GMER 1.0.15.15530 - http://www.gmer.net Rootkit scan 2011-03-12 01:05:51 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3802110A rev.2AAA Running: pxy8q7v5.exe; Driver: C:\Users\KRZYSZ~1\AppData\Local\Temp\kxroqpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x891349CA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E410A68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x89136EAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x89136F04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8913701A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x89136E02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x89136F54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x89136E56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x89136FC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x891349EE] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E410B18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x891347B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x89134A12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x89137412] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x891354AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x89136EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x89136F2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x89137044] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x89136E2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x89136F94] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x89136E84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x89136FF2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E410BB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x89135370] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x89134A36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x89134A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x89134812] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8913494E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8913492A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x89134972] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x89134A7E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8E4258DE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 82880589 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828A5092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 828AC824 4 Bytes [CA, 49, 13, 89] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 828AC84C 4 Bytes [68, 0A, 41, 8E] .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 828AC900 8 Bytes [AC, 6E, 13, 89, 04, 6F, 13, ...] {LODSB ; OUTSB ; ADC ECX, [ECX-0x76ec90fc]} .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 828AC90C 4 Bytes [1A, 70, 13, 89] .text ntkrnlpa.exe!RtlSidHashLookup + 318 828AC928 4 Bytes [02, 6E, 13, 89] .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82A462CB 5 Bytes JMP 8E42129E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 82A60003 5 Bytes JMP 8E422D50 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82AAA5CA 4 Bytes CALL 89135E3B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82AB26A5 4 Bytes CALL 89135E51 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 82B182F4 7 Bytes JMP 8E4258E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? System32\Drivers\spvl.sys System nie może odnaleźć określonej ścieżki. ! .text USBPORT.SYS!DllUnload 8E504CA0 5 Bytes JMP 85DF41D8 .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0x9999E300, 0x1B7E, 0xE8000020] ? C:\Windows\system32\Drivers\PROCEXP113.SYS Nie można odnaleźć określonego pliku. ! ? C:\Users\KRZYSZ~1\AppData\Local\Temp\catchme.sys Nie można odnaleźć określonego pliku. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\Dwm.exe[324] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\Dwm.exe[324] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\Dwm.exe[324] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 000F0120 .text C:\Windows\system32\Dwm.exe[324] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 000F006C .text C:\Windows\system32\Dwm.exe[324] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 000F00E4 .text C:\Windows\system32\Dwm.exe[324] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 000F0030 .text C:\Windows\system32\Dwm.exe[324] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 000F00A8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[404] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0017006C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[404] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00170030 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[404] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00210120 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[404] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0021006C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[404] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 002100E4 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[404] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00210030 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[404] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 002100A8 .text C:\Windows\system32\wininit.exe[448] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0003006C .text C:\Windows\system32\wininit.exe[448] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00030030 .text C:\Windows\system32\wininit.exe[448] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 000C0120 .text C:\Windows\system32\wininit.exe[448] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 000C006C .text C:\Windows\system32\wininit.exe[448] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 000C00E4 .text C:\Windows\system32\wininit.exe[448] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 000C0030 .text C:\Windows\system32\wininit.exe[448] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 000C00A8 .text C:\Windows\system32\services.exe[508] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\services.exe[508] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\winlogon.exe[540] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0003006C .text C:\Windows\system32\winlogon.exe[540] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00030030 .text C:\Windows\system32\winlogon.exe[540] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 001C0120 .text C:\Windows\system32\winlogon.exe[540] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 001C006C .text C:\Windows\system32\winlogon.exe[540] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 001C00E4 .text