GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-16 20:48:06 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST380815AS rev.4.AAB Running: gmer.exe; Driver: C:\DOCUME~1\Radek\USTAWI~1\Temp\kfecapod.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA832A4BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA83D7C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA832AED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA836C811] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA8335FA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA8335FF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA8336176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA836C1C5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA8335F16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA8336038] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA8335F5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA832B11C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA8336130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA832B93E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA832A508] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA836CED7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA836D18D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA832F1C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA836CD42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA836CBAD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA83D7CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA832A170] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA832A556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA832F534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA832C3A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA8335FD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA8336016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA833619A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA836C521] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA8335F3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA832EC3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA83360BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA8335F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA832EF14] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA8336154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA83D7E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA836CA28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA832C272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA836C87A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA832BDD4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA83E47D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA836B838] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA832A5A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA832A5F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA832B7BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA832A1FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA832A3AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA836CFDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA832A350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA832BAF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA832BC54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA832A41A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA832B4D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA832B636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA83D641C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA832A640] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA832AF1A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA83F0E56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D10 8050459C 4 Bytes [EA, 7C, 3D, A8] .text ntkrnlpa.exe!ZwCallbackReturn + 2F10 8050479C 12 Bytes [A4, A5, 32, A8, F2, A5, 32, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FB8 80504844 12 Bytes [F8, BA, 32, A8, 54, BC, 32, ...] {CLC ; MOV EDX, 0xbc54a832; XOR CH, [EAX-0x57cd5be6]} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A648C 4 Bytes CALL A832CA77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC512 5 Bytes JMP A83EDCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2F96 5 Bytes JMP A83EF810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1136 7 Bytes JMP A83F0E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP A8330B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 3625 BF80CF90 5 Bytes JMP A8330A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP A83309F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP A832F688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 199A BF820E6C 5 Bytes JMP A83300A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP A832F7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP A8330CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP A83308FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP A8330EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP A832F834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 113C6 BF84928E 5 Bytes JMP A8330090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2E60 BF852720 5 Bytes JMP A833016A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP A832F670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP A8330E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP A8330BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP A8330A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 3617 BF88FFB6 5 Bytes JMP A832FCDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP A832FE9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8ADD61 5 Bytes JMP A8330182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP A832FC1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP A832FEE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP A832F944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP A832F56A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 9006 BF8F4FC9 5 Bytes JMP A83300C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP A832FA1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP A832FB48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP A832F760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP A832F8F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP A832FFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP A8330D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ? C:\DOCUME~1\Radek\USTAWI~1\Temp\kfecapod.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\smss.exe[476] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[496] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[496] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[496] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\OTL.exe[516] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text C:\OTL.exe[516] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\OTL.exe[516] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text C:\OTL.exe[516] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\OTL.exe[516] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01160804 .text C:\OTL.exe[516] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01160A08 .text C:\OTL.exe[516] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01160600 .text C:\OTL.exe[516] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 011601F8 .text C:\OTL.exe[516] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 011603FC .text C:\OTL.exe[516] advapi32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00D91014 .text C:\OTL.exe[516] advapi32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00D90804 .text C:\OTL.exe[516] advapi32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00D90A08 .text C:\OTL.exe[516] advapi32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00D90C0C .text C:\OTL.exe[516] advapi32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00D90E10 .text C:\OTL.exe[516] advapi32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00D901F8 .text C:\OTL.exe[516] advapi32.dll!CreateServiceW 77E27381 5 Bytes JMP 00D903FC .text C:\OTL.exe[516] advapi32.dll!DeleteService 77E27489 5 Bytes JMP 00D90600 .text C:\WINDOWS\system32\csrss.exe[532] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[532] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[556] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[600] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[600] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[612] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[612] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[780] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[780] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[828] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[868] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[868] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1136] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1136] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1136] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1180] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\gmer.exe[1220] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text C:\gmer.exe[1220] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\gmer.exe[1220] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text C:\gmer.exe[1220] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\gmer.exe[1220] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 009C1014 .text C:\gmer.exe[1220] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 009C0804 .text C:\gmer.exe[1220] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 009C0A08 .text C:\gmer.exe[1220] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 009C0C0C .text C:\gmer.exe[1220] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 009C0E10 .text C:\gmer.exe[1220] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 009C01F8 .text C:\gmer.exe[1220] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 009C03FC .text C:\gmer.exe[1220] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 009C0600 .text C:\gmer.exe[1220] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\gmer.exe[1220] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\gmer.exe[1220] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\gmer.exe[1220] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\gmer.exe[1220] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1328] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1344] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\KaraokeSer.exe[1384] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\KaraokeSer.