GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2011-07-20 19:51:33 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD1600BEVS-26VAT0 rev.11.01A11 Running: qz2ju46j.exe; Driver: C:\Users\MICHA~1\AppData\Local\Temp\pwldipow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8DE40202] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8D96FD8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8DE427F0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8DE42848] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8DE4295E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8DE42746] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8DE42898] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8DE4279A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8DE4290C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8DE40226] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8D96FE3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8DE3FFF0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8DE4024A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8DE42D56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8DE40CDA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8DE42820] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8DE42870] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8DE42988] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8DE42772] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8DE428D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8DE427C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8DE42936] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8D96FED4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8DE40BA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8DE4026E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8DE40292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8DE4004A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8DE40186] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8DE40162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8DE401AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8DE402B6] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8D985398] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKey + 13C1 83045339 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8307ED52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 83085DC0 4 Bytes [02, 02, E4, 8D] {ADD AL, [EDX]; IN AL, 0x8d} .text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 83085DE8 4 Bytes [8C, FD, 96, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 83085E9C 8 Bytes [F0, 27, E4, 8D, 48, 28, E4, ...] .text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 83085EA8 4 Bytes [5E, 29, E4, 8D] .text ntkrnlpa.exe!KeRemoveQueueEx + 11CF 83085EC4 4 Bytes [46, 27, E4, 8D] {INC ESI; DAA ; IN AL, 0x8d} .text ... .text kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\taskhost.exe[360] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000503FC .text C:\Windows\system32\taskhost.exe[360] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskhost.exe[360] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\taskhost.exe[360] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 000E0A08 .text C:\Windows\system32\taskhost.exe[360] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 000E03FC .text C:\Windows\system32\taskhost.exe[360] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 000E0804 .text C:\Windows\system32\taskhost.exe[360] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 000E01F8 .text C:\Windows\system32\taskhost.exe[360] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 000E0600 .text C:\Windows\system32\csrss.exe[428] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[492] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[492] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[492] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\wininit.exe[492] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 000C0A08 .text C:\Windows\system32\wininit.exe[492] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 000C03FC .text C:\Windows\system32\wininit.exe[492] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 000C0804 .text C:\Windows\system32\wininit.exe[492] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 000C01F8 .text C:\Windows\system32\wininit.exe[492] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 000C0600 .text C:\Windows\system32\csrss.exe[504] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\services.exe[548] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000F03FC .text C:\Windows\system32\services.exe[548] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000F01F8 .text C:\Windows\system32\services.exe[548] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\lsass.exe[564] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\lsass.exe[564] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsass.exe[564] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\lsass.exe[564] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00180A08 .text C:\Windows\system32\lsass.exe[564] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 001803FC .text C:\Windows\system32\lsass.exe[564] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00180804 .text C:\Windows\system32\lsass.exe[564] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 001801F8 .text C:\Windows\system32\lsass.exe[564] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00180600 .text C:\Windows\system32\lsm.exe[572] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\lsm.exe[572] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\lsm.exe[572] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\winlogon.exe[600] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[600] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[600] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\winlogon.exe[600] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 000C0A08 .text C:\Windows\system32\winlogon.exe[600] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 000C03FC .text C:\Windows\system32\winlogon.exe[600] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 000C0804 .text C:\Windows\system32\winlogon.exe[600] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 000C01F8 .text C:\Windows\system32\winlogon.exe[600] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 000C0600 .text C:\Windows\system32\svchost.exe[720] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[720] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[720] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[812] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[812] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[812] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[876] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[876] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[876] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[876] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00280A08 .text C:\Windows\System32\svchost.exe[876] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 002803FC .text C:\Windows\System32\svchost.exe[876] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00280804 .text C:\Windows\System32\svchost.exe[876] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 002801F8 .text C:\Windows\System32\svchost.exe[876] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00280600 .text C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 003A0A08 .text C:\Windows\System32\svchost.exe[940] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 003A03FC .text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 003A0804 .text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 003A01F8 .text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 003A0600 .text C:\Windows\system32\svchost.exe[988] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[988] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[988] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[988] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00AC0A08 .text C:\Windows\system32\svchost.exe[988] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 00AC03FC .text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00AC0804 .text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 00AC01F8 .text C:\Windows\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00AC0600 .text C:\Windows\system32\AUDIODG.EXE[1080] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1144] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 009F0A08 .text C:\Windows\system32\svchost.exe[1144] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 009F03FC .text C:\Windows\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 009F0804 .text C:\Windows\system32\svchost.exe[1144] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 009F01F8 .text C:\Windows\system32\svchost.exe[1144] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 009F0600 .text C:\Windows\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[1260] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[1260] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1260] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00490A08 .text C:\Windows\system32\svchost.exe[1260] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 004903FC .text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00490804 .text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 004901F8 .text C:\Windows\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00490600 .text C:\Windows\system32\ctfmon.exe[1296] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[1344] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 001603FC .text C:\Windows\System32\hkcmd.exe[1344] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 001601F8 .text C:\Windows\System32\hkcmd.exe[1344] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[1344] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00200A08 .text C:\Windows\System32\hkcmd.exe[1344] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 002003FC .text C:\Windows\System32\hkcmd.exe[1344] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00200804 .text C:\Windows\System32\hkcmd.exe[1344] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 002001F8 .text C:\Windows\System32\hkcmd.exe[1344] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00200600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1364] kernel32.dll!SetUnhandledExceptionFilter 7704F4FB 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1364] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[1372] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[1372] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 003C0A08 .text C:\Windows\System32\svchost.exe[1372] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 003C03FC .text C:\Windows\System32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 003C0804 .text C:\Windows\System32\svchost.exe[1372] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 003C01F8 .text C:\Windows\System32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 003C0600 .text C:\Windows\system32\Dwm.exe[1488] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[1488] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[1488] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1488] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 000F0A08 .text C:\Windows\system32\Dwm.exe[1488] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 000F03FC .text C:\Windows\system32\Dwm.exe[1488] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 000F0804 .text C:\Windows\system32\Dwm.exe[1488] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 000F01F8 .text C:\Windows\system32\Dwm.exe[1488] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 000F0600 .text C:\Windows\Explorer.EXE[1524] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[1524] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[1524] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\Explorer.EXE[1524] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 003E0A08 .text C:\Windows\Explorer.EXE[1524] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 003E03FC .text C:\Windows\Explorer.EXE[1524] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 003E0804 .text C:\Windows\Explorer.EXE[1524] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 003E01F8 .text C:\Windows\Explorer.EXE[1524] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 003E0600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00120A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 001203FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00120804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 001201F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1532] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00120600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1552] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[1888] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 001603FC .text C:\Windows\System32\igfxpers.exe[1888] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 001601F8 .text C:\Windows\System32\igfxpers.exe[1888] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[1888] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00310A08 .text C:\Windows\System32\igfxpers.exe[1888] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 003103FC .text C:\Windows\System32\igfxpers.exe[1888] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00310804 .text C:\Windows\System32\igfxpers.exe[1888] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 003101F8 .text C:\Windows\System32\igfxpers.exe[1888] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00310600 .text C:\Windows\System32\spoolsv.exe[1892] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\System32\spoolsv.exe[1892] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\System32\spoolsv.exe[1892] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1892] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 000A0A08 .text C:\Windows\System32\spoolsv.exe[1892] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 000A03FC .text C:\Windows\System32\spoolsv.exe[1892] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 000A0804 .text C:\Windows\System32\spoolsv.exe[1892] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 000A01F8 .text C:\Windows\System32\spoolsv.exe[1892] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 000A0600 .text C:\Windows\system32\svchost.exe[1932] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[1932] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[1932] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00260A08 .text C:\Windows\system32\svchost.exe[1932] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 002603FC .text C:\Windows\system32\svchost.exe[1932] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00260804 .text C:\Windows\system32\svchost.exe[1932] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 002601F8 .text C:\Windows\system32\svchost.exe[1932] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00260600 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1976] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 001503FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1976] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 001501F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1976] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1976] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 001E0A08 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1976] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 001E03FC .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1976] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 001E0804 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1976] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 001E01F8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1976] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 001E0600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1996] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 001603FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1996] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 001601F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1996] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1996] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00300A08 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1996] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 003003FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1996] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00300804 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1996] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 003001F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[1996] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00300600 .text C:\Windows\system32\DllHost.exe[2088] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000503FC .text C:\Windows\system32\DllHost.exe[2088] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000501F8 .text C:\Windows\system32\DllHost.exe[2088] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\DllHost.exe[2088] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 000E0A08 .text C:\Windows\system32\DllHost.exe[2088] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 000E03FC .text C:\Windows\system32\DllHost.exe[2088] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 000E0804 .text C:\Windows\system32\DllHost.exe[2088] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 000E01F8 .text C:\Windows\system32\DllHost.exe[2088] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 000E0600 .text C:\Program Files\RocketDock\RocketDock.exe[2204] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 001603FC .text C:\Program Files\RocketDock\RocketDock.exe[2204] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 001601F8 .text C:\Program Files\RocketDock\RocketDock.exe[2204] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\RocketDock\RocketDock.exe[2204] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\RocketDock\RocketDock.exe[2204] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 001F03FC .text C:\Program Files\RocketDock\RocketDock.exe[2204] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 001F0804 .text C:\Program Files\RocketDock\RocketDock.exe[2204] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 001F01F8 .text C:\Program Files\RocketDock\RocketDock.exe[2204] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Bonjour\mDNSResponder.exe[2236] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2236] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2236] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[2236] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00090A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[2236] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 000903FC .text C:\Program Files\Bonjour\mDNSResponder.exe[2236] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00090804 .text C:\Program Files\Bonjour\mDNSResponder.exe[2236] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 000901F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[2236] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00090600 .text C:\Windows\system32\svchost.exe[2312] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2312] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2312] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2312] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00B20A08 .text C:\Windows\system32\svchost.exe[2312] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 00B203FC .text C:\Windows\system32\svchost.exe[2312] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00B20804 .text C:\Windows\system32\svchost.exe[2312] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 00B201F8 .text C:\Windows\system32\svchost.exe[2312] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00B20600 .text C:\Windows\system32\svchost.exe[2376] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000A03FC .text C:\Windows\system32\svchost.exe[2376] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000A01F8 .text C:\Windows\system32\svchost.exe[2376] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[2444] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[2444] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe[2480] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 001503FC .