C:\Windows\system32\winlogon.exe[540] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 001C0030 .text C:\Windows\system32\winlogon.exe[540] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001C00A8 .text C:\Windows\system32\lsass.exe[568] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\lsass.exe[568] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\lsass.exe[568] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00200120 .text C:\Windows\system32\lsass.exe[568] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0020006C .text C:\Windows\system32\lsass.exe[568] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 002000E4 .text C:\Windows\system32\lsass.exe[568] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00200030 .text C:\Windows\system32\lsass.exe[568] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 002000A8 .text C:\Windows\system32\lsm.exe[576] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\lsm.exe[576] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[680] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[680] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[680] USER32.dll!UnhookWindowsHookEx 7627CC7B 3 Bytes JMP 00280120 .text C:\Windows\system32\svchost.exe[680] USER32.dll!UnhookWindowsHookEx + 4 7627CC7F 1 Byte [8A] .text C:\Windows\system32\svchost.exe[680] USER32.dll!UnhookWinEvent 7627D924 3 Bytes JMP 0028006C .text C:\Windows\system32\svchost.exe[680] USER32.dll!UnhookWinEvent + 4 7627D928 1 Byte [8A] .text C:\Windows\system32\svchost.exe[680] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 002800E4 .text C:\Windows\system32\svchost.exe[680] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00280030 .text C:\Windows\system32\svchost.exe[680] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 002800A8 .text C:\Windows\system32\nvvsvc.exe[756] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0016006C .text C:\Windows\system32\nvvsvc.exe[756] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00160030 .text C:\Windows\system32\nvvsvc.exe[756] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 001F0120 .text C:\Windows\system32\nvvsvc.exe[756] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 001F006C .text C:\Windows\system32\nvvsvc.exe[756] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 001F00E4 .text C:\Windows\system32\nvvsvc.exe[756] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 001F0030 .text C:\Windows\system32\nvvsvc.exe[756] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001F00A8 .text C:\Windows\system32\svchost.exe[784] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 000A006C .text C:\Windows\system32\svchost.exe[784] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 000A0030 .text C:\Windows\system32\svchost.exe[784] user32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00310120 .text C:\Windows\system32\svchost.exe[784] user32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0031006C .text C:\Windows\system32\svchost.exe[784] user32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 003100E4 .text C:\Windows\system32\svchost.exe[784] user32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00310030 .text C:\Windows\system32\svchost.exe[784] user32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 003100A8 .text C:\Windows\System32\svchost.exe[832] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\System32\svchost.exe[832] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\System32\svchost.exe[832] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00140120 .text C:\Windows\System32\svchost.exe[832] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0014006C .text C:\Windows\System32\svchost.exe[832] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 001400E4 .text C:\Windows\System32\svchost.exe[832] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00140030 .text C:\Windows\System32\svchost.exe[832] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001400A8 .text C:\Program Files\Internet Explorer\iexplore.exe[928] USER32.dll!CreateWindowExW 76280E51 5 Bytes JMP 6B9C818F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[928] USER32.dll!DialogBoxIndirectParamW 762A4AA7 5 Bytes JMP 6BAEFE68 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[928] USER32.dll!DialogBoxParamW 762A564A 5 Bytes JMP 6B8E4BA7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[928] USER32.dll!DialogBoxParamA 762BCF6A 5 Bytes JMP 6BAEFE05 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[928] USER32.dll!DialogBoxIndirectParamA 762BD29C 5 Bytes JMP 6BAEFECB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[928] USER32.dll!MessageBoxIndirectA 762CE8C9 5 Bytes JMP 6BAEFD9A C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[928] USER32.dll!MessageBoxIndirectW 762CE9C3 5 Bytes JMP 6BAEFD2F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[928] USER32.dll!MessageBoxExA 762CEA29 5 Bytes JMP 6BAEFCCD C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[928] USER32.dll!MessageBoxExW 762CEA4D 5 Bytes JMP 6BAEFC6B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\System32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00350120 .text C:\Windows\System32\svchost.exe[940] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0035006C .text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 003500E4 .text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00350030 .text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 003500A8 .text C:\Windows\system32\svchost.exe[996] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[996] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[996] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00F00120 .text C:\Windows\system32\svchost.exe[996] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 00F0006C .text C:\Windows\system32\svchost.exe[996] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 00F000E4 .text C:\Windows\system32\svchost.exe[996] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00F00030 .text C:\Windows\system32\svchost.exe[996] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 00F000A8 .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1020] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[1020] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 009B0120 .text C:\Windows\system32\svchost.exe[1020] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 009B006C .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 009B00E4 .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 009B0030 .text C:\Windows\system32\svchost.exe[1020] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 009B00A8 .