GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-10-16 20:41:25 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST31000524AS rev.JC45 Running: md253j8g.exe; Driver: C:\Users\Antek\AppData\Local\Temp\kwddakog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x90C1A708] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x907677C8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x90C1B11C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x90C25F28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x90C25F74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x90C260F6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x90C25E96] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x90767BBA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x90C25EDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0x90C1B310] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThreadEx [0x90C1B498] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x90C260B0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0x90C1BA9C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x90C1A756] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x907678AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x90C1A3BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x90C1A7A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x90C1F456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x90C1C464] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x90C25F52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x90C25F96] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x90C2611A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x90C25EBC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x90C2603A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x90C25F06] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x90C260D4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x90767A2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x90C1C330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThreadEx [0x90C1C06C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x90C1A7F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x90C1A840] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0x90C1B91C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x90C1A448] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x90C1A5F8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x90C1A59E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0x90C1BBFE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0x90C1BD5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x90C1A668] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x90767AF6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0x90C1B794] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x90C1A88E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x90767962] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x9077F966] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82E49579 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82E6DF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 214 82E75714 4 Bytes [08, A7, C1, 90] .text ntkrnlpa.exe!RtlSidHashLookup + 23C 82E7573C 4 Bytes [C8, 77, 76, 90] {ENTER 0x7677, 0x90} .text ntkrnlpa.exe!RtlSidHashLookup + 29C 82E7579C 4 Bytes [1C, B1, C1, 90] .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 82E757F0 8 Bytes [28, 5F, C2, 90, 74, 5F, C2, ...] .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 82E757FC 4 Bytes [F6, 60, C2, 90] {MUL BYTE [EAX-0x3e]; NOP } .text ... PAGE ntkrnlpa.exe!ObMakeTemporaryObject 8300EF59 5 Bytes JMP 9077C806 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject + 27 83028C5F 5 Bytes JMP 9077E338 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 830730EA 4 Bytes CALL 90C1CB07 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 8307B1C5 4 Bytes CALL 90C1CB1D \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 830E0E52 7 Bytes JMP 9077F96A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE spsys.sys!?SPRevision@@3PADA + 4F90 AE13E000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 AE13E123 629 Bytes [95, 13, AE, FE, 05, 34, 95, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 AE13E399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F AE13E3FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B AE13E4AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\csrss.exe[492] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\system32\wininit.exe[544] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\system32\csrss.exe[552] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\system32\taskhost.exe[584] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\system32\services.exe[596] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text ... .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1376] kernel32.dll!SetUnhandledExceptionFilter 77083142 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1376] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[1500] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\system32\svchost.exe[1528] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe[1624] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text ... .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1856] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000603FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1856] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000601F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1856] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1856] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1856] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 001003FC .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1856] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00100804 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1856] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 001001F8 .text C:\Program Files\Windows Media Player\wmpnetwk.exe[1856] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\sppsvc.exe[2276] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\System32\svchost.exe[2680] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[2680] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[2680] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\System32\svchost.exe[2680] user32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00360A08 .text C:\Windows\System32\svchost.exe[2680] user32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 003603FC .text C:\Windows\System32\svchost.exe[2680] user32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00360804 .text C:\Windows\System32\svchost.exe[2680] user32.dll!SetWinEventHook 7564507E 5 Bytes JMP 003601F8 .text C:\Windows\System32\svchost.exe[2680] user32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00360600 .text