GMER 2.1.19163 - httpwww.gmer.net Rootkit scan 2013-05-20 153046 Windows 6.0.6002 Service Pack 2 DeviceHarddisk0DR0 - DeviceIdeIdeDeviceP0T0L0-0 WDC_WD2500BEVS-26UST0 rev.01.01A01 232,89GB Running 28poqec5.exe; Driver CUsersDorotaAppDataLocalTempfwdirpog.sys ---- System - GMER 2.1 ---- SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwAddBootEntry [0x8F41E59C] SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ZwAllocateVirtualMemory [0x8FA14388] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwAssignProcessToJobObject [0x8F41F02E] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateEvent [0x8F42A7F2] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateEventPair [0x8F42A83E] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateIoCompletion [0x8F42A9D8] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateMutant [0x8F42A760] SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ZwCreateSection [0x8FA14720] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateSemaphore [0x8F42A7A8] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateThread [0x8F41F52C] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateTimer [0x8F42A992] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwDebugActiveProcess [0x8F41FDE4] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwDeleteBootEntry [0x8F41E602] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwDuplicateObject [0x8F4235C2] SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ZwFreeVirtualMemory [0x8FA14450] SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ZwLoadDriver [0x8FA129B4] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwModifyBootEntry [0x8F41E668] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwNotifyChangeKey [0x8F42398C] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwNotifyChangeMultipleKeys [0x8F420874] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenEvent [0x8F42A81C] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenEventPair [0x8F42A860] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenIoCompletion [0x8F42A9FC] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenMutant [0x8F42A786] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenProcess [0x8F422EA8] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenSection [0x8F42A910] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenSemaphore [0x8F42A7D0] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenThread [0x8F42329A] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwOpenTimer [0x8F42A9B6] SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ZwProtectVirtualMemory [0x8FA145B0] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwQueryObject [0x8F420740] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwQueueApcThread [0x8F420296] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetBootEntryOrder [0x8F41E6CE] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetBootOptions [0x8F41E734] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetContextThread [0x8F41FC5E] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetSystemInformation [0x8F41E284] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSetSystemPowerState [0x8F41E45A] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwShutdownSystem [0x8F41E3E8] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSuspendProcess [0x8F41FFAE] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSuspendThread [0x8F420110] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwSystemDebugControl [0x8F41E4E2] SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ZwTerminateProcess [0x8FA14678] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwTerminateThread [0x8F41FC3E] SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ZwUnloadDriver [0x8FA129E4] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwVdmControl [0x8F41E79A] SSDT SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ZwWriteVirtualMemory [0x8FA144FC] SSDT SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) ZwCreateThreadEx [0x8F41F748] INT 0x06 CWindowssystem32driversHaspnt.sys (HASP Kernel Device Driver for Windows NTAladdin Knowledge Systems) AF45C16D INT 0x0E CWindowssystem32driversHaspnt.sys (HASP Kernel Device Driver for Windows NTAladdin Knowledge Systems) AF45BFC2 Code SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ZwCreateProcessEx [0x8FA2DBA0] Code SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ObInsertObject Code SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 82AE0850 4 Bytes [9C, E5, 41, 8F] .text ntkrnlpa.exe!KeSetEvent + 131 82AE0874 4 Bytes [88, 43, A1, 8F] .text ntkrnlpa.exe!KeSetEvent + 191 82AE08D4 4 Bytes [2E, F0, 41, 8F] .text ntkrnlpa.exe!KeSetEvent + 1D1 82AE0914 8 Bytes [F2, A7, 42, 8F, 3E, A8, 42, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 82AE0920 4 Bytes [D8, A9, 42, 8F] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82C0B663 5 Bytes