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1148] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[1148] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00930120 .text C:\Windows\system32\svchost.exe[1148] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0093006C .text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 009300E4 .text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00930030 .text C:\Windows\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 009300A8 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1252] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0016006C .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1252] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00160030 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1252] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00200120 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1252] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0020006C .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1252] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 002000E4 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1252] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00200030 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[1252] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 002000A8 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0016006C .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00160030 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 001F0120 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 001F006C .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 001F00E4 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 001F0030 .text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1284] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001F00A8 .text C:\Windows\system32\nvvsvc.exe[1296] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0016006C .text C:\Windows\system32\nvvsvc.exe[1296] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00160030 .text C:\Windows\system32\nvvsvc.exe[1296] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 001F0120 .text C:\Windows\system32\nvvsvc.exe[1296] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 001F006C .text C:\Windows\system32\nvvsvc.exe[1296] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 001F00E4 .text C:\Windows\system32\nvvsvc.exe[1296] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 001F0030 .text C:\Windows\system32\nvvsvc.exe[1296] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001F00A8 .text C:\Windows\system32\FsUsbExService.Exe[1304] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0015006C .text C:\Windows\system32\FsUsbExService.Exe[1304] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00150030 .text C:\Windows\system32\FsUsbExService.Exe[1304] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 001E0120 .text C:\Windows\system32\FsUsbExService.Exe[1304] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 001E006C .text C:\Windows\system32\FsUsbExService.Exe[1304] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 001E00E4 .text C:\Windows\system32\FsUsbExService.Exe[1304] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 001E0030 .text C:\Windows\system32\FsUsbExService.Exe[1304] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001E00A8 .text C:\Windows\system32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1332] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[1332] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00DF0120 .text C:\Windows\system32\svchost.exe[1332] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 00DF006C .text C:\Windows\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 00DF00E4 .text C:\Windows\system32\svchost.exe[1332] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00DF0030 .text C:\Windows\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 00DF00A8 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1432] kernel32.dll!SetUnhandledExceptionFilter 75F43162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Windows\System32\spoolsv.exe[1800] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\System32\spoolsv.exe[1800] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\System32\spoolsv.exe[1800] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00200120 .text C:\Windows\System32\spoolsv.exe[1800] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0020006C .text C:\Windows\System32\spoolsv.exe[1800] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 002000E4 .text C:\Windows\System32\spoolsv.exe[1800] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00200030 .text C:\Windows\System32\spoolsv.exe[1800] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 002000A8 .text C:\Windows\system32\taskhost.exe[1844] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0005006C .text C:\Windows\system32\taskhost.exe[1844] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00050030 .text C:\Windows\system32\taskhost.exe[1844] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 000B0120 .text C:\Windows\system32\taskhost.exe[1844] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 000B006C .text C:\Windows\system32\taskhost.exe[1844] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 000B00E4 .text C:\Windows\system32\taskhost.exe[1844] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 000B0030 .text C:\Windows\system32\taskhost.exe[1844] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 000B00A8 .text C:\Windows\system32\svchost.exe[1876] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1876] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[1956] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[1956] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[1956] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 001D0120 .text C:\Windows\system32\svchost.exe[1956] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 001D006C .text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 001D00E4 .text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 001D0030 .text C:\Windows\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001D00A8 .text C:\Windows\system32\svchost.exe[2456] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\svchost.exe[2456] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\svchost.exe[2456] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00200120 .text C:\Windows\system32\svchost.exe[2456] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0020006C .text C:\Windows\system32\svchost.exe[2456] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 002000E4 .text