmer.exe[976] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 002203FC .text C:\komp7\gm\gmer.exe[976] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00220804 .text C:\komp7\gm\gmer.exe[976] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 002201F8 .text C:\komp7\gm\gmer.exe[976] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00220600 .text C:\Windows\system32\svchost.exe[1120] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1188] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1384] kernel32.dll!SetUnhandledExceptionFilter 75ABF4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1384] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[1480] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\wbem\wmiprvse.exe[1480] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\wbem\wmiprvse.exe[1480] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\wbem\wmiprvse.exe[1480] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00250A08 .text C:\Windows\system32\wbem\wmiprvse.exe[1480] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 002503FC .text C:\Windows\system32\wbem\wmiprvse.exe[1480] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00250804 .text C:\Windows\system32\wbem\wmiprvse.exe[1480] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 002501F8 .text C:\Windows\system32\wbem\wmiprvse.exe[1480] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00250600 .text C:\Windows\System32\spoolsv.exe[1496] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1604] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1604] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1604] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1604] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1604] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1604] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1604] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[1604] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00100600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1688] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1728] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1808] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1808] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1808] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1808] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00080A08 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1808] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 000803FC .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1808] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00080804 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1808] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 000801F8 .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1808] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1856] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 001503FC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1856] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 001501F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1856] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1856] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1856] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 001F03FC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1856] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 001F0804 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1856] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 001F01F8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1856] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 001F0600 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1896] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1896] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe[1896] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2020] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[2020] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[2020] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2020] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 001F0A08 .text C:\Windows\system32\Dwm.exe[2020] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 001F03FC .text C:\Windows\system32\Dwm.exe[2020] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 001F0804 .text C:\Windows\system32\Dwm.exe[2020] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 001F01F8 .text C:\Windows\system32\Dwm.exe[2020] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 001F0600 .text C:\Windows\system32\svchost.exe[2180] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2180] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2180] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2180] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 001D0A08 .text C:\Windows\system32\svchost.exe[2180] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 001D03FC .text C:\Windows\system32\svchost.exe[2180] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 001D0804 .text C:\Windows\system32\svchost.exe[2180] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 001D01F8 .text C:\Windows\system32\svchost.exe[2180] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 001D0600 .text C:\Windows\system32\taskhost.exe[2232] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[2232] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[2232] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\taskhost.exe[2232] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskhost.exe[2232] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 000703FC .text C:\Windows\system32\taskhost.exe[2232] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00070804 .text C:\Windows\system32\taskhost.exe[2232] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskhost.exe[2232] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00070600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2476] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\Explorer.EXE[2636] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[2636] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[2636] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\Explorer.EXE[2636] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00110A08 .text C:\Windows\Explorer.EXE[2636] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 001103FC .text C:\Windows\Explorer.EXE[2636] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00110804 .text C:\Windows\Explorer.EXE[2636] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 001101F8 .text C:\Windows\Explorer.EXE[2636] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00110600 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2648] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 001603FC .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2648] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 001601F8 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2648] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2648] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 002F0A08 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2648] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 002F03FC .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2648] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 002F0804 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2648] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 002F01F8 .text C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE[2648] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 002F0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2660] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2660] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2660] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2660] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00310A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2660] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 003103FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2660] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00310804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2660] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 003101F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2660] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00310600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2732] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 001603FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2732] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 001601F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2732] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2732] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00210A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2732] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 002103FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2732] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00210804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2732] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 002101F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2732] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00210600 .text C:\Program Files\Zune\ZuneLauncher.exe[2812] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000703FC .text C:\Program Files\Zune\ZuneLauncher.exe[2812] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000701F8 .text C:\Program