GMER 1.0.15.15570 - http://www.gmer.net Rootkit scan 2011-04-01 19:42:05 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST925031 rev.0002 Running: nzvmj50i.exe; Driver: C:\WINDOWS\TEMP\axtdypog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x9E6329CA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x9E687A68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0x9E652AF5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x9E634EAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x9E634F04] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x9E63501A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0x9E6524A9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x9E634E02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x9E634F54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x9E634E56] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x9E634FC8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x9E6329EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0x9E6531BB] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0x9E653471] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0x9E63529E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0x9E653026] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0x9E652E91] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x9E687B18] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x9E6327B8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x9E632A12] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x9E635412] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x9E6334AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x9E634EDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x9E634F2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x9E635044] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0x9E652805] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x9E634E2E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0x9E6350D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x9E634F94] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x9E634E84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0x9E6351BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x9E634FF2] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x9E687BB0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0x9E652D0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x9E633370] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0x9E652B5E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0x9E68FE26] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0x9E651B1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x9E632A36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x9E632A5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x9E632812] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x9E63294E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0x9E6532C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x9E63292A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x9E632972] SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0x99C566D0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x9E632A7E] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9E69C8DE] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B8 4 Bytes CALL 9E633E25 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC54A 5 Bytes JMP 9E69829E \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FCE 5 Bytes JMP 9E699D38 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1172 7 Bytes JMP 9E69C8E2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? C:\WINDOWS\system32\Drivers\uphcleanhlp.sys Не удается найти указанный файл. ! ? C:\ComboFix\catchme.sys Системе не удается найти указанный путь. ! ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS Не удается найти указанный файл. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\winlogon.exe[796] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00070030 .text C:\WINDOWS\system32\winlogon.exe[796] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0007006C .text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\winlogon.exe[796] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\winlogon.exe[796] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\winlogon.exe[796] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\winlogon.exe[796] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\winlogon.exe[796] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\winlogon.exe[796] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\services.exe[852] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00080030 .text C:\WINDOWS\system32\services.exe[852] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0008006C .text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002C01D4 .text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002C015C .text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002C0198 .text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\services.exe[852] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\services.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002D00E4 .text C:\WINDOWS\system32\services.exe[852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002D0120 .text C:\WINDOWS\system32\services.exe[852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002D00A8 .text C:\WINDOWS\system32\services.exe[852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002D0030 .text C:\WINDOWS\system32\services.exe[852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002D006C .text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\lsass.exe[864] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\lsass.exe[864] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\lsass.exe[864] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[1024] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[1024] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[1072] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[1072] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030 .text C:\WINDOWS\System32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C .text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002B0120 .text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002B015C .text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002B0198 .text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002B0030 .text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002B006C .text C:\WINDOWS\System32\svchost.exe[1112] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\System32\svchost.exe[1112] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00090030 .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0009006C .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002B01D4 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002B00E4 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002B0120 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002B015C .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002B0198 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002B0030 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002B006C .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002B00A8 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002C00E4 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002C0120 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002C00A8 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002C0030 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002C006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00170030 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0017006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005000E4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00500120 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005000A8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00500030 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0050006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 005101D4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 005100E4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00510120 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0051015C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00510198 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00510030 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0051006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1532] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 005100A8 .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00150030 .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0015006C .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00EC00E4 .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00EC0120 .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00EC00A8 .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00EC0030 .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00EC006C .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00ED01D4 .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00ED00E4 .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00ED0120 .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00ED015C .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00ED0198 .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00ED0030 .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00ED006C .text C:\Documents and Settings\User\Мои документы\Downloads\OTL.exe[1544] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00ED00A8 .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1632] kernel32.dll!SetUnhandledExceptionFilter 7C844935 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00170030 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0017006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003B00E4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003B0120 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003B00A8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003B0030 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003B006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003C01D4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003C00E4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003C0120 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003C015C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003C0198 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C0030 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003C00A8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ws2_32.dll!getaddrinfo 71A92A6F 5 Bytes JMP 001562E3 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ws2_32.dll!closesocket 71A93E2B 5 Bytes JMP 001560E7 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ws2_32.dll!send 71A94C27 5 Bytes JMP 00155C6F .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ws2_32.dll!WSARecv 71A94CB5 5 Bytes JMP 00155E6C .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ws2_32.dll!recv 71A9676F 5 Bytes JMP 00155CE2 .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ws2_32.dll!WSASend 71A968FA 5 Bytes JMP 00155DBD .text C:\Program Files\Google\Chrome\Application\chrome.exe[1908] ws2_32.dll!WSAGetOverlappedResult 71AA0D1B 5 Bytes JMP 001561FC .text C:\WINDOWS\explorer.exe[2788] explorer.exe 01002583 2 Bytes [AC, 18] .text C:\WINDOWS\explorer.exe[2788] explorer.exe 01002597 14 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...] .text C:\WINDOWS\explorer.exe[2788] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00A47207 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00150030 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0015006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003900E4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390120 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003900A8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00390030 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 0039006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003A01D4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003A00E4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003A0120 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003A015C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003A0198 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003A0030 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003A006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3076] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003A00A8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00170030 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ntdll.dll!LdrUnloadDll 7C916C9B 5 Bytes JMP 0017006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005000E4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00500120 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005000A8 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00500030 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 0050006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 005101D4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 005100E4 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00510120 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 0051015C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00510198 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00510030 .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 0051006C .text C:\Program Files\Google\Chrome\Application\chrome.exe[3832] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 005100A8 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00580002 IAT C:\WINDOWS\system32\services.exe[852] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00580000 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[1532] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 IAT C:\Program Files\Google\Chrome\Application\chrome.exe[3832] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 002D0010 ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0?\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 \0?\0040\4:\0045\4B\4>\0042\4 1?2?3?4?5?6?7? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0L\0002\0T\0P\0) 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0T\0P\0) 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0P\0o\0E\0) 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\37\4@\4O\4<\4>\49\4 \0?\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 \0?\4>\4@\4B\4 1? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0I\0P\0) 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0?\4;\0040\4=\48\4@\4>\0042\4I\48\4:\0040\4 \0?\0040\4:\0045\4B\4>\0042\4 1?2?3?4?5?6?7? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0L\0002\0T\0P\0) 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0T\0P\0) 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0P\0P\0P\0o\0E\0) 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\37\4@\4O\4<\4>\49\4 \0?\0040\4@\0040\4;\4;\0045\4;\4L\4=\4K\49\4 \0?\4>\4@\4B\4 1? Reg HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@\34\48\4=\48\4?\4>\4@\4B\4 \0W\0A\0N\0 \0(\0I\0P\0) 1? ---- EOF - GMER 1.0.15 ----