C:\Windows\system32\taskeng.exe[2696] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\taskeng.exe[2696] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\taskeng.exe[2696] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2696] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\taskeng.exe[2696] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 000F03FC .text C:\Windows\system32\taskeng.exe[2696] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\taskeng.exe[2696] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\taskeng.exe[2696] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 000F0600 .text C:\Windows\system32\Dwm.exe[2852] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\Dwm.exe[2852] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\Dwm.exe[2852] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\system32\Dwm.exe[2852] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 000F0A08 .text C:\Windows\system32\Dwm.exe[2852] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 000F03FC .text C:\Windows\system32\Dwm.exe[2852] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 000F0804 .text C:\Windows\system32\Dwm.exe[2852] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 000F01F8 .text C:\Windows\system32\Dwm.exe[2852] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 000F0600 .text C:\Windows\Explorer.EXE[2876] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000603FC .text C:\Windows\Explorer.EXE[2876] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000601F8 .text C:\Windows\Explorer.EXE[2876] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\Explorer.EXE[2876] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00110A08 .text C:\Windows\Explorer.EXE[2876] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 001103FC .text C:\Windows\Explorer.EXE[2876] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00110804 .text C:\Windows\Explorer.EXE[2876] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 001101F8 .text C:\Windows\Explorer.EXE[2876] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00110600 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2980] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2980] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 001601F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2980] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2980] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00200A08 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2980] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 002003FC .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2980] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00200804 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2980] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 002001F8 .text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2980] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00200600 .text C:\Windows\System32\igfxtray.exe[2992] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 001603FC .text C:\Windows\System32\igfxtray.exe[2992] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 001601F8 .text C:\Windows\System32\igfxtray.exe[2992] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\System32\igfxtray.exe[2992] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00200A08 .text C:\Windows\System32\igfxtray.exe[2992] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 002003FC .text C:\Windows\System32\igfxtray.exe[2992] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00200804 .text C:\Windows\System32\igfxtray.exe[2992] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 002001F8 .text C:\Windows\System32\igfxtray.exe[2992] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00200600 .text C:\Windows\System32\hkcmd.exe[3000] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 001603FC .text C:\Windows\System32\hkcmd.exe[3000] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 001601F8 .text C:\Windows\System32\hkcmd.exe[3000] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00200A08 .text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 002003FC .text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00200804 .text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 002001F8 .text C:\Windows\System32\hkcmd.exe[3000] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00200600 .text C:\Windows\System32\igfxpers.exe[3008] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 001603FC .text C:\Windows\System32\igfxpers.exe[3008] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 001601F8 .text C:\Windows\System32\igfxpers.exe[3008] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00210A08 .text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 002103FC .text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00210804 .text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 002101F8 .text C:\Windows\System32\igfxpers.exe[3008] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00210600 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3184] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3208] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 001703FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3208] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 001701F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3208] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3208] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00220A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3208] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 002203FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3208] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00220804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3208] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 002201F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3208] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00220600 .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3268] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3268] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 001601F8 .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3268] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3268] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00340A08 .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3268] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 003403FC .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3268] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00340804 .