JMP 8FA2AA3A SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 82C64703 5 Bytes JMP 8FA2C554 SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82C6E01F 4 Bytes CALL 8F420F37 SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82C71C93 4 Bytes CALL 8F420F4D SystemRootSystem32DriversaswSnx.SYS (avast! Virtualization DriverAVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82CC5FE0 7 Bytes JMP 8FA2DBA4 SystemRootSystem32DriversaswSP.SYS (avast! self protection moduleAVAST Software) .text CWindowssystem32drivershardlock.sys section is writeable [0xAF486400, 0x87EE2, 0xE8000020] .protect˙˙˙˙hardlockentry point in .protect˙˙˙˙hardlockentry point in .protect˙˙˙˙hardlockentry point in .p section [0xAF52A620] CWindowssystem32drivershardlock.sys entry point in .protect˙˙˙˙hardlockentry point in .protect˙˙˙˙hardlockentry point in .p section [0xAF52A620] .protect˙˙˙˙hardlockunknown last code section [0xAF52A400, 0x5126, 0xE0000020] CWindowssystem32drivershardlock.sys unknown last code section [0xAF52A400, 0x5126, 0xE0000020] ---- User code sections - GMER 2.1 ---- .text CWindowssystem32SearchIndexer.exe[272] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 000601F8 .text CWindowssystem32SearchIndexer.exe[272] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000603FC .text CWindowssystem32SearchIndexer.exe[272] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowssystem32SearchIndexer.exe[272] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 000703FC .text CWindowssystem32SearchIndexer.exe[272] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 00070600 .text CWindowssystem32SearchIndexer.exe[272] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 5 Bytes JMP 00071014 .text CWindowssystem32SearchIndexer.exe[272] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 00070804 .text CWindowssystem32SearchIndexer.exe[272] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 00070A08 .text CWindowssystem32SearchIndexer.exe[272] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 00070C0C .text CWindowssystem32SearchIndexer.exe[272] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 00070E10 .text CWindowssystem32SearchIndexer.exe[272] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 000701F8 .text CWindowssystem32SearchIndexer.exe[272] USER32.dll!SetWindowsHookExA 774C6322 5 Bytes JMP 00100600 .text CWindowssystem32SearchIndexer.exe[272] USER32.dll!SetWindowsHookExW 774C87AD 5 Bytes JMP 00100804 .text CWindowssystem32SearchIndexer.exe[272] USER32.dll!UnhookWindowsHookEx 774C98DB 5 Bytes JMP 00100A08 .text CWindowssystem32SearchIndexer.exe[272] USER32.dll!SetWinEventHook 774C9F3A 5 Bytes JMP 001001F8 .text CWindowssystem32SearchIndexer.exe[272] USER32.dll!UnhookWinEvent 774CC06F 5 Bytes JMP 001003FC .text CWindowsExplorer.EXE[424] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowssystem32taskeng.exe[528] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowssystem32csrss.exe[668] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowssystem32wininit.exe[712] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowssystem32csrss.exe[720] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text ... .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 000901F8 .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000903FC .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 000A03FC .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 000A0600 .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 5 Bytes JMP 000A1014 .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 000A0804 .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 000A0A08 .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 000A0C0C .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 000A0E10 .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 000A01F8 .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] USER32.dll!SetWindowsHookExA 774C6322 5 Bytes JMP 000B0600 .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] USER32.dll!SetWindowsHookExW 774C87AD 5 Bytes JMP 000B0804 .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] USER32.dll!UnhookWindowsHookEx 774C98DB 5 Bytes JMP 000B0A08 .