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1400] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[1400] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[1436] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\NetLimiter 2 Pro\nlsvc.exe[1436] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1472] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[1604] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\hkcmd.exe[1604] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[1604] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\hkcmd.exe[1604] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1624] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[1624] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe[1680] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\EXPLORER.EXE[1812] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003101F8 .text C:\WINDOWS\EXPLORER.EXE[1812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\EXPLORER.EXE[1812] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003103FC .text C:\WINDOWS\EXPLORER.EXE[1812] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\EXPLORER.EXE[1812] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00431014 .text C:\WINDOWS\EXPLORER.EXE[1812] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00430804 .text C:\WINDOWS\EXPLORER.EXE[1812] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00430A08 .text C:\WINDOWS\EXPLORER.EXE[1812] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00430C0C .text C:\WINDOWS\EXPLORER.EXE[1812] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00430E10 .text C:\WINDOWS\EXPLORER.EXE[1812] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 004301F8 .text C:\WINDOWS\EXPLORER.EXE[1812] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 004303FC .text C:\WINDOWS\EXPLORER.EXE[1812] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00430600 .text C:\WINDOWS\EXPLORER.EXE[1812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01110804 .text C:\WINDOWS\EXPLORER.EXE[1812] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01110A08 .text C:\WINDOWS\EXPLORER.EXE[1812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01110600 .text C:\WINDOWS\EXPLORER.EXE[1812] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 011101F8 .text C:\WINDOWS\EXPLORER.EXE[1812] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 011103FC .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1884] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003101F8 .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1884] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1884] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003103FC .text C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe[1884] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003101F8 .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003103FC .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00DB1014 .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00DB0804 .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00DB0A08 .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00DB0C0C .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00DB0E10 .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00DB01F8 .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00DB03FC .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00DB0600 .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00930804 .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00930A08 .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00930600 .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009301F8 .text C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\mswinext.exe[2464] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009303FC .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003101F8 .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003103FC .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00AF0804 .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00AF0A08 .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00AF0600 .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00AF01F8 .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00AF03FC .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00B01014 .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00B00804 .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00B00A08 .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00B00C0C .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00B00E10 .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00B001F8 .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00B003FC .text C:\Documents and Settings\All Users\Dane aplikacji\lsass.exe[2768] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00B00600 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3004] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3004] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe[3004] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3188] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\ctfmon.exe[3188] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3188] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\ctfmon.exe[3188] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3188] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00A41014 .text C:\WINDOWS\system32\ctfmon.exe[3188] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00A40804 .text C:\WINDOWS\system32\ctfmon.exe[3188] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00A40A08 .text C:\WINDOWS\system32\ctfmon.exe[3188] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00A40C0C .text C:\WINDOWS\system32\ctfmon.exe[3188] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00A40E10 .text C:\WINDOWS\system32\ctfmon.exe[3188] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00A401F8 .text C:\WINDOWS\system32\ctfmon.exe[3188] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00A403FC .text C:\WINDOWS\system32\ctfmon.exe[3188] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00A40600 .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text C:\Program Files\Internet Explorer\iexplore.exe[3280] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 013B0804 .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 013B0A08 .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 013B0600 .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 013B01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3280] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 013B03FC .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00911014 .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00910804 .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00910A08 .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00910C0C .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00910E10 .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 009101F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 009103FC .text C:\Program Files\Internet Explorer\iexplore.exe[3280] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00910600 .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WININET.dll!HttpOpenRequestA 771B2AF9 5 Bytes JMP 6603CECA C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Bing Bar/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WININET.dll!HttpOpenRequestW 771BF4D7 5 Bytes JMP 6603CBE9 C:\Program Files\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Bing Bar/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!getaddrinfo 71A52A6F 5 Bytes JMP 46CB3704 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!closesocket 71A53E2B 5 Bytes JMP 46CB41DF C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!socket 71A54211 5 Bytes JMP 46CB354C C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!connect 71A54A07 5 Bytes JMP 46CB35DC C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!send 71A54C27 5 Bytes JMP 46CB3B92 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3280] WS2_32.dll!recv 71A5676F 5 Bytes JMP 46CB4549 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation) .text C:\WINDOWS\system32\igfxtray.exe[3444] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxtray.exe[3444] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\igfxtray.exe[3444] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxtray.exe[3444] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3688] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\ctfmon.exe[3688] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3688] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\ctfmon.exe[3688] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00A41014 .text C:\WINDOWS\system32\ctfmon.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00A40804 .text C:\WINDOWS\system32\ctfmon.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00A40A08 .text C:\WINDOWS\system32\ctfmon.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00A40C0C .text C:\WINDOWS\system32\ctfmon.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00A40E10 .text C:\WINDOWS\system32\ctfmon.exe[3688] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00A401F8 .text C:\WINDOWS\system32\ctfmon.exe[3688] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00A403FC .text C:\WINDOWS\system32\ctfmon.exe[3688] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00A40600 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003C01F8 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003C03FC .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 3 Bytes JMP 03131014 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] ADVAPI32.dll!SetServiceObjectSecurity + 4 77E26D5D 1 Byte [8B] .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 03130804 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 03130A08 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 03130C0C .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 03130E10 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 031301F8 .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 031303FC .text C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe[3692] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 03130600 .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 02040804 .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 02040A08 .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 02040600 .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 020401F8 .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 020403FC .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00AC1014 .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00AC0804 .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00AC0A08 .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00AC0C0C .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00AC0E10 .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00AC01F8 .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00AC03FC .text C:\Program Files\NetLimiter 2 Pro\NLClient.exe[3828] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00AC0600 .text C:\WINDOWS\system32\igfxpers.exe[4064] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxpers.exe[4064] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[4064] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxpers.exe[4064] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[600] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002 IAT C:\WINDOWS\system32\services.exe[600] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1136] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[1328] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip nltdi.sys (NetLimiter Driver/Locktime Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp nltdi.sys (NetLimiter Driver/Locktime Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp nltdi.sys (NetLimiter Driver/Locktime Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp nltdi.sys (NetLimiter Driver/Locktime Software) Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFE 0x54 0x2A 0x65 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9A 0x46 0x2B 0x93 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFE 0x54 0x2A 0x65 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9E 0x64 0x17 0xA2 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xFA 0xD1 0x0C 0x19 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xFA 0xE4 0xD0 0x43 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x50 0x8E 0x2C 0xE6 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFE 0x54 0x2A 0x65 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9A 0x46 0x2B 0x93 ... ---- EOF - GMER 1.0.15 ----