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3268] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 003401F8 .text C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe[3268] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00340600 .text C:\Program Files\Ask.com\Updater\Updater.exe[3380] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 001703FC .text C:\Program Files\Ask.com\Updater\Updater.exe[3380] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 001701F8 .text C:\Program Files\Ask.com\Updater\Updater.exe[3380] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\Ask.com\Updater\Updater.exe[3380] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00190A08 .text C:\Program Files\Ask.com\Updater\Updater.exe[3380] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 001903FC .text C:\Program Files\Ask.com\Updater\Updater.exe[3380] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00190804 .text C:\Program Files\Ask.com\Updater\Updater.exe[3380] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 001901F8 .text C:\Program Files\Ask.com\Updater\Updater.exe[3380] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00190600 .text C:\Windows\system32\svchost.exe[3408] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000603FC .text C:\Windows\system32\svchost.exe[3408] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000601F8 .text C:\Windows\system32\svchost.exe[3408] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\system32\svchost.exe[3408] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 009F0A08 .text C:\Windows\system32\svchost.exe[3408] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 009F03FC .text C:\Windows\system32\svchost.exe[3408] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 009F0804 .text C:\Windows\system32\svchost.exe[3408] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 009F01F8 .text C:\Windows\system32\svchost.exe[3408] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 009F0600 .text C:\Program Files\iTunes\iTunesHelper.exe[3440] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000603FC .text C:\Program Files\iTunes\iTunesHelper.exe[3440] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000601F8 .text C:\Program Files\iTunes\iTunesHelper.exe[3440] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[3440] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\iTunes\iTunesHelper.exe[3440] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 001003FC .text C:\Program Files\iTunes\iTunesHelper.exe[3440] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00100804 .text C:\Program Files\iTunes\iTunesHelper.exe[3440] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 001001F8 .text C:\Program Files\iTunes\iTunesHelper.exe[3440] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00100600 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3516] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3516] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 001601F8 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3516] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3516] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00250A08 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3516] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 002503FC .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3516] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00250804 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3516] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 002501F8 .text C:\Program Files\Logitech\SetPoint\SetPoint.exe[3516] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00250600 .text C:\ProgramData\lsass.exe[3552] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000603FC .text C:\ProgramData\lsass.exe[3552] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000601F8 .text C:\ProgramData\lsass.exe[3552] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\ProgramData\lsass.exe[3552] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 000F0A08 .text C:\ProgramData\lsass.exe[3552] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 000F03FC .text C:\ProgramData\lsass.exe[3552] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 000F0804 .text C:\ProgramData\lsass.exe[3552] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 000F01F8 .text C:\ProgramData\lsass.exe[3552] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Internet Explorer\iexplore.exe[3628] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[3628] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3628] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 000F0A08 .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 000F03FC .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!CreateWindowExW 75640E51 5 Bytes JMP 6D737AA7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 000F0804 .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 000F01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxIndirectParamW 75664AA7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxIndirectParamW 75664AA7 5 Bytes JMP 6D8858AB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxParamW 7566564A 5 Bytes JMP 6D65490B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 000F0600 .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxParamA 7567CF6A 5 Bytes JMP 6D885848 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!DialogBoxIndirectParamA 7567D29C 5 Bytes JMP 6D88590E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!MessageBoxIndirectA 7568E8C9 5 Bytes JMP 6D8857DD C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!MessageBoxIndirectW 7568E9C3 5 Bytes JMP 6D885772 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!MessageBoxExA 7568EA29 5 Bytes JMP 6D885710 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3628] USER32.dll!MessageBoxExW 7568EA4D 5 Bytes JMP 6D8856AE C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3628] ole32.dll!OleLoadFromStream 754D5B88 5 Bytes JMP 6D885B74 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Windows\system32\SearchIndexer.exe[3652] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000A03FC .text C:\Windows\system32\SearchIndexer.exe[3652] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000A01F8 .text C:\Windows\system32\SearchIndexer.exe[3652] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3652] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00140A08 .text C:\Windows\system32\SearchIndexer.exe[3652] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 001403FC .text C:\Windows\system32\SearchIndexer.exe[3652] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00140804 .text C:\Windows\system32\SearchIndexer.exe[3652] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 001401F8 .text C:\Windows\system32\SearchIndexer.exe[3652] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00140600 .text C:\Program Files\Internet Explorer\iexplore.exe[3864] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[3864] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3864] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 6D747E18 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!CallNextHookEx 7563CC8F 5 Bytes JMP 6D7294EC C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 001F03FC .