Files\Zune\ZuneLauncher.exe[2812] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Zune\ZuneLauncher.exe[2812] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 000B0A08 .text C:\Program Files\Zune\ZuneLauncher.exe[2812] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 000B03FC .text C:\Program Files\Zune\ZuneLauncher.exe[2812] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 000B0804 .text C:\Program Files\Zune\ZuneLauncher.exe[2812] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 000B01F8 .text C:\Program Files\Zune\ZuneLauncher.exe[2812] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 000B0600 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2824] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2824] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2824] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2824] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2824] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2824] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2824] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe[2824] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00100600 .text C:\Windows\System32\svchost.exe[3088] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[3088] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[3088] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[3088] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00270A08 .text C:\Windows\System32\svchost.exe[3088] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 002703FC .text C:\Windows\System32\svchost.exe[3088] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00270804 .text C:\Windows\System32\svchost.exe[3088] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 002701F8 .text C:\Windows\System32\svchost.exe[3088] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00270600 .text C:\Windows\System32\svchost.exe[3132] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[3132] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[3132] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[3132] user32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00520A08 .text C:\Windows\System32\svchost.exe[3132] user32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 005203FC .text C:\Windows\System32\svchost.exe[3132] user32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00520804 .text C:\Windows\System32\svchost.exe[3132] user32.dll!SetWinEventHook 754924DC 5 Bytes JMP 005201F8 .text C:\Windows\System32\svchost.exe[3132] user32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00520600 .text C:\Windows\system32\SearchIndexer.exe[3216] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000A03FC .text C:\Windows\system32\SearchIndexer.exe[3216] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000A01F8 .text C:\Windows\system32\SearchIndexer.exe[3216] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3216] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00240A08 .text C:\Windows\system32\SearchIndexer.exe[3216] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 002403FC .text C:\Windows\system32\SearchIndexer.exe[3216] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00240804 .text C:\Windows\system32\SearchIndexer.exe[3216] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 002401F8 .text C:\Windows\system32\SearchIndexer.exe[3216] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00240600 .text C:\Windows\system32\WUDFHost.exe[3376] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Windows\system32\WUDFHost.exe[3376] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Windows\system32\WUDFHost.exe[3376] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\WUDFHost.exe[3376] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00150A08 .text C:\Windows\system32\WUDFHost.exe[3376] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 001503FC .text C:\Windows\system32\WUDFHost.exe[3376] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00150804 .text C:\Windows\system32\WUDFHost.exe[3376] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 001501F8 .text C:\Windows\system32\WUDFHost.exe[3376] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00150600 .text C:\Windows\system32\SearchProtocolHost.exe[3496] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchProtocolHost.exe[3496] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchProtocolHost.exe[3496] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Windows\system32\SearchProtocolHost.exe[3496] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchProtocolHost.exe[3496] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 000803FC .text C:\Windows\system32\SearchProtocolHost.exe[3496] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchProtocolHost.exe[3496] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchProtocolHost.exe[3496] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00080600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3688] ntdll.dll!LdrUnloadDll 76F2C86E 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3688] ntdll.dll!LdrLoadDll 76F3223E 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3688] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3688] USER32.dll!UnhookWindowsHookEx 7548ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3688] USER32.dll!UnhookWinEvent 7548B750 5 Bytes JMP 001003FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3688] USER32.dll!SetWindowsHookExW 7548E30C 5 Bytes JMP 00100804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3688] USER32.dll!SetWinEventHook 754924DC 5 Bytes JMP 001001F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3688] USER32.dll!SetWindowsHookExA 754B6D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\AUDIODG.EXE[3860] kernel32.dll!GetBinaryTypeW + 70 75AD69F4 1 Byte [62] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8B4360C0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8B436FE0] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [8B436574] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8B4371BC] \SystemRoot\System32\Drivers\sptd.sys IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8B436362] \SystemRoot\System32\Drivers\sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1384] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [715FF6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[2476] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [715FF6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[2636] @ C:\Windows\Explorer.EXE [KERNEL32.dll!GetProcAddress] [74F6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2636] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2636] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2636] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2636] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2636] @ C:\Windows\system32\ole32.dll [msvcrt.dll!free] [6A4411EB] C:\Windows\AppPatch\AcSpecfc.DLL (Windows Compatibility DLL/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2636] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74F6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2636] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74F6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2636] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74F6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Zune\ZuneLauncher.exe[2812] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74F6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Zune\ZuneLauncher.exe[2812] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74F6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Zune\ZuneLauncher.exe[2812] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74F6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) IAT C:\Program Files\Zune\ZuneLauncher.exe[2812] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74F6FFF6] C:\Windows\system32\apphelp.dll (Biblioteka klienta zgodności aplikacji/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device aswSP.SYS (avast! self protection module/AVAST Software) Device 859731F8 Device Ntfs.sys (Sterownik systemu plików NT/Microsoft Corporation) Device 85E981F8 Device fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{776E1ADF-CD03-41C6-A21A-8AB06D63BAB7} 869B11F8 Device \Driver\usbohci \Device\USBPDO-0 869F0430 Device \Driver\usbehci \Device\USBPDO-1 869F41F8 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 868FB1F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 859711F8 Device \Driver\atapi \Device\Ide\IdePort0 859711F8 Device \Driver\atapi \Device\Ide\IdePort1 859711F8 Device \Driver\atapi \Device\Ide\IdePort2 859711F8 Device \Driver\atapi \Device\Ide\IdePort3 859711F8 Device \Driver\atapi \Device\Ide\IdePort4 859711F8 Device \Driver\atapi \Device\Ide\IdePort5 859711F8 Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-2 859711F8 Device \Driver\USBSTOR \Device\00000080 85BF7398 AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 869B11F8 Device \Driver\ACPI_HAL \Device\0000004c halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\NetBT \Device\NetBT_Tcpip_{BD99DEAC-9105-4329-AE77-D438B1A67651} 869B11F8 Device \Driver\usbohci \Device\USBFDO-0 869F0430 Device \Driver\usbehci \Device\USBFDO-1 869F41F8 Device \Driver\USBSTOR \Device\0000007f 85BF7398 AttachedDevice fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) Device InCDfs.SYS (InCD File System Driver/Nero AG) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7A 0x57 0x13 0xAB ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x7A 0x57 0x13 0xAB ... ---- EOF - GMER 1.0.15 ----