GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-25 20:37:09 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-e SAMSUNG_HD161HJ rev.JF100-22 Running: 8vihsxjx.exe; Driver: C:\DOCUME~1\Tomaszek\USTAWI~1\Temp\awncakow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xBA4AA4BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xBA57FC22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xBA4AAED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xBA4EC811] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xBA4B5FA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xBA4B5FF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xBA4B6176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xBA4EC1C5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xBA4B5F16] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF77E8A20] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xBA4B6038] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xBA4B5F5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xBA4AB11C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xBA4B6130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xBA4AB93E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xBA4AA508] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xBA4ECED7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xBA4ED18D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xBA4AF1C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xBA4ECD42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xBA4ECBAD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xBA57FCEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xBA4AA170] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xBA4AA556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xBA4AF534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xBA4AC3A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xBA4B5FD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xBA4B6016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xBA4B619A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xBA4EC521] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xBA4B5F3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xBA4AEC3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xBA4B60BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xBA4B5F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xBA4AEF14] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xBA4B6154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xBA57FE4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xBA4ECA28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xBA4AC272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xBA4EC87A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xBA4ABDD4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xBA58C7D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xBA4EB838] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xBA4AA5A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xBA4AA5F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xBA4AB7BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xBA4AA1FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xBA4AA3AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xBA4ECFDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xBA4AA350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xBA4ABAF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xBA4ABC54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xBA4AA41A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xBA4AB4D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xBA4AB636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xBA57E41C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xBA4AA640] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xBA4AAF1A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xBA598E56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + 198 804E27F4 4 Bytes JMP B5BA57FC .text ntoskrnl.exe!_abnormal_termination + 270 804E28CC 2 Bytes [4A, FE] .text ntoskrnl.exe!_abnormal_termination + 273 804E28CF 1 Byte [BA] .text ntoskrnl.exe!_abnormal_termination + 398 804E29F4 12 Bytes [A4, A5, 4A, BA, F2, A5, 4A, ...] .text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [F8, BA, 4A, BA, 54, BC, 4A, ...] {CLC ; MOV EDX, 0xbc54ba4a; DEC EDX; MOV EDX, 0xba4aa41a} PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP BA597810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CD 8056B713 3 Bytes CALL BA4ACA78 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FC60 7 Bytes JMP BA598E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F84D 5 Bytes JMP BA595CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF7205000, 0x1C5D38, 0xE8000020] .text win32k.sys!EngFreeUserMem + 674 BF809FDF 5 Bytes JMP BA4B0B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 3625 BF80CF90 5 Bytes JMP BA4B0A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF8138FE 5 Bytes JMP BA4B09F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 320C BF81E743 5 Bytes JMP BA4AF688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMulDiv + 199A BF820E6C 5 Bytes JMP BA4B00A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 7657 BF82868B 5 Bytes JMP BA4AF7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 698 BF838560 5 Bytes JMP BA4B0CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + BB6 BF838A7E 5 Bytes JMP BA4B08FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 3605 BF83B4CD 5 Bytes JMP BA4B0EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + D9AB BF845873 5 Bytes JMP BA4AF834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + 113C6 BF84928E 5 Bytes JMP BA4B0090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2E60 BF852720 5 Bytes JMP BA4B016A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 2F20 BF8527E0 5 Bytes JMP BA4AF670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngMultiByteToWideChar + 84B4 BF857D74 5 Bytes JMP BA4B0E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 23AD BF873983 5 Bytes JMP BA4B0BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBlt + 37BB BF87882D 5 Bytes JMP BA4B0A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 3617 BF88FFB6 5 Bytes JMP BA4AFCDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 413A BF890AD9 5 Bytes JMP BA4AFE9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF8ADD61 5 Bytes JMP BA4B0182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4B52 BF8B3770 5 Bytes JMP BA4AFC1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 4BDD BF8B37FB 5 Bytes JMP BA4AFEE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngAlphaBlend + 9286 BF8C31E7 5 Bytes JMP BA4AF944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 19CE BF8ED991 5 Bytes JMP BA4AF56A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + 9006 BF8F4FC9 5 Bytes JMP BA4B00C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + D4C6 BF8F9489 5 Bytes JMP BA4AFA1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!PATHOBJ_bCloseFigure + D746 BF8F9709 5 Bytes JMP BA4AFB48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1994 BF912612 5 Bytes JMP BA4AF760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2568 BF9131E6 5 Bytes JMP BA4AF8F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F29 BF915BA7 5 Bytes JMP BA4AFFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1931 BF9438F8 5 Bytes JMP BA4B0D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\SOUNDMAN.EXE[272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\SOUNDMAN.EXE[272] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[284] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[284] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[392] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[392] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text E:\AVAST\avastUI.exe[464] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text E:\AVAST\avastUI.exe[464] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[472] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe[472] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[576] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[576] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[668] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[724] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[724] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[756] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[800] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[968] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1244] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\Ati2evxx.exe[1244] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1392] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1392] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1596] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1596] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text E:\AVAST\AvastSvc.exe[1720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text E:\AVAST\AvastSvc.exe[1720] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text E:\AVAST\AvastSvc.exe[1720] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 009C1014 .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 009C0804 .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 009C03FC .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 009C0600 .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\Tomaszek\Pulpit\8vihsxjx.exe[2124] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00F01014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00F00804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00F00A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00F00C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00F00E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00F001F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00F003FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00F00600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 011C0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 011C0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 011C0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 011C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2460] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 011C03FC .text C:\WINDOWS\System32\alg.exe[2744] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2744] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2744] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00451014 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00450804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00450A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00450C0C .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00450E10 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 004501F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 004503FC .