GMER 1.0.15.15220 - http://www.gmer.net Rootkit scan 2011-01-31 16:31:24 Windows 5.1.2600 Dodatek Service Pack 3 Running: gmer.exe; Driver: F:\TMP\pxtdapow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF5996982] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF59EA728] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF59B5C35] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF5998E5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF5998EB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF5998FC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xF59B55E9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF5998DB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF5998F02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF5998E04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF5998F76] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF59969A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF59B62FB] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF59B65B1] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF599924C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF59B6166] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF59B5FD1] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF59EA7D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF59967A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF59969CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF59993C0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF5997416] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF5998E8A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF5998EDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF5998FF2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xF59B5945] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF5998DDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF5999084] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF5998F42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF5998E32] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF5999168] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF5998FA0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF59EA870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF59B5E4C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF59972DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF59B5C9E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF59F1D76] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF59B4C5C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF59969EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF5996A12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF5996800] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF59B6402] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF5996918] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF599692A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF59FE82E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!_abnormal_termination + F0 804E275C 4 Bytes JMP D143C2B6 PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP F59FBC88 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 8056B8A2 4 Bytes CALL F5997C2B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntoskrnl.exe!ZwCreateProcessEx 80581030 7 Bytes JMP F59FE832 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F85E 5 Bytes JMP F59FA1EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text F:\WINDOWS\RTHDCPL.EXE[276] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\RTHDCPL.EXE[276] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Programy\ANTYVIRUSY\Gmer\gmer.exe[292] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Programy\ANTYVIRUSY\Gmer\gmer.exe[292] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Programy\ANTYVIRUSY\Gmer\gmer.exe[292] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Programy\ANTYVIRUSY\Gmer\gmer.exe[292] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Programy\ANTYVIRUSY\Gmer\gmer.exe[292] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Programy\ANTYVIRUSY\Gmer\gmer.exe[292] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Programy\ANTYVIRUSY\Gmer\gmer.exe[292] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Programy\ANTYVIRUSY\Gmer\gmer.exe[292] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Programy\ANTYVIRUSY\Gmer\gmer.exe[292] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Programy\ANTYVIRUSY\Gmer\gmer.exe[292] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\VTTimer.exe[316] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\dllhost.exe[476] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\LClock\lclock.exe[916] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\taskmgr.exe[924] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\winlogon.exe[1016] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\services.exe[1060] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\lsass.exe[1072] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1240] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1324] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\System32\svchost.exe[1448] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\system32\svchost.exe[1552] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1704] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text F:\WINDOWS\Explorer.EXE[1980] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 64D06950 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 64D069B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 64D09D40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 64D07AE0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 64D07ED0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 64D08290 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 64D083C0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 64D06E40 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 64D072B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 64D078E0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 64D0BB30 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 64D0BCB0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 64D0B9B0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 64D0B720 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text F:\WINDOWS\Explorer.EXE[1980] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 64D0B8A0 F:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) ---- User IAT/EAT - GMER 1.0.15 ---- IAT F:\WINDOWS\system32\services.exe[1060] @ F:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00650002 IAT F:\WINDOWS\system32\services.exe[1060] @ F:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00650000 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswFW.SYS (avast! Filtering TDI driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Processes - GMER 1.0.15 ---- Library F:\WINDOWS\RTHDCPL.EXE (*** hidden *** ) @ F:\WINDOWS\RTHDCPL.EXE [276] 0x00400000 Library F:\WINDOWS\system32\VTTimer.exe (*** hidden *** ) @ F:\WINDOWS\system32\VTTimer.exe [316] 0x00400000 ---- EOF - GMER 1.0.15 ----