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe[2480] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 001501F8 .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe[2480] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe[2480] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 001E0A08 .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe[2480] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 001E03FC .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe[2480] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 001E0804 .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe[2480] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 001E01F8 .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtlService.exe[2480] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 001E0600 .text C:\Windows\system32\svchost.exe[2488] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2488] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2488] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[2556] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[2556] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[2556] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\blueconnect\AssistantServices.exe[2624] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 001603FC .text C:\Program Files\blueconnect\AssistantServices.exe[2624] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 001601F8 .text C:\Program Files\blueconnect\AssistantServices.exe[2624] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\blueconnect\AssistantServices.exe[2624] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 001F0A08 .text C:\Program Files\blueconnect\AssistantServices.exe[2624] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 001F03FC .text C:\Program Files\blueconnect\AssistantServices.exe[2624] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 001F0804 .text C:\Program Files\blueconnect\AssistantServices.exe[2624] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 001F01F8 .text C:\Program Files\blueconnect\AssistantServices.exe[2624] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 001F0600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2696] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2696] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2696] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2696] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2696] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 001003FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2696] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00100804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2696] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 001001F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2696] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00100600 .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe[2716] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 001603FC .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe[2716] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 001601F8 .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe[2716] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe[2716] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00340A08 .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe[2716] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 003403FC .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe[2716] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00340804 .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe[2716] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 003401F8 .text C:\Program Files\Realtek\RTL8187B Wireless LAN Utility\RtWlan.exe[2716] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00340600 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2844] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2844] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2844] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2844] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00140A08 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2844] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 001403FC .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2844] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00140804 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2844] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 001401F8 .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2844] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00140600 .text C:\Windows\system32\SearchIndexer.exe[3136] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\SearchIndexer.exe[3136] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\SearchIndexer.exe[3136] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3136] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00100A08 .text C:\Windows\system32\SearchIndexer.exe[3136] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 001003FC .text C:\Windows\system32\SearchIndexer.exe[3136] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00100804 .text C:\Windows\system32\SearchIndexer.exe[3136] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 001001F8 .text C:\Windows\system32\SearchIndexer.exe[3136] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00100600 .text C:\Windows\system32\svchost.exe[3260] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[3260] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[3260] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\system32\svchost.exe[3260] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00230A08 .text C:\Windows\system32\svchost.exe[3260] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 002303FC .text C:\Windows\system32\svchost.exe[3260] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00230804 .text C:\Windows\system32\svchost.exe[3260] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 002301F8 .text C:\Windows\system32\svchost.exe[3260] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00230600 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3584] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 001603FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3584] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 001601F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3584] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3584] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 002F0A08 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3584] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 002F03FC .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3584] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 002F0804 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3584] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 002F01F8 .text C:\Program Files\Synaptics\SynTP\SynTPHelper.exe[3584] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 002F0600 .text D:\qz2ju46j.exe[3872] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4016] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4016] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4016] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4016] USER32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00100A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4016] USER32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 001003FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4016] USER32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00100804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4016] USER32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 001001F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[4016] USER32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00100600 .text C:\Windows\System32\svchost.exe[4060] ntdll.dll!LdrUnloadDll 7722C8DE 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[4060] ntdll.dll!LdrLoadDll 772322B8 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[4060] kernel32.dll!GetBinaryTypeW + 70 770669F4 1 Byte [62] .text C:\Windows\System32\svchost.exe[4060] user32.dll!UnhookWindowsHookEx 76F3ADF9 5 Bytes JMP 00320A08 .text C:\Windows\System32\svchost.exe[4060] user32.dll!UnhookWinEvent 76F3B750 5 Bytes JMP 003203FC .text C:\Windows\System32\svchost.exe[4060] user32.dll!SetWindowsHookExW 76F3E30C 5 Bytes JMP 00320804 .text C:\Windows\System32\svchost.exe[4060] user32.dll!SetWinEventHook 76F424DC 5 Bytes JMP 003201F8 .text C:\Windows\System32\svchost.exe[4060] user32.dll!SetWindowsHookExA 76F66D0C 5 Bytes JMP 00320600 ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Aparat wykonawczy struktury sterowników trybu jądra/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\0000004d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0xEC 0x7C 0x81 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0x8D 0x7E 0x10 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDA 0x7E 0x0C 0xF9 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x2B 0xEC 0x7C 0x81 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0x8D 0x7E 0x10 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xDA 0x7E 0x0C 0xF9 ... ---- EOF - GMER 1.0.15 ----