GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2013-01-01 22:10:11 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk2\DR2 -> \Device\Scsi\nvgts2Port3Path0Target0Lun0 WDC_WD10 rev.51.0 Running: dcfqpb7e.exe; Driver: C:\DOCUME~1\User\USTAWI~1\Temp\axtcyfob.sys ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000 IAT C:\WINDOWS\system32\services.exe[988] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0xAA 0x52 0xC6 0x00 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00741014 .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00771014 .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009B1014 .text C:\WINDOWS\system32\ctfmon.exe[3240] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00A01014 .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00AD1014 .text C:\WINDOWS\system32\svchost.exe[2968] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00B91014 .text C:\WINDOWS\system32\cidaemon.exe[724] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00C51014 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00C91014 .text C:\Program Files\MODECOM\11n USB Wireless LAN Utility\RtWLan.exe[3436] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01161014 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01821014 .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 033C1014 .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00740804 .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00770804 .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009B0804 .text C:\WINDOWS\system32\ctfmon.exe[3240] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00A00804 .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00AD0804 .text C:\WINDOWS\system32\svchost.exe[2968] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00B90804 .text C:\WINDOWS\system32\cidaemon.exe[724] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00C50804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00C90804 .text C:\Program Files\MODECOM\11n USB Wireless LAN Utility\RtWLan.exe[3436] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01160804 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01820804 .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 033C0804 .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00740A08 .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00770A08 .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009B0A08 .text C:\WINDOWS\system32\ctfmon.exe[3240] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00A00A08 .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00AD0A08 .text C:\WINDOWS\system32\svchost.exe[2968] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00B90A08 .text C:\WINDOWS\system32\cidaemon.exe[724] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00C50A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00C90A08 .text C:\Program Files\MODECOM\11n USB Wireless LAN Utility\RtWLan.exe[3436] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01160A08 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01820A08 .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 033C0A08 .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00740C0C .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00770C0C .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009B0C0C .text C:\WINDOWS\system32\ctfmon.exe[3240] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00A00C0C .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00AD0C0C .text C:\WINDOWS\system32\svchost.exe[2968] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00B90C0C .text C:\WINDOWS\system32\cidaemon.exe[724] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00C50C0C .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00C90C0C .text C:\Program Files\MODECOM\11n USB Wireless LAN Utility\RtWLan.exe[3436] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01160C0C .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01820C0C .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 033C0C0C .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00740E10 .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00770E10 .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009B0E10 .text C:\WINDOWS\system32\ctfmon.exe[3240] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00A00E10 .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00AD0E10 .text C:\WINDOWS\system32\svchost.exe[2968] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00B90E10 .text C:\WINDOWS\system32\cidaemon.exe[724] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00C50E10 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00C90E10 .text C:\Program Files\MODECOM\11n USB Wireless LAN Utility\RtWLan.exe[3436] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01160E10 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01820E10 .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 033C0E10 .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007401F8 .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 007701F8 .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009B01F8 .text C:\WINDOWS\system32\ctfmon.exe[3240] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00A001F8 .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00AD01F8 .text C:\WINDOWS\system32\svchost.exe[2968] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00B901F8 .text C:\WINDOWS\system32\cidaemon.exe[724] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00C501F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00C901F8 .text C:\Program Files\MODECOM\11n USB Wireless LAN Utility\RtWLan.exe[3436] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 011601F8 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 018201F8 .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 033C01F8 .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007403FC .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 007703FC .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009B03FC .text C:\WINDOWS\system32\ctfmon.exe[3240] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00A003FC .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00AD03FC .text C:\WINDOWS\system32\svchost.exe[2968] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00B903FC .text C:\WINDOWS\system32\cidaemon.exe[724] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00C503FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00C903FC .text C:\Program Files\MODECOM\11n USB Wireless LAN Utility\RtWLan.exe[3436] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 011603FC .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 018203FC .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 033C03FC .text C:\WINDOWS\System32\svchost.exe[3972] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00740600 .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00770600 .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009B0600 .text C:\WINDOWS\system32\ctfmon.exe[3240] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00A00600 .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00AD0600 .text C:\WINDOWS\system32\svchost.exe[2968] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00B90600 .text C:\WINDOWS\system32\cidaemon.exe[724] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00C50600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00C90600 .text C:\Program Files\MODECOM\11n USB Wireless LAN Utility\RtWLan.exe[3436] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01160600 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01820600 .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 033C0600 .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 019203DA D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0192047C D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01920459 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] KERNEL32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 016DF972 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1492] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[368] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\M-Audio\MIDISPORT\AudioDevMon.exe[468] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[536] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\cidaemon.exe[724] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[772] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[844] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\dllhost.exe[876] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[920] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1156] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1216] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1248] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\UPHClean\uphclean.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1356] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1584] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1660] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[1688] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\cisvc.exe[1808] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1836] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\CTsvcCDA.exe[1848] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1956] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\dllhost.exe[2160] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\msdtc.exe[2280] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2336] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\dcfqpb7e.exe[2844] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2968] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3068] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[3080] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3088] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\Rundll32.exe[3112] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3240] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe[3276] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[3420] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\MODECOM\11n USB Wireless LAN Utility\RtWLan.exe[3436] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe[3572] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe[3600] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3972] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtLockProductActivationKeys 7C90D4AE 5 Bytes JMP 10001000 C:\WINDOWS\system32\antiwpa.dll .text C:\WINDOWS\system32\cidaemon.exe[724] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\Rundll32.exe[3112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[3972] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\ctfmon.exe[3240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe[3276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[3420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe[3572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3088] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\MODECOM\11n USB Wireless LAN Utility\RtWLan.exe[3436] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe[3600] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 016D4470 D:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[368] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\M-Audio\MIDISPORT\AudioDevMon.exe[468] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\cidaemon.exe[724] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Skype\Toolbars\Skype C2C Service\c2c_service.exe[772] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\dllhost.exe[876] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[988] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1156] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1248] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\UPHClean\uphclean.