C:\Windows\system32\svchost.exe[2456] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00200030 .text C:\Windows\system32\svchost.exe[2456] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 002000A8 .text C:\Program Files\iTunes\iTunesHelper.exe[2612] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0016006C .text C:\Program Files\iTunes\iTunesHelper.exe[2612] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00160030 .text C:\Program Files\iTunes\iTunesHelper.exe[2612] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00200120 .text C:\Program Files\iTunes\iTunesHelper.exe[2612] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0020006C .text C:\Program Files\iTunes\iTunesHelper.exe[2612] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 002000E4 .text C:\Program Files\iTunes\iTunesHelper.exe[2612] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00200030 .text C:\Program Files\iTunes\iTunesHelper.exe[2612] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 002000A8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0017006C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00170030 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00210120 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0021006C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 002100E4 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00210030 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2636] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 002100A8 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2800] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 000A006C .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2800] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 000A0030 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2800] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00140120 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2800] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0014006C .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2800] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 001400E4 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2800] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00140030 .text C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE[2800] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001400A8 .text C:\Program Files\iPod\bin\iPodService.exe[3004] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Program Files\iPod\bin\iPodService.exe[3004] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Program Files\iPod\bin\iPodService.exe[3004] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00200120 .text C:\Program Files\iPod\bin\iPodService.exe[3004] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0020006C .text C:\Program Files\iPod\bin\iPodService.exe[3004] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 002000E4 .text C:\Program Files\iPod\bin\iPodService.exe[3004] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00200030 .text C:\Program Files\iPod\bin\iPodService.exe[3004] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 002000A8 .text C:\Windows\system32\SearchIndexer.exe[3088] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\SearchIndexer.exe[3088] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\SearchIndexer.exe[3088] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00100120 .text C:\Windows\system32\SearchIndexer.exe[3088] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0010006C .text C:\Windows\system32\SearchIndexer.exe[3088] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 001000E4 .text C:\Windows\system32\SearchIndexer.exe[3088] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00100030 .text C:\Windows\system32\SearchIndexer.exe[3088] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001000A8 .text C:\Windows\system32\SearchProtocolHost.exe[3096] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0005006C .text C:\Windows\system32\SearchProtocolHost.exe[3096] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00050030 .text C:\Windows\system32\SearchProtocolHost.exe[3096] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00130120 .text C:\Windows\system32\SearchProtocolHost.exe[3096] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0013006C .text C:\Windows\system32\SearchProtocolHost.exe[3096] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 001300E4 .text C:\Windows\system32\SearchProtocolHost.exe[3096] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00130030 .text C:\Windows\system32\SearchProtocolHost.exe[3096] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001300A8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3332] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3332] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3332] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 001B0120 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3332] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 001B006C .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3332] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 001B00E4 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3332] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 001B0030 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[3332] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001B00A8 .text C:\Windows\System32\svchost.exe[3772] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 000A006C .text C:\Windows\System32\svchost.exe[3772] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 000A0030 .text C:\Windows\System32\svchost.exe[3772] user32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 003F0120 .text C:\Windows\System32\svchost.exe[3772] user32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 003F006C .text C:\Windows\System32\svchost.exe[3772] user32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 003F00E4 .text C:\Windows\System32\svchost.exe[3772] user32.dll!SetWinEventHook 7628507E 5 Bytes JMP 003F0030 .text C:\Windows\System32\svchost.exe[3772] user32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 003F00A8 .text C:\Windows\System32\svchost.exe[3888] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\System32\svchost.exe[3888] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\System32\svchost.exe[3888] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 003A0120 .text C:\Windows\System32\svchost.exe[3888] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 003A006C .text C:\Windows\System32\svchost.exe[3888] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 003A00E4 .text