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] USER32.dll!SetWinEventHook 774C9F3A 5 Bytes JMP 000B01F8 .text CProgram FilesWindows Media Playerwmpnetwk.exe[1256] USER32.dll!UnhookWinEvent 774CC06F 5 Bytes JMP 000B03FC .text CWindowssystem32AUDIODG.EXE[1348] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowssystem32svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowssystem32svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowssystem32svchost.exe[1608] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CProgram FilesAVAST SoftwareAvastAvastSvc.exe[1752] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text ... .text CWindowssystem32taskeng.exe[2180] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 000601F8 .text CWindowssystem32taskeng.exe[2180] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000603FC .text CWindowssystem32taskeng.exe[2180] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowssystem32taskeng.exe[2180] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 000703FC .text CWindowssystem32taskeng.exe[2180] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 00070600 .text CWindowssystem32taskeng.exe[2180] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 5 Bytes JMP 00071014 .text CWindowssystem32taskeng.exe[2180] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 00070804 .text CWindowssystem32taskeng.exe[2180] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 00070A08 .text CWindowssystem32taskeng.exe[2180] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 00070C0C .text CWindowssystem32taskeng.exe[2180] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 00070E10 .text CWindowssystem32taskeng.exe[2180] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 000701F8 .text CWindowssystem32taskeng.exe[2180] USER32.dll!SetWindowsHookExA 774C6322 5 Bytes JMP 00080600 .text CWindowssystem32taskeng.exe[2180] USER32.dll!SetWindowsHookExW 774C87AD 5 Bytes JMP 00080804 .text CWindowssystem32taskeng.exe[2180] USER32.dll!UnhookWindowsHookEx 774C98DB 5 Bytes JMP 00080A08 .text CWindowssystem32taskeng.exe[2180] USER32.dll!SetWinEventHook 774C9F3A 5 Bytes JMP 000801F8 .text CWindowssystem32taskeng.exe[2180] USER32.dll!UnhookWinEvent 774CC06F 5 Bytes JMP 000803FC .text CWindowssystem32svchost.exe[2240] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowsRtHDVCpl.exe[2412] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 001601F8 .text CWindowsRtHDVCpl.exe[2412] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 001603FC .text CWindowsRtHDVCpl.exe[2412] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowsRtHDVCpl.exe[2412] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 001703FC .text CWindowsRtHDVCpl.exe[2412] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 00170600 .text CWindowsRtHDVCpl.exe[2412] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 3 Bytes JMP 00171014 .text CWindowsRtHDVCpl.exe[2412] ADVAPI32.dll!SetServiceObjectSecurity + 4 775E6CDD 1 Byte [88] .text CWindowsRtHDVCpl.exe[2412] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 00170804 .text CWindowsRtHDVCpl.exe[2412] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 00170A08 .text CWindowsRtHDVCpl.exe[2412] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 00170C0C .text CWindowsRtHDVCpl.exe[2412] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 00170E10 .text CWindowsRtHDVCpl.exe[2412] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 001701F8 .text CWindowsRtHDVCpl.exe[2412] USER32.dll!SetWindowsHookExA 774C6322 5 Bytes JMP 00180600 .text CWindowsRtHDVCpl.exe[2412] USER32.dll!SetWindowsHookExW 774C87AD 5 Bytes JMP 00180804 .text CWindowsRtHDVCpl.exe[2412] USER32.dll!UnhookWindowsHookEx 774C98DB 5 Bytes JMP 00180A08 .text CWindowsRtHDVCpl.exe[2412] USER32.dll!SetWinEventHook 774C9F3A 5 Bytes JMP 001801F8 .text CWindowsRtHDVCpl.exe[2412] USER32.dll!UnhookWinEvent 774CC06F 5 Bytes JMP 001803FC .text CProgram FilesAVAST SoftwareAvastAvastUI.exe[2420] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowsehomeehtray.exe[2428] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 001A01F8 .text CWindowsehomeehtray.exe[2428] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 001A03FC .text CWindowsehomeehtray.exe[2428] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowsehomeehtray.exe[2428] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 001B03FC .text CWindowsehomeehtray.exe[2428] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 001B0600 .text CWindowsehomeehtray.exe[2428] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 5 Bytes JMP 001B1014 .text CWindowsehomeehtray.exe[2428] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 001B0804 .text CWindowsehomeehtray.exe[2428] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 001B0A08 .text CWindowsehomeehtray.exe[2428] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 001B0C0C .text CWindowsehomeehtray.exe[2428] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 001B0E10 .text CWindowsehomeehtray.exe[2428] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 001B01F8 .text CWindowsehomeehtray.exe[2428] USER32.dll!SetWindowsHookExA 774C6322 5 Bytes JMP 001C0600 .text CWindowsehomeehtray.exe[2428] USER32.dll!SetWindowsHookExW 774C87AD 5 Bytes JMP 001C0804 .text CWindowsehomeehtray.exe[2428] USER32.dll!UnhookWindowsHookEx 774C98DB 5 Bytes JMP 001C0A08 .text CWindowsehomeehtray.exe[2428] USER32.dll!SetWinEventHook 774C9F3A 5 Bytes JMP 001C01F8 .text CWindowsehomeehtray.exe[2428] USER32.dll!UnhookWinEvent 774CC06F 5 Bytes JMP 001C03FC .text CWindowssystem32svchost.exe[2460] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 