GMER 1.0.15.15220 - http://www.gmer.net Rootkit scan 2011-01-29 21:24:04 Windows 5.1.2600 Dodatek Service Pack 3 Running: gmer.exe; Driver: C:\TMP\pxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF57EB982] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF583F728] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF580AC35] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF57EDE5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF57EDEB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF57EDFC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF580A5E9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF57EDDB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF57EDF02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF57EDE04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF57EDF76] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF57EB9A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF580B2FB] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF580B5B1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF57EE24C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF580B166] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF580AFD1] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF583F7D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF57EB7A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF57EB9CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF57EE3C0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF57EC416] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF57EDE8A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF57EDEDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF57EDFF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF580A945] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF57EDDDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF57EE084] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF57EDF42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF57EDE32] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF57EE168] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF57EDFA0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF583F870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF580AE4C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF57EC2DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF580AC9E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF5846D76] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF5809C5C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF57EB9EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF57EBA12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF57EB800] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF580B402] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF57EB918] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF57EB92A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF585382E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + F0 804E275C 4 Bytes JMP D143A806 PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F5850C88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B8A2 4 Bytes CALL F57ECC2B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 80581030 7 Bytes JMP F5853832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F85E 5 Bytes JMP F584F1EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\winlogon.exe[888] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\winlogon.exe[888] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\services.exe[932] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\lsass.exe[944] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1104] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\dllhost.exe[1120] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\System32\svchost.exe[1224] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[1292] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1536] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\WINDOWS\Explorer.EXE[1628] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\WINDOWS\Explorer.EXE[1628] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1804] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Vista Drive Icon\DrvIcon.exe[1812] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\LClock\lclock.exe[1820] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Gadu-Gadu 10\gg.exe[1832] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text D:\Programy\ANTYVIRUSY\Gmer\gmer.exe[3316] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text D:\Programy\ANTYVIRUSY\Gmer\gmer.exe[3316] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\CometBird\CometBird.exe[3764] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00650002 IAT C:\WINDOWS\system32\services.exe[932] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00650000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- EOF - GMER 1.0.15 ----