C:\Windows\System32\svchost.exe[3888] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 003A0030 .text C:\Windows\System32\svchost.exe[3888] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 003A00A8 .text C:\Windows\system32\SearchFilterHost.exe[4040] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0006006C .text C:\Windows\system32\SearchFilterHost.exe[4040] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00060030 .text C:\Windows\system32\SearchFilterHost.exe[4040] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00100120 .text C:\Windows\system32\SearchFilterHost.exe[4040] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0010006C .text C:\Windows\system32\SearchFilterHost.exe[4040] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 001000E4 .text C:\Windows\system32\SearchFilterHost.exe[4040] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00100030 .text C:\Windows\system32\SearchFilterHost.exe[4040] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001000A8 .text C:\Program Files\Internet Explorer\iexplore.exe[4896] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0005006C .text C:\Program Files\Internet Explorer\iexplore.exe[4896] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00050030 .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 6B9D83A2 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!CallNextHookEx 7627CC8F 5 Bytes JMP 6B9B9D8C C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 001F006C .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!CreateWindowExW 76280E51 5 Bytes JMP 6B9C818F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 6B974643 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 001F0030 .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!DialogBoxIndirectParamW 762A4AA7 5 Bytes JMP 6BAEFE68 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!DialogBoxParamW 762A564A 5 Bytes JMP 6B8E4BA7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 001F00A8 .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!DialogBoxParamA 762BCF6A 5 Bytes JMP 6BAEFE05 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!DialogBoxIndirectParamA 762BD29C 5 Bytes JMP 6BAEFECB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!MessageBoxIndirectA 762CE8C9 5 Bytes JMP 6BAEFD9A C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!MessageBoxIndirectW 762CE9C3 5 Bytes JMP 6BAEFD2F C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!MessageBoxExA 762CEA29 5 Bytes JMP 6BAEFCCD C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!MessageBoxExW 762CEA4D 5 Bytes JMP 6BAEFC6B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] ole32.dll!OleLoadFromStream 75D85BF6 5 Bytes JMP 6BAF01BB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] ole32.dll!CoCreateInstance 75DD590C 5 Bytes JMP 6B9C8C7D C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Users\Krzysztof\Desktop\pxy8q7v5.exe[5100] ntdll.dll!LdrUnloadDll 7759BEAF 5 Bytes JMP 0016006C .text C:\Users\Krzysztof\Desktop\pxy8q7v5.exe[5100] ntdll.dll!LdrLoadDll 7759F5B5 5 Bytes JMP 00160030 .text C:\Users\Krzysztof\Desktop\pxy8q7v5.exe[5100] USER32.dll!UnhookWindowsHookEx 7627CC7B 5 Bytes JMP 00220120 .text C:\Users\Krzysztof\Desktop\pxy8q7v5.exe[5100] USER32.dll!UnhookWinEvent 7627D924 5 Bytes JMP 0022006C .text C:\Users\Krzysztof\Desktop\pxy8q7v5.exe[5100] USER32.dll!SetWindowsHookExW 7628210A 5 Bytes JMP 002200E4 .text C:\Users\Krzysztof\Desktop\pxy8q7v5.exe[5100] USER32.dll!SetWinEventHook 7628507E 5 Bytes JMP 00220030 .text C:\Users\Krzysztof\Desktop\pxy8q7v5.exe[5100] USER32.dll!SetWindowsHookExA 762A6DFA 5 Bytes JMP 002200A8 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88807042] \SystemRoot\System32\Drivers\spvl.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [888076D6] \SystemRoot\System32\Drivers\spvl.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88807800] \SystemRoot\System32\Drivers\spvl.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8880713E] \SystemRoot\System32\Drivers\spvl.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74312494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [742F5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [742F56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [7431250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74308573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74304D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [743050CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [743051A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [743066D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [743082CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74308819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7430907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7430E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\explorer.exe[3064] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74304C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 84A781F8 Device \Driver\volmgr \Device\VolMgrControl 84A731F8 Device \Driver\usbohci \Device\USBPDO-0 85DF51F8 Device \Driver\usbehci \Device\USBPDO-1 85DF61F8 Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\volmgr \Device\HarddiskVolume1 84A731F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume2 84A731F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\cdrom \Device\CdRom0 85C471F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84A751F8 Device \Driver\atapi \Device\Ide\IdePort0 84A751F8 Device \Driver\atapi \Device\Ide\IdePort1 84A751F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 84A751F8 Device \Driver\volmgr \Device\HarddiskVolume3 84A731F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 85DAD500 Device \Driver\nvstor \Device\0000005c 84A761F8 Device \Driver\nvstor \Device\RaidPort0 84A761F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbohci \Device\USBFDO-0 85DF51F8 Device \Driver\NetBT \Device\NetBT_Tcpip_{1307D15D-C87A-47CB-A182-2B9F07640A0A} 85DAD500 Device \Driver\usbehci \Device\USBFDO-1 85DF61F8 ---- Processes - GMER 1.0.15 ---- Library C:\Program (*** hidden *** ) @ C:\Windows\System32\spoolsv.exe [1800] 0x71710000 Library C:\Program (*** hidden *** ) @ C:\Program Files\Alwil Software\Avast5\AvastUI.exe [2584] 0x71710000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x8B 0x6E 0x03 0x21 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programy\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x15 0xCD 0x0C 0xB7 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA2 0x47 0x04 0xB8 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x75 0x55 0x1B 0x47 ... ---- EOF - GMER 1.0.15 ----