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1660] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\SCardSvr.exe[1688] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\cisvc.exe[1808] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Comarch\ComarchSmartCard\CardServer.exe[1836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\CTsvcCDA.exe[1848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[1956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\dllhost.exe[2160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\msdtc.exe[2280] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2336] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\User\Moje dokumenty\Pobieranie\dcfqpb7e.exe[2844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[3080] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\Rundll32.exe[3112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe[3276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[3420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\MODECOM\11n USB Wireless LAN Utility\RtWLan.exe[3436] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe[3572] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe[3600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[3972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\cidaemon.exe[724] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[2968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\Rundll32.exe[3112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\svchost.exe[3972] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\ctfmon.exe[3240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Creative\MediaSource5\Go\CTCMSGoU.exe[3276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[3420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe[3572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3088] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\MODECOM\11n USB Wireless LAN Utility\RtWLan.exe[3436] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe[3600] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\winlogon.exe[944] USER32.dll!GetSystemMetrics 7E368F9C 5 Bytes JMP 10001018 C:\WINDOWS\system32\antiwpa.dll .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3088] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00970804 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[3420] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00A50804 .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00B20804 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00D20804 .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00E10804 .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00F30804 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01850804 .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 022F0804 .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3088] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00970A08 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[3420] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00A50A08 .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00B20A08 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00D20A08 .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00E10A08 .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00F30A08 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01850A08 .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 022F0A08 .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3088] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00970600 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[3420] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00A50600 .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00B20600 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00D20600 .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00E10600 .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00F30600 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01850600 .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 022F0600 .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3088] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009701F8 .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[3420] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00A501F8 .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00B201F8 .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00D201F8 .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00E101F8 .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00F301F8 .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 018501F8 .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 022F01F8 .text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[3088] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009703FC .text C:\Program Files\Logitech\MouseWare\system\em_exec.exe[3420] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00A503FC .text D:\Program Files\Microsoft ActiveSync\wcescomm.exe[3252] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00B203FC .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3104] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00D203FC .text C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe[856] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00E103FC .text D:\PROGRA~1\MICROS~1\rapimgr.exe[3388] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00F303FC .text C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe[3488] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 018503FC .text D:\Program Files\Mozilla Firefox\firefox.exe[3160] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 022F03FC ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CB40C9C .text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [A4, 45, FF, B3, F2, 45, FF, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [F8, 5A, FF, B3, 54, 5C, FF, ...] {CLC ; POP EDX; PUSH DWORD [EBX-0x4c00a3ac]; SBB AL, [EDI+EDI*8-0x4d]} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL B3FF6A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP B40DFCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP B40E1810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP B40E2E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1492] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[3068] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Kernel code sections - GMER 1.0.15 ---- .text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP B3FFAB4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP B3FFAA3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B3FFA9F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP B3FFA0A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP B3FF97C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP B3FFACB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP B3FFAEBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP B3FFA8FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP B3FF9688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP B3FFA16A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP B3FF9C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP B3FF9EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP B3FF9670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP B3FFAA86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 3651 BF87322E 5 Bytes JMP B3FF9CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 418E BF873D6B 5 Bytes JMP B3FF9E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890E66 5 Bytes JMP B3FFA182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF894410 5 Bytes JMP B3FFABFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894EE8 5 Bytes JMP B3FFAE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3862 BF89C29E 5 Bytes JMP B3FFA090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DF7 BF89D833 5 Bytes JMP B3FF9834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A977 BF8C1CCC 5 Bytes JMP B3FF9944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA15D 5 Bytes JMP B3FF9A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA3DD 5 Bytes JMP B3FF9B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD71 5 Bytes JMP B3FF956A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB31 BF8F4D74 5 Bytes JMP B3FFA0C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A40 BF914401 5 Bytes JMP B3FF9760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2614 BF914FD5 5 Bytes JMP B3FF98F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F8D BF91794E 5 Bytes JMP B3FF9FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1934 BF947AAD 5 Bytes JMP B3FFAD74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL ---- Kernel code sections - GMER 1.0.15 ---- ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Nie można odnaleźć określonego pliku. ! ? C:\DOCUME~1\User\USTAWI~1\Temp\mbr.sys Nie można odnaleźć określonego pliku. ! ---- System - GMER 1.0.15 ---- Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB66713C0, 0x9B091A, 0xE8000020] AttachedDevice \FileSystem\Ntfs \Ntfs tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 tdrpm174.sys (Acronis Try&Decide Volume Filter Driver/Acronis) SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB3FF44BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB40C9C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB3FF4ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB4036811] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB3FFFFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB3FFFFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB4000176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB40361C5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB3FFFF16] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB40E2E56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB4000038] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB3FFFF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB3FF511C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB4000130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB3FF593E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB3FF4508] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB4036ED7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB403718D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB3FF91C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB4036D42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB4036BAD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB40C9CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB3FF4170] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB3FF4556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB3FF9534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB3FF63A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB3FFFFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB4000016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB400019A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB4036521] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB3FFFF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB3FF8C3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB40000BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB3FFFF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB3FF8F14] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB4000154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB40C9E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB4036A28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB3FF6272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB403687A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB3FF5DD4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB40D67D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB4035838] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB3FF45A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB3FF45F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB3FF57BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB3FF41FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB3FF43AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB4036FDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB3FF4350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB3FF5AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB3FF5C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB3FF441A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB3FF54D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB3FF5636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xB40C841C] SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0xB16CA6D0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB3FF4640] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB3FF4F1A] ---- EOF - GMER 1.0.15 ----