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!CreateWindowExW 75640E51 5 Bytes JMP 6D737AA7 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 6D6E4243 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxIndirectParamW 75664AA7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxIndirectParamW 75664AA7 5 Bytes JMP 6D8858AB C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxParamW 7566564A 5 Bytes JMP 6D65490B C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 001F0600 .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxParamA 7567CF6A 5 Bytes JMP 6D885848 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!DialogBoxIndirectParamA 7567D29C 5 Bytes JMP 6D88590E C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxIndirectA 7568E8C9 5 Bytes JMP 6D8857DD C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxIndirectW 7568E9C3 5 Bytes JMP 6D885772 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxExA 7568EA29 5 Bytes JMP 6D885710 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] USER32.dll!MessageBoxExW 7568EA4D 5 Bytes JMP 6D8856AE C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!OleLoadFromStream 754D5B88 5 Bytes JMP 6D885B74 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3864] ole32.dll!CoCreateInstance 755257FC 5 Bytes JMP 6D738595 C:\Windows\system32\IEFRAME.dll (Przeglądarka internetowa/Microsoft Corporation) .text E:\moja muzyka\ściągniete\nap\md253j8g.exe[3928] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 001603FC .text E:\moja muzyka\ściągniete\nap\md253j8g.exe[3928] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 001601F8 .text E:\moja muzyka\ściągniete\nap\md253j8g.exe[3928] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text E:\moja muzyka\ściągniete\nap\md253j8g.exe[3928] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00210A08 .text E:\moja muzyka\ściągniete\nap\md253j8g.exe[3928] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 002103FC .text E:\moja muzyka\ściągniete\nap\md253j8g.exe[3928] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00210804 .text E:\moja muzyka\ściągniete\nap\md253j8g.exe[3928] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 002101F8 .text E:\moja muzyka\ściągniete\nap\md253j8g.exe[3928] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00210600 .text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[3996] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 001603FC .text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[3996] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 001601F8 .text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[3996] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[3996] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 001F0A08 .text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[3996] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 001F03FC .text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[3996] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 001F0804 .text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[3996] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 001F01F8 .text C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE[3996] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 001F0600 .text C:\Program Files\iPod\bin\iPodService.exe[4052] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000603FC .text C:\Program Files\iPod\bin\iPodService.exe[4052] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000601F8 .text C:\Program Files\iPod\bin\iPodService.exe[4052] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[4052] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00100A08 .text C:\Program Files\iPod\bin\iPodService.exe[4052] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 001003FC .text C:\Program Files\iPod\bin\iPodService.exe[4052] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00100804 .text C:\Program Files\iPod\bin\iPodService.exe[4052] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 001001F8 .text C:\Program Files\iPod\bin\iPodService.exe[4052] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00100600 .text C:\Windows\system32\ctfmon.exe[4304] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000A03FC .text C:\Windows\system32\ctfmon.exe[4304] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000A01F8 .text C:\Windows\system32\ctfmon.exe[4304] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\system32\ctfmon.exe[4304] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00130A08 .text C:\Windows\system32\ctfmon.exe[4304] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 001303FC .text C:\Windows\system32\ctfmon.exe[4304] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00130804 .text C:\Windows\system32\ctfmon.exe[4304] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 001301F8 .text C:\Windows\system32\ctfmon.exe[4304] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00130600 .text C:\Windows\System32\svchost.exe[4616] ntdll.dll!LdrUnloadDll 76F3BE7F 5 Bytes JMP 000603FC .text C:\Windows\System32\svchost.exe[4616] ntdll.dll!LdrLoadDll 76F3F585 5 Bytes JMP 000601F8 .text C:\Windows\System32\svchost.exe[4616] kernel32.dll!GetBinaryTypeW + 70 77097964 1 Byte [62] .text C:\Windows\System32\svchost.exe[4616] USER32.dll!UnhookWindowsHookEx 7563CC7B 5 Bytes JMP 00190A08 .text C:\Windows\System32\svchost.exe[4616] USER32.dll!UnhookWinEvent 7563D924 5 Bytes JMP 001903FC .text C:\Windows\System32\svchost.exe[4616] USER32.dll!SetWindowsHookExW 7564210A 5 Bytes JMP 00190804 .text C:\Windows\System32\svchost.exe[4616] USER32.dll!SetWinEventHook 7564507E 5 Bytes JMP 001901F8 .text C:\Windows\System32\svchost.exe[4616] USER32.dll!SetWindowsHookExA 75666DFA 5 Bytes JMP 00190600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1376] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7300F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73BD250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73BD2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73BB5624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73BB56E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73BC8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73BC4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73BC50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73BC51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73BC66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73BC82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73BC8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73BC907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73BCE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Windows\Explorer.EXE[2876] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BC4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation) IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3184] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7300F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \Driver\ACPI_HAL \Device\00000048 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----