000601F8 .text CWindowssystem32svchost.exe[2460] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000603FC .text CWindowssystem32svchost.exe[2460] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowssystem32svchost.exe[2460] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 000703FC .text CWindowssystem32svchost.exe[2460] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 00070600 .text CWindowssystem32svchost.exe[2460] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 5 Bytes JMP 00071014 .text CWindowssystem32svchost.exe[2460] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 00070804 .text CWindowssystem32svchost.exe[2460] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 00070A08 .text CWindowssystem32svchost.exe[2460] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 00070C0C .text CWindowssystem32svchost.exe[2460] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 00070E10 .text CWindowssystem32svchost.exe[2460] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 000701F8 .text CWindowssystem32svchost.exe[2460] USER32.dll!SetWindowsHookExA 774C6322 5 Bytes JMP 00080600 .text CWindowssystem32svchost.exe[2460] USER32.dll!SetWindowsHookExW 774C87AD 5 Bytes JMP 00080804 .text CWindowssystem32svchost.exe[2460] USER32.dll!UnhookWindowsHookEx 774C98DB 5 Bytes JMP 00080A08 .text CWindowssystem32svchost.exe[2460] USER32.dll!SetWinEventHook 774C9F3A 5 Bytes JMP 000801F8 .text CWindowssystem32svchost.exe[2460] USER32.dll!UnhookWinEvent 774CC06F 5 Bytes JMP 000803FC .text CWindowsehomeehmsas.exe[2512] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 000501F8 .text CWindowsehomeehmsas.exe[2512] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000503FC .text CWindowsehomeehmsas.exe[2512] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowsehomeehmsas.exe[2512] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 000603FC .text CWindowsehomeehmsas.exe[2512] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 00060600 .text CWindowsehomeehmsas.exe[2512] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 5 Bytes JMP 00061014 .text CWindowsehomeehmsas.exe[2512] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 00060804 .text CWindowsehomeehmsas.exe[2512] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 00060A08 .text CWindowsehomeehmsas.exe[2512] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 00060C0C .text CWindowsehomeehmsas.exe[2512] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 00060E10 .text CWindowsehomeehmsas.exe[2512] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 000601F8 .text CWindowsehomeehmsas.exe[2512] USER32.dll!SetWindowsHookExA 774C6322 5 Bytes JMP 00070600 .text CWindowsehomeehmsas.exe[2512] USER32.dll!SetWindowsHookExW 774C87AD 5 Bytes JMP 00070804 .text CWindowsehomeehmsas.exe[2512] USER32.dll!UnhookWindowsHookEx 774C98DB 5 Bytes JMP 00070A08 .text CWindowsehomeehmsas.exe[2512] USER32.dll!SetWinEventHook 774C9F3A 5 Bytes JMP 000701F8 .text CWindowsehomeehmsas.exe[2512] USER32.dll!UnhookWinEvent 774CC06F 5 Bytes JMP 000703FC .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 001601F8 .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 001603FC .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 001703FC .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 00170600 .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 3 Bytes JMP 00171014 .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] ADVAPI32.dll!SetServiceObjectSecurity + 4 775E6CDD 1 Byte [88] .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 00170804 .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 00170A08 .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 00170C0C .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 00170E10 .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 001701F8 .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] USER32.dll!SetWindowsHookExA 774C6322 5 Bytes JMP 00180600 .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] USER32.dll!SetWindowsHookExW 774C87AD 5 Bytes JMP 00180804 .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] USER32.dll!UnhookWindowsHookEx 774C98DB 5 Bytes JMP 00180A08 .