GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-10-14 22:27:26 Windows 6.1.7600 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541680J9SA00 rev.SB2OC70P 74,53GB Running: 26640bhz.exe; Driver: C:\Users\xv\AppData\Local\Temp\uglcraoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8BA50610] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8B31A5FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8BA510E6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8BA5CF18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8BA5CF64] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8BA5D0FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8BA5CE86] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8B31A992] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8BA5CECE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x8BA515E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x8BA51800] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8BA5D0B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x8BA51E9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8BA50676] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x8BA55596] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8B31A6C2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8B318C12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8BA506DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8BA5598C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8BA5292C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8BA5CF42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8BA5CF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8BA5D122] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8BA5CEAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x8BA54E78] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8BA5D036] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8BA5CEF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x8BA5526E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8BA5D0DC] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8B31A822] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8BA527F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x8BA52506] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8BA50742] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8BA507A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x8BA51D16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8BA502F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8BA504CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8BA5045C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x8BA52066] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x8BA521C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8BA50556] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8B31A8EA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x8BA51CF6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0x8B318C42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8BA5080E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8B31A76E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8287C579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828A0F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 828A8714 4 Bytes [10, 06, A5, 8B] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 828A873C 4 Bytes [FA, A5, 31, 8B] .text ntkrnlpa.exe!RtlSidHashLookup + 29C 828A879C 4 Bytes [E6, 10, A5, 8B] .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 828A87F0 8 Bytes [18, CF, A5, 8B, 64, CF, A5, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 828A87FC 4 Bytes [FE, D0, A5, 8B] .text ... ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\csrss.exe[388] kernel32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Windows\system32\wininit.exe[436] kernel32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Windows\system32\csrss.exe[444] kernel32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Windows\system32\winlogon.exe[468] kernel32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Windows\system32\services.exe[528] kernel32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text ... .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtCreateFile + 6 77454A16 4 Bytes [28, 4C, 1A, 00] {SUB [EDX+EBX+0x0], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtCreateFile + B 77454A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtMapViewOfSection + 6 77455076 4 Bytes [28, 4F, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtMapViewOfSection + B 7745507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenFile + 6 77455126 4 Bytes [68, 4C, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenFile + B 7745512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcess + 6 774551D6 4 Bytes [A8, 4D, 1A, 00] {TEST AL, 0x4d; SBB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcess + B 774551DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcessToken + B 774551EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcessTokenEx + 6 774551F6 4 Bytes [A8, 4E, 1A, 00] {TEST AL, 0x4e; SBB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenProcessTokenEx + B 774551FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThread + 6 77455256 4 Bytes [68, 4D, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThread + B 7745525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThreadToken + 6 77455266 4 Bytes [68, 4E, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThreadToken + B 7745526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtOpenThreadTokenEx + B 7745527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtQueryAttributesFile + 6 77455386 4 Bytes [A8, 4C, 1A, 00] {TEST AL, 0x4c; SBB AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtQueryAttributesFile + B 7745538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtQueryFullAttributesFile + B 7745543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtSetInformationFile + 6 77455A86 4 Bytes [28, 4D, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtSetInformationFile + B 77455A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtSetInformationThread + 6 77455AE6 4 Bytes [28, 4E, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtSetInformationThread + B 77455AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtUnmapViewOfSection + 6 77455E06 4 Bytes [68, 4F, 1A, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!NtUnmapViewOfSection + B 77455E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!LdrUnloadDll 7746BE7F 5 Bytes JMP 003B03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] ntdll.dll!LdrLoadDll 7746F585 5 Bytes JMP 003B01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] KERNEL32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] USER32.dll!UnhookWindowsHookEx 76A2CC7B 5 Bytes JMP 003C0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] USER32.dll!UnhookWinEvent 76A2D924 5 Bytes JMP 003C03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] USER32.dll!SetWindowsHookExW 76A3210A 5 Bytes JMP 003C0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] USER32.dll!SetWinEventHook 76A3507E 5 Bytes JMP 003C01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1476] USER32.dll!SetWindowsHookExA 76A56DFA 5 Bytes JMP 003C0600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1588] kernel32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1732] kernel32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1760] kernel32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Windows\system32\taskhost.exe[1784] kernel32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1912] kernel32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text ... .text C:\Windows\system32\Dwm.exe[2064] ntdll.dll!LdrUnloadDll 7746BE7F 5 Bytes JMP 000E03FC .text C:\Windows\system32\Dwm.exe[2064] ntdll.dll!LdrLoadDll 7746F585 5 Bytes JMP 000E01F8 .text C:\Windows\system32\Dwm.exe[2064] KERNEL32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2064] USER32.dll!UnhookWindowsHookEx 76A2CC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\Dwm.exe[2064] USER32.dll!UnhookWinEvent 76A2D924 5 Bytes JMP 000F03FC .text C:\Windows\system32\Dwm.exe[2064] USER32.dll!SetWindowsHookExW 76A3210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\Dwm.exe[2064] USER32.dll!SetWinEventHook 76A3507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\Dwm.exe[2064] USER32.dll!SetWindowsHookExA 76A56DFA 5 Bytes JMP 000F0600 .text C:\Users\xv\Desktop\prog do test\26640bhz.exe[2672] kernel32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtCreateFile + 6 77454A16 4 Bytes [28, C0, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtCreateFile + B 77454A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtMapViewOfSection + 6 77455076 4 Bytes [28, C3, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtMapViewOfSection + B 7745507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenFile + 6 77455126 4 Bytes [68, C0, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenFile + B 7745512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcess + 6 774551D6 4 Bytes [A8, C1, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcess + B 774551DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcessToken + B 774551EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcessTokenEx + 6 774551F6 4 Bytes [A8, C2, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenProcessTokenEx + B 774551FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThread + 6 77455256 4 Bytes [68, C1, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThread + B 7745525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThreadToken + 6 77455266 4 Bytes [68, C2, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThreadToken + B 7745526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtOpenThreadTokenEx + B 7745527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtQueryAttributesFile + 6 77455386 4 Bytes [A8, C0, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtQueryAttributesFile + B 7745538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtQueryFullAttributesFile + B 7745543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtSetInformationFile + 6 77455A86 4 Bytes [28, C1, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtSetInformationFile + B 77455A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtSetInformationThread + 6 77455AE6 4 Bytes [28, C2, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtSetInformationThread + B 77455AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtUnmapViewOfSection + 6 77455E06 4 Bytes [68, C3, 6E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!NtUnmapViewOfSection + B 77455E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!LdrUnloadDll 7746BE7F 5 Bytes JMP 007403FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] ntdll.dll!LdrLoadDll 7746F585 5 Bytes JMP 007401F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] KERNEL32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] USER32.dll!UnhookWindowsHookEx 76A2CC7B 5 Bytes JMP 00750A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] USER32.dll!UnhookWinEvent 76A2D924 5 Bytes JMP 007503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] USER32.dll!SetWindowsHookExW 76A3210A 5 Bytes JMP 00750804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] USER32.dll!SetWinEventHook 76A3507E 5 Bytes JMP 007501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[2864] USER32.dll!SetWindowsHookExA 76A56DFA 5 Bytes JMP 00750600 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2884] ntdll.dll!LdrUnloadDll 7746BE7F 5 Bytes JMP 000703FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2884] ntdll.dll!LdrLoadDll 7746F585 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2884] KERNEL32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2884] USER32.dll!UnhookWindowsHookEx 76A2CC7B 5 Bytes JMP 00140A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2884] USER32.dll!UnhookWinEvent 76A2D924 5 Bytes JMP 001403FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2884] USER32.dll!SetWindowsHookExW 76A3210A 5 Bytes JMP 00140804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2884] USER32.dll!SetWinEventHook 76A3507E 5 Bytes JMP 001401F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[2884] USER32.dll!SetWindowsHookExA 76A56DFA 5 Bytes JMP 00140600 .text C:\Windows\system32\AUDIODG.EXE[3040] kernel32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtCreateFile + 6 77454A16 4 Bytes [28, 3C, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtCreateFile + B 77454A1B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtMapViewOfSection + 6 77455076 4 Bytes [28, 3F, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtMapViewOfSection + B 7745507B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenFile + 6 77455126 4 Bytes [68, 3C, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenFile + B 7745512B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcess + 6 774551D6 4 Bytes [A8, 3D, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcess + B 774551DB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessToken + B 774551EB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessTokenEx + 6 774551F6 4 Bytes [A8, 3E, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessTokenEx + B 774551FB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThread + 6 77455256 4 Bytes [68, 3D, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThread + B 7745525B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadToken + 6 77455266 4 Bytes [68, 3E, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadToken + B 7745526B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadTokenEx + B 7745527B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryAttributesFile + 6 77455386 4 Bytes [A8, 3C, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryAttributesFile + B 7745538B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryFullAttributesFile + B 7745543B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationFile + 6 77455A86 4 Bytes [28, 3D, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationFile + B 77455A8B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationThread + 6 77455AE6 4 Bytes [28, 3E, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationThread + B 77455AEB 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtUnmapViewOfSection + 6 77455E06 4 Bytes [68, 3F, 49, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtUnmapViewOfSection + B 77455E0B 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!LdrUnloadDll 7746BE7F 5 Bytes JMP 005503FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!LdrLoadDll 7746F585 5 Bytes JMP 005501F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] KERNEL32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] USER32.dll!UnhookWindowsHookEx 76A2CC7B 5 Bytes JMP 00560A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] USER32.dll!UnhookWinEvent 76A2D924 5 Bytes JMP 005603FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] USER32.dll!SetWindowsHookExW 76A3210A 5 Bytes JMP 00560804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] USER32.dll!SetWinEventHook 76A3507E 5 Bytes JMP 005601F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] USER32.dll!SetWindowsHookExA 76A56DFA 5 Bytes JMP 00560600 .text C:\Windows\system32\sppsvc.exe[3228] ntdll.dll!LdrUnloadDll 7746BE7F 5 Bytes JMP 001303FC .text C:\Windows\system32\sppsvc.exe[3228] ntdll.dll!LdrLoadDll 7746F585 5 Bytes JMP 001301F8 .text C:\Windows\system32\sppsvc.exe[3228] KERNEL32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Windows\system32\sppsvc.exe[3228] USER32.dll!UnhookWindowsHookEx 76A2CC7B 5 Bytes JMP 00150A08 .text C:\Windows\system32\sppsvc.exe[3228] USER32.dll!UnhookWinEvent 76A2D924 5 Bytes JMP 001503FC .text C:\Windows\system32\sppsvc.exe[3228] USER32.dll!SetWindowsHookExW 76A3210A 5 Bytes JMP 00150804 .text C:\Windows\system32\sppsvc.exe[3228] USER32.dll!SetWinEventHook 76A3507E 5 Bytes JMP 001501F8 .text C:\Windows\system32\sppsvc.exe[3228] USER32.dll!SetWindowsHookExA 76A56DFA 5 Bytes JMP 00150600 .text C:\Windows\System32\svchost.exe[3300] ntdll.dll!LdrUnloadDll 7746BE7F 5 Bytes JMP 000E03FC .text C:\Windows\System32\svchost.exe[3300] ntdll.dll!LdrLoadDll 7746F585 5 Bytes JMP 000E01F8 .text C:\Windows\System32\svchost.exe[3300] KERNEL32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Windows\System32\svchost.exe[3300] USER32.dll!UnhookWindowsHookEx 76A2CC7B 5 Bytes JMP 00100A08 .text C:\Windows\System32\svchost.exe[3300] USER32.dll!UnhookWinEvent 76A2D924 5 Bytes JMP 001003FC .text C:\Windows\System32\svchost.exe[3300] USER32.dll!SetWindowsHookExW 76A3210A 5 Bytes JMP 00100804 .text C:\Windows\System32\svchost.exe[3300] USER32.dll!SetWinEventHook 76A3507E 5 Bytes JMP 001001F8 .text C:\Windows\System32\svchost.exe[3300] USER32.dll!SetWindowsHookExA 76A56DFA 5 Bytes JMP 00100600 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!LdrUnloadDll 7746BE7F 5 Bytes JMP 000E03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] ntdll.dll!LdrLoadDll 7746F585 5 Bytes JMP 000E01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] KERNEL32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] USER32.dll!UnhookWindowsHookEx 76A2CC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] USER32.dll!UnhookWinEvent 76A2D924 5 Bytes JMP 000F03FC .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] USER32.dll!SetWindowsHookExW 76A3210A 5 Bytes JMP 000F0804 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] USER32.dll!SetWinEventHook 76A3507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3476] USER32.dll!SetWindowsHookExA 76A56DFA 5 Bytes JMP 000F0600 .text C:\Windows\system32\SearchIndexer.exe[3860] ntdll.dll!LdrUnloadDll 7746BE7F 5 Bytes JMP 000E03FC .text C:\Windows\system32\SearchIndexer.exe[3860] ntdll.dll!LdrLoadDll 7746F585 5 Bytes JMP 000E01F8 .text C:\Windows\system32\SearchIndexer.exe[3860] KERNEL32.dll!GetBinaryTypeW + 70 77367964 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3860] USER32.dll!UnhookWindowsHookEx 76A2CC7B 5 Bytes JMP 00100A08 .text C:\Windows\system32\SearchIndexer.exe[3860] USER32.dll!UnhookWinEvent 76A2D924 5 Bytes JMP 001003FC .text C:\Windows\system32\SearchIndexer.exe[3860] USER32.dll!SetWindowsHookExW 76A3210A 5 Bytes JMP 00100804 .text C:\Windows\system32\SearchIndexer.exe[3860] USER32.dll!SetWinEventHook 76A3507E 5 Bytes JMP 001001F8 .text C:\Windows\system32\SearchIndexer.exe[3860] USER32.dll!SetWindowsHookExA 76A56DFA 5 Bytes JMP 00100600 ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1416] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71630790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[1588] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [71630790] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 2.1 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- EOF - GMER 2.1 ----