GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2011-04-23 19:56:43 Windows 6.1.7600 Harddisk0\DR0 -> \Device\0000005c SAMSUNG_ rev.ZM10 Running: qo9wv6dt.exe; Driver: C:\Users\USER\AppData\Local\Temp\aftcaaob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E207728] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E2077D8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E207870] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8E21B652] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8E21B78C] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!ZwSaveKeyEx + 13B1 82C518A9 1 Byte [06] .text ntoskrnl.exe!KiDispatchInterrupt + 5A2 82C71312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntoskrnl.exe!KeRemoveQueueEx + 13B3 82C785C0 4 Bytes [28, 77, 20, 8E] .text ntoskrnl.exe!KeRemoveQueueEx + 1573 82C78780 4 Bytes [D8, 77, 20, 8E] .text ntoskrnl.exe!KeRemoveQueueEx + 16C3 82C788D0 4 Bytes [70, 78, 20, 8E] ? System32\Drivers\spil.sys System nie może odnaleźć określonej ścieżki. ! .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8E83A000, 0x227A14, 0xE8000020] .text USBPORT.SYS!DllUnload 8EDBBCA0 5 Bytes JMP 85B514E0 .text atou9opz.SYS 8EED8000 12 Bytes [44, 28, 02, 83, EE, 26, 02, ...] {INC ESP; SUB [EDX], AL; SUB ESI, 0x26; ADD AL, [EBX-0x7cfdf860]} .text atou9opz.SYS 8EED800D 9 Bytes [07, 02, 83, 48, 2B, 02, 83, ...] {POP ES; ADD AL, [EBX-0x7cfdd4b8]; ADD [EAX], AL} .text atou9opz.SYS 8EED8017 45 Bytes [00, DE, 17, 32, 88, E6, 15, ...] .text atou9opz.SYS 8EED8045 39 Bytes [18, C7, 82, F7, 02, C8, 82, ...] .text atou9opz.SYS 8EED806D 71 Bytes [E0, C4, 82, 90, 00, C7, 82, ...] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\wininit.exe[452] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[452] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[452] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[452] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[452] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[452] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wininit.exe[452] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[504] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[504] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[504] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[504] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[504] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[504] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\winlogon.exe[504] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\services.exe[552] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\services.exe[552] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsass.exe[576] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsass.exe[576] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsm.exe[584] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\lsm.exe[584] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[668] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[668] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[768] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[768] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[820] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[820] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[820] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[820] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[820] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[820] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[820] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[852] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[852] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[852] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[904] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[904] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[904] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[904] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[904] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[904] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskeng.exe[904] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[912] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[912] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[912] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[912] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[912] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[912] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[912] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[964] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[964] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[964] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[1328] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[1328] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[1328] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[1328] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[1328] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[1328] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\taskhost.exe[1328] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[1344] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1376] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1376] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1376] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1376] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1376] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1376] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\spoolsv.exe[1376] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1416] kernel32.dll!SetUnhandledExceptionFilter 764A3162 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Windows\system32\Dwm.exe[1484] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[1484] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[1484] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[1484] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[1484] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[1484] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\Dwm.exe[1484] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[1492] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[1492] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[1492] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[1492] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[1492] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[1492] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\Explorer.EXE[1492] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1620] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1620] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1620] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1620] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1620] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1620] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1620] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\SOUNDMAN.EXE[1628] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\SOUNDMAN.EXE[1628] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\SOUNDMAN.EXE[1628] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\SOUNDMAN.EXE[1628] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\SOUNDMAN.EXE[1628] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\SOUNDMAN.EXE[1628] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\SOUNDMAN.EXE[1628] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1732] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Skype\Phone\Skype.exe[1772] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Skype\Phone\Skype.exe[1772] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Skype\Phone\Skype.exe[1772] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Skype\Phone\Skype.exe[1772] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Skype\Phone\Skype.exe[1772] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Skype\Phone\Skype.exe[1772] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Skype\Phone\Skype.exe[1772] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1792] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1792] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1792] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1792] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1792] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1792] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[1792] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\logi\qo9wv6dt.exe[1996] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\logi\qo9wv6dt.exe[1996] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\logi\qo9wv6dt.exe[1996] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\logi\qo9wv6dt.exe[1996] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\logi\qo9wv6dt.exe[1996] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\logi\qo9wv6dt.exe[1996] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\logi\qo9wv6dt.exe[1996] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2128] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2128] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[2416] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[2416] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[2416] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[2416] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[2416] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[2416] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\SearchIndexer.exe[2416] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2640] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\svchost.exe[2640] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\GoogleUpdate.exe[2844] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\GoogleUpdate.exe[2844] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\GoogleUpdate.exe[2844] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\GoogleUpdate.exe[2844] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\GoogleUpdate.exe[2844] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\GoogleUpdate.exe[2844] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Program Files\Google\Update\GoogleUpdate.exe[2844] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3544] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3544] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3544] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3544] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3544] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3544] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\System32\svchost.exe[3544] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wuauclt.exe[3936] ntdll.dll!LdrUnloadDll 77A6BEAF 5 Bytes JMP 64D069B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wuauclt.exe[3936] ntdll.dll!LdrLoadDll 77A6F5B5 5 Bytes JMP 64D06950 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wuauclt.exe[3936] USER32.dll!UnhookWindowsHookEx 77B6CC7B 5 Bytes JMP 64D0BCB0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wuauclt.exe[3936] USER32.dll!UnhookWinEvent 77B6D924 5 Bytes JMP 64D0B8A0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wuauclt.exe[3936] USER32.dll!SetWindowsHookExW 77B7210A 5 Bytes JMP 64D0BB30 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wuauclt.exe[3936] USER32.dll!SetWinEventHook 77B7507E 5 Bytes JMP 64D0B720 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) .text C:\Windows\system32\wuauclt.exe[3936] USER32.dll!SetWindowsHookExA 77B96DFA 5 Bytes JMP 64D0B9B0 C:\Program Files\Alwil Software\Avast5\snxhk.dll (avast! snxhk/AVAST Software) ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoDetachDevice] [8824FDDC] \SystemRoot\System32\Drivers\spil.sys IAT \SystemRoot\system32\DRIVERS\pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [8824FE30] \SystemRoot\System32\Drivers\spil.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88225042] \SystemRoot\System32\Drivers\spil.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [882256D6] \SystemRoot\System32\Drivers\spil.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88225800] \SystemRoot\System32\Drivers\spil.sys IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8822513E] \SystemRoot\System32\Drivers\spil.sys IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortNotification] 00147880 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortQuerySystemTime] 78800C75 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortReadPortUchar] 06750015 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortStallExecution] C25DC033 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortWritePortUchar] 458B0008 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortWritePortUlong] 6A006A08 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 50056A24 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 005AB7E8 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortGetScatterGatherList] 0001B800 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortGetParentBusType] C25D0000 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortRequestCallback] CCCC0008 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortWritePortBufferUshort] CCCCCCCC IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortGetUnCachedExtension] CCCCCCCC IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortCompleteRequest] CCCCCCCC IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortCopyMemory] 53EC8B55 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortEtwTraceLog] 800C5D8B IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 7500117B IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 127B806A IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 80647500 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 7500137B IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortInitialize] 157B805E IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortGetDeviceBase] 56587500 IAT \SystemRoot\System32\Drivers\atou9opz.SYS[ataport.SYS!AtaPortDeviceStateChange] 8008758B IAT \SystemRoot\System32\Drivers\atou9opz.SYS[NTOSKRNL.exe!KeTickCount] 78801875 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [747F2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [747D5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [747D56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [747F250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [747E8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [747E4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [747E50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [747E51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [747E66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [747E82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [747E8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [747E907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [747EE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[1492] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [747E4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 849741F8 Device \Driver\volmgr \Device\VolMgrControl 8496F1F8 Device \Driver\usbuhci \Device\USBPDO-0 85B55500 Device \Driver\usbuhci \Device\USBPDO-1 85B55500 Device \Driver\sptd \Device\2447785982 spil.sys Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) Device \Driver\usbuhci \Device\USBPDO-2 85B55500 Device \Driver\usbuhci \Device\USBPDO-3 85B55500 Device \Driver\usbehci \Device\USBPDO-4 85B5D500 AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\volmgr \Device\HarddiskVolume1 8496F1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBT_Tcpip_{4129FD95-3756-4E7C-AFEE-6C0454C18511} 85A9D500 Device \Driver\cdrom \Device\CdRom0 85A3D500 Device \Driver\volmgr \Device\HarddiskVolume2 8496F1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume3 8496F1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\atapi \Device\Ide\IdePort0 849711F8 Device \Driver\atapi \Device\Ide\IdePort1 849711F8 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-3 849711F8 Device \Driver\cdrom \Device\CdRom1 85A3D500 Device \Driver\volmgr \Device\HarddiskVolume4 8496F1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\volmgr \Device\HarddiskVolume5 8496F1F8 AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\NetBT \Device\NetBt_Wins_Export 85A9D500 Device \Driver\NetBT \Device\NetBT_Tcpip_{2EF1FD82-171F-427F-B7E1-E026E54D0FA3} 85A9D500 Device \Driver\PCI_PNP9732 \Device\0000004c spil.sys Device \Driver\vsmraid \Device\0000005c 849721F8 Device \Driver\vsmraid \Device\RaidPort0 849721F8 AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 85B55500 Device \Driver\usbuhci \Device\USBFDO-1 85B55500 Device \Driver\usbuhci \Device\USBFDO-2 85B55500 Device \Driver\usbuhci \Device\USBFDO-3 85B55500 Device \Driver\usbehci \Device\USBFDO-4 85B5D500 Device \Driver\atou9opz \Device\Scsi\atou9opz1 85C5F500 Device \Driver\atou9opz \Device\Scsi\atou9opz1Port3Path0Target0Lun0 85C5F500 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x41 0x14 0x19 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x18 0xB4 0x32 0xAF ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x72 0x21 0xB4 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x6E 0x41 0x14 0x19 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x18 0xB4 0x32 0xAF ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x19 0x72 0x21 0xB4 ... ---- EOF - GMER 1.0.15 ----