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] USER32.dll!SetWinEventHook 774C9F3A 5 Bytes JMP 001801F8 .text CProgram FilesToshibaBluetooth Toshiba StackTosBtSrv.exe[2692] USER32.dll!UnhookWinEvent 774CC06F 5 Bytes JMP 001803FC .text CWindowsSystem32svchost.exe[2736] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 000601F8 .text CWindowsSystem32svchost.exe[2736] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000603FC .text CWindowsSystem32svchost.exe[2736] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowsSystem32svchost.exe[2736] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 000703FC .text CWindowsSystem32svchost.exe[2736] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 00070600 .text CWindowsSystem32svchost.exe[2736] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 5 Bytes JMP 00071014 .text CWindowsSystem32svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 00070804 .text CWindowsSystem32svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 00070A08 .text CWindowsSystem32svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 00070C0C .text CWindowsSystem32svchost.exe[2736] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 00070E10 .text CWindowsSystem32svchost.exe[2736] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 000701F8 .text CWindowssystem32svchost.exe[3352] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 000A01F8 .text CWindowssystem32svchost.exe[3352] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000A03FC .text CWindowssystem32svchost.exe[3352] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowssystem32svchost.exe[3352] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 000B03FC .text CWindowssystem32svchost.exe[3352] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 000B0600 .text CWindowssystem32svchost.exe[3352] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 5 Bytes JMP 000B1014 .text CWindowssystem32svchost.exe[3352] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 000B0804 .text CWindowssystem32svchost.exe[3352] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 000B0A08 .text CWindowssystem32svchost.exe[3352] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 000B0C0C .text CWindowssystem32svchost.exe[3352] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 000B0E10 .text CWindowssystem32svchost.exe[3352] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 000B01F8 .text CWindowssystem32svchost.exe[3352] USER32.dll!SetWindowsHookExA 774C6322 5 Bytes JMP 000C0600 .text CWindowssystem32svchost.exe[3352] USER32.dll!SetWindowsHookExW 774C87AD 5 Bytes JMP 000C0804 .text CWindowssystem32svchost.exe[3352] USER32.dll!UnhookWindowsHookEx 774C98DB 5 Bytes JMP 000C0A08 .text CWindowssystem32svchost.exe[3352] USER32.dll!SetWinEventHook 774C9F3A 5 Bytes JMP 000C01F8 .text CWindowssystem32svchost.exe[3352] USER32.dll!UnhookWinEvent 774CC06F 5 Bytes JMP 000C03FC .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 000701F8 .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000703FC .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] USER32.dll!SetWindowsHookExA 774C6322 5 Bytes JMP 00080600 .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] USER32.dll!SetWindowsHookExW 774C87AD 5 Bytes JMP 00080804 .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] USER32.dll!UnhookWindowsHookEx 774C98DB 5 Bytes JMP 00080A08 .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] USER32.dll!SetWinEventHook 774C9F3A 5 Bytes JMP 000801F8 .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] USER32.dll!UnhookWinEvent 774CC06F 5 Bytes JMP 000803FC .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 000903FC .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 00090600 .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 5 Bytes JMP 00091014 .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 00090804 .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 00090A08 .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 00090C0C .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 00090E10 .text CProgram FilesCommon FilesAdobeARM1.0armsvc.exe[3448] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 000901F8 .text CWindowssystem32SearchProtocolHost.exe[3764] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 001501F8 .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 001503FC .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!SetWindowsHookExA 774C6322 5 Bytes JMP 001C0600 .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!SetWindowsHookExW 774C87AD 5 Bytes JMP 001C0804 .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!UnhookWindowsHookEx 774C98DB 5 Bytes JMP 001C0A08 .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!SetWinEventHook 774C9F3A 5 Bytes JMP 001C01F8 .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!UnhookWinEvent 774CC06F 5 Bytes JMP 001C03FC .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!SetScrollRange 774CD185 5 Bytes JMP 002A23A0 CProgram FilesPLAY ONLINESkinMagicU.dll (SkinMagic ToolkitAppspeed Inc.) .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!GetSysColorBrush 774CE21C 5 Bytes JMP 002A2490 CProgram FilesPLAY ONLINESkinMagicU.dll (SkinMagic ToolkitAppspeed Inc.) .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!GetScrollInfo 774CF073 7 Bytes JMP 002A2270 CProgram FilesPLAY ONLINESkinMagicU.dll (SkinMagic ToolkitAppspeed Inc.) .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!ShowScrollBar 774CF8AE 5 Bytes JMP 002A23F0 CProgram FilesPLAY ONLINESkinMagicU.dll (SkinMagic ToolkitAppspeed Inc.) .