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00450600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01340804 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01340A08 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01340600 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 013401F8 .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[2980] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 013403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, F4, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, F7, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, F4, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, F5, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91A0F0 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, F6, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, F5, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, F6, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91A161 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, F4, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91A28F .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, F5, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, F6, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, F7, CA, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00F801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00F803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 01551014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 01550804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 01550A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 01550C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 01550E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 015501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 015503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 01550600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] USER32.dll!SetWindowsHookExW 7E37820F 3 Bytes JMP 01C30804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] USER32.dll!SetWindowsHookExW + 4 7E378213 1 Byte [83] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01C30A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01C30600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 01C301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3276] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 01C303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 1C, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 1F, CD, 00] {SUB [EDI], BL; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 1C, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 1D, CD, 00] {TEST AL, 0x1d; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B91A318 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 1E, CD, 00] {TEST AL, 0x1e; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 1D, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 1E, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91A389 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 1C, CD, 00] {TEST AL, 0x1c; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91A4B7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 1D, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 1E, CD, 00] {SUB [ESI], BL; INT 0x0} .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 1F, CD, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 00FC01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 00FC03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 01311014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 01310804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 01310A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 01310C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 01310E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 013101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 013103FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 01310600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 019F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 019F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 019F0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 019F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3288] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 019F03FC .text C:\WINDOWS\system32\wuauclt.exe[3616] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wuauclt.exe[3616] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[3616] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wuauclt.exe[3616] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[3616] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003C1014 .text C:\WINDOWS\system32\wuauclt.exe[3616] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003C0804 .text C:\WINDOWS\system32\wuauclt.exe[3616] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003C0A08 .text C:\WINDOWS\system32\wuauclt.exe[3616] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003C0C0C .text C:\WINDOWS\system32\wuauclt.exe[3616] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003C0E10 .text C:\WINDOWS\system32\wuauclt.exe[3616] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\wuauclt.exe[3616] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\wuauclt.exe[3616] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003C0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 0C, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 0F, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 0C, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 0D, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90FB08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 0E, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 0D, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 0E, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90FB79 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 0C, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90FCA7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 0D, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 0E, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 0F, 25, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 006801F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 006803FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 009D1014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 009D0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 009D0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 009D0C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 009D0E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 009D01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 009D03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 009D0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 010B0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 010B0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 010B0600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 010B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4004] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 010B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, E0, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, E3, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, E0, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, E1, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9136DC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, E2, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, E1, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, E2, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91374D .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, E0, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91387B .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, E1, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, E2, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, E3, 60, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 008E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 008E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00C31014 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00C30804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00C30A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00C30C0C .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00C30E10 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00C301F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00C303FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00C30600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01310804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01310A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01310600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 013101F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[4072] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 013103FC ---- User IAT/EAT - GMER 1.0.15 ---- IAT E:\AVAST\avastUI.exe[464] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] E:\AVAST\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT E:\AVAST\AvastSvc.exe[1720] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] E:\AVAST\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 86761448 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Fastfat \FatCdrom 863C7B58 AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Cdrom \Device\CdRom0 86536C98 Device \FileSystem\Rdbss \Device\FsWrap 8645FD38 Device \Driver\atapi \Device\Ide\IdePort0 86435818 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 86435818 Device \Driver\atapi \Device\Ide\IdePort1 86435818 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-e 86435818 Device \Driver\Cdrom \Device\CdRom1 86536C98 Device \Driver\Cdrom \Device\CdRom2 86536C98 Device \FileSystem\Srv \Device\LanmanServer 864A52C0 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86488968 Device \FileSystem\MRxSmb \Device\LanmanRedirector 86488968 Device \FileSystem\Npfs \Device\NamedPipe 8651E958 Device \FileSystem\Msfs \Device\Mailslot 8651EE48 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target0Lun0 8652D008 Device \Driver\d347prt \Device\Scsi\d347prt1Port2Path0Target1Lun0 8652D008 Device \Driver\d347prt \Device\Scsi\d347prt1 8652D008 Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Fastfat \Fat 863C7B58 AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8651F738 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8651F738 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8651F738 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8651F738 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8651F738 Device \FileSystem\Cdfs \Cdfs 86430030 ---- Modules - GMER 1.0.15 ---- Module _________ F774A000-F7762000 (98304 bytes) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x1D 0xDB 0xF0 0x1E ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@khjeh 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41@hj34z0 0x0D 0xDB 0xF0 0x1E ... ---- EOF - GMER 1.0.15 ----