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!SetScrollInfo 774D71D8 7 Bytes JMP 002A2320 CProgram FilesPLAY ONLINESkinMagicU.dll (SkinMagic ToolkitAppspeed Inc.) .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!GetSysColor 774D9BF6 5 Bytes JMP 002A2430 CProgram FilesPLAY ONLINESkinMagicU.dll (SkinMagic ToolkitAppspeed Inc.) .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!EnableScrollBar 774EAF53 7 Bytes JMP 002A2230 CProgram FilesPLAY ONLINESkinMagicU.dll (SkinMagic ToolkitAppspeed Inc.) .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!GetScrollPos 774F337D 5 Bytes JMP 002A22B0 CProgram FilesPLAY ONLINESkinMagicU.dll (SkinMagic ToolkitAppspeed Inc.) .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!GetScrollRange 774F34A5 5 Bytes JMP 002A22E0 CProgram FilesPLAY ONLINESkinMagicU.dll (SkinMagic ToolkitAppspeed Inc.) .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] USER32.dll!SetScrollPos 774F3602 5 Bytes JMP 002A2360 CProgram FilesPLAY ONLINESkinMagicU.dll (SkinMagic ToolkitAppspeed Inc.) .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 001D03FC .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 001D0600 .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 5 Bytes JMP 001D1014 .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 001D0804 .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 001D0A08 .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 001D0C0C .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 001D0E10 .text CProgram FilesPLAY ONLINEPLAY ONLINE.exe[3808] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 001D01F8 .text CUsersDorotaDesktopNowy folder28poqec5.exe[3884] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CWindowssystem32SearchFilterHost.exe[3888] kernel32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] ntdll.dll!LdrLoadDll 77DA9378 5 Bytes JMP 000601F8 .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] ntdll.dll!LdrUnloadDll 77DBB680 5 Bytes JMP 000603FC .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] KERNEL32.dll!GetBinaryTypeW + 70 76652447 1 Byte [62] .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] ADVAPI32.dll!CreateServiceW 775A9EB4 5 Bytes JMP 000703FC .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] ADVAPI32.dll!DeleteService 775AA07E 5 Bytes JMP 00070600 .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] ADVAPI32.dll!SetServiceObjectSecurity 775E6CD9 5 Bytes JMP 00071014 .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] ADVAPI32.dll!ChangeServiceConfigA 775E6DD9 5 Bytes JMP 00070804 .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] ADVAPI32.dll!ChangeServiceConfigW 775E6F81 5 Bytes JMP 00070A08 .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] ADVAPI32.dll!ChangeServiceConfig2A 775E7099 5 Bytes JMP 00070C0C .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] ADVAPI32.dll!ChangeServiceConfig2W 775E71E1 5 Bytes JMP 00070E10 .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] ADVAPI32.dll!CreateServiceA 775E72A1 5 Bytes JMP 000701F8 .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] USER32.dll!SetWindowsHookExA 774C6322 5 Bytes JMP 00080600 .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] USER32.dll!SetWindowsHookExW 774C87AD 5 Bytes JMP 00080804 .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] USER32.dll!UnhookWindowsHookEx 774C98DB 5 Bytes JMP 00080A08 .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] USER32.dll!SetWinEventHook 774C9F3A 5 Bytes JMP 000801F8 .text CProgram FilesWindows Media Playerwmpnscfg.exe[3988] USER32.dll!UnhookWinEvent 774CC06F 5 Bytes JMP 000803FC ---- User IATEAT - GMER 2.1 ---- IAT CWindowssystem32services.exe[756] @ CWindowssystem32services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00280002 IAT CWindowssystem32services.exe[756] @ CWindowssystem32services.exe [KERNEL32.dll!CreateProcessW] 00280000 IAT CProgram FilesAVAST SoftwareAvastAvastSvc.exe[1752] @ CWindowssystem32USER32.dll [KERNEL32.dll!LoadLibraryExW] [7345FC70] CProgram FilesAVAST SoftwareAvastaswCmnBS.dll (Common functionsAVAST Software) IAT CProgram FilesAVAST SoftwareAvastAvastUI.exe[2420] @ CWindowssystem32USER32.dll [KERNEL32.dll!LoadLibraryExW] [7345FC70] CProgram FilesAVAST SoftwareAvastaswCmnBS.dll (Common functionsAVAST Software) ---- Devices - GMER 2.1 ---- Device FileSystemNtfs Ntfs aswSP.SYS (avast! self protection moduleAVAST Software) Device FileSystemfastfat FatCdrom aswSP.SYS (avast! self protection moduleAVAST Software) AttachedDevice Drivertdx DeviceTcp aswTdi.SYS (avast! TDI Filter DriverAVAST Software) AttachedDevice Drivertdx DeviceUdp aswTdi.SYS (avast! TDI Filter DriverAVAST Software) Device FileSystemfastfat Fat aswSP.SYS (avast! self protection moduleAVAST Software) AttachedDevice FileSystemfastfat Fat fltmgr.sys (Menedżer filtrów systemu plików firmy MicrosoftMicrosoft Corporation) ---- EOF - GMER 2.1 ----