GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-11-24 22:12:27 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-f WDC_WD2000JB-00FUA0 rev.15.05R15 Running: cv092z71.exe; Driver: C:\DOCUME~1\Alina\USTAWI~1\Temp\fgldapog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB48474BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB48F4C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB4847ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB4889811] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB4852FA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB4852FF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB4853176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB48891C5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB4852F16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB4853038] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB4852F5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB484811C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB4853130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB484893E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB4847508] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB4889ED7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB488A18D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB484C1C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB4889D42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB4889BAD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB48F4CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB4847170] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB4847556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB484C534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB48493A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB4852FD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB4853016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB485319A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB4889521] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB4852F3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB484BC3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB48530BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB4852F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB484BF14] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB4853154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB48F4E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB4889A28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB4849272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB488987A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB4848DD4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB49017D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB4888838] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB48475A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB48475F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB48487BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB48471FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB48473AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB4889FDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB4847350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB4848AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB4848C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB484741A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB48484D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB4848636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xB48F341C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB4847640] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB4847F1A] INT 0x62 ? 8A54FCB8 INT 0x63 ? 8A473F00 INT 0x82 ? 8A54FCB8 INT 0xB4 ? 8A473F00 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB490DE56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CB48F4C .text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [A4, 75, 84, B4, F2, 75, 84, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [F8, 8A, 84, B4, 54, 8C, 84, ...] {CLC ; MOV AL, [ESP+ESI*4-0x4b7b73ac]; SBB DH, [ESP+EAX*4-0x4c]} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL B4849A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP B490ACF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP B490C810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP B490DE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB7F83B2E] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6F523C0, 0x9B091A, 0xE8000020] .text USBPORT.SYS!DllUnload B6EF58AC 5 Bytes JMP 8A473410 .text a2of7r4k.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 B6E0A900 48 Bytes [CB, 09, 1E, E1, 43, 0D, 0C, ...] ? C:\WINDOWS\System32\Drivers\a2of7r4k.SYS suspicious PE modification .text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP B484DB4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP B484DA3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B484D9F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP B484D0A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP B484C7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP B484DCB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP B484DEBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP B484D8FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP B484C688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP B484D16A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP B484CC1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP B484CEE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP B484C670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP B484DA86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 362A BF873207 5 Bytes JMP B484CCDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4167 BF873D44 5 Bytes JMP B484CE9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890E3F 5 Bytes JMP B484D182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8943E9 5 Bytes JMP B484DBFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894EC1 5 Bytes JMP B484DE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3862 BF89C276 5 Bytes JMP B484D090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DF7 BF89D80B 5 Bytes JMP B484C834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A96F BF8C1C9C 5 Bytes JMP B484C944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA12D 5 Bytes JMP B484CA1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA3AD 5 Bytes JMP B484CB48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD41 5 Bytes JMP B484C56A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB49 BF8F4D5C 5 Bytes JMP B484D0C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A40 BF9143A8 5 Bytes JMP B484C760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2614 BF914F7C 5 Bytes JMP B484C8F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F8D BF9178F5 5 Bytes JMP B484CFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1934 BF947A54 5 Bytes JMP B484DD74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[160] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe[184] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe[184] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[328] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[328] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[348] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[348] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014 .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804 .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600 .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\Alina\Pulpit\cv092z71.exe[432] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[444] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[444] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[684] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[732] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[756] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[756] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[800] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[800] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[972] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[972] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[1124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\wbem\unsecapp.exe[1124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\unsecapp.exe[1124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\wbem\unsecapp.exe[1124] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00ED0804 .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00ED0A08 .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00ED0600 .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00ED01F8 .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00ED03FC .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00EE1014 .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00EE0804 .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00EE0A08 .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00EE0C0C .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00EE0E10 .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00EE01F8 .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00EE03FC .text C:\Documents and Settings\Alina\Dane aplikacji\Dropbox\bin\Dropbox.exe[1152] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00EE0600 .text C:\WINDOWS\System32\svchost.exe[1196] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1196] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[1228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[1228] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\WINDOWS\system32\SearchIndexer.exe[1228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1588] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1588] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[1924] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1956] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[1956] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003C1014 .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003C0804 .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003C0A08 .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003C0C0C .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003C0E10 .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C01F8 .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C03FC .text C:\WINDOWS\Explorer.EXE[1956] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003C0600 .text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01610804 .text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01610A08 .text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01610600 .text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 016101F8 .text C:\WINDOWS\Explorer.EXE[1956] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 016103FC .text C:\WINDOWS\System32\alg.exe[2884] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2884] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2884] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2884] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01515B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01757B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 1 Byte [E9] .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01757B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] KERNEL32.dll!ValidateLocale + B130 7C844958 7 Bytes JMP 0151EF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 020E0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 020E0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 020E0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 020E01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 020E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 01757AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 02881014 .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 02880804 .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 02880A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 02880C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 02880E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 028801F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 028803FC .text C:\Program Files\Mozilla Firefox\firefox.exe[2948] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 02880600 .text C:\WINDOWS\system32\RunDLL32.exe[3352] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\RunDLL32.exe[3352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[3352] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\RunDLL32.exe[3352] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Mixer.exe[3384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 002C01F8 .text C:\WINDOWS\Mixer.exe[3384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Mixer.exe[3384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 002C03FC .text C:\WINDOWS\Mixer.exe[3384] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Mixer.exe[3384] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01691014 .text C:\WINDOWS\Mixer.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01690804 .text C:\WINDOWS\Mixer.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01690A08 .text C:\WINDOWS\Mixer.exe[3384] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01690C0C .text C:\WINDOWS\Mixer.exe[3384] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01690E10 .text C:\WINDOWS\Mixer.exe[3384] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 016901F8 .text C:\WINDOWS\Mixer.exe[3384] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 016903FC .text C:\WINDOWS\Mixer.exe[3384] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01690600 .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[3392] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3456] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3456] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3456] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3456] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3456] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00C81014 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3456] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00C80804 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3456] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00C80A08 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3456] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00C80C0C .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3456] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00C80E10 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3456] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00C801F8 .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3456] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00C803FC .text C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe[3456] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00C80600 .text C:\Program Files\Winamp\winampa.exe[3476] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\Program Files\Winamp\winampa.exe[3476] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Winamp\winampa.exe[3476] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\Program Files\Winamp\winampa.exe[3476] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[3528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[3528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[3528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[3528] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[3528] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009E1014 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[3528] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009E0804 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[3528] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009E0A08 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[3528] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009E0C0C .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[3528] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009E0E10 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[3528] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009E01F8 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[3528] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009E03FC .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe[3528] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009E0600 .text C:\WINDOWS\system32\ctfmon.exe[3576] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\ctfmon.exe[3576] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3576] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\ctfmon.exe[3576] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3576] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\WINDOWS\system32\ctfmon.exe[3576] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\ctfmon.exe[3576] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\ctfmon.exe[3576] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\WINDOWS\system32\ctfmon.exe[3576] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\WINDOWS\system32\ctfmon.exe[3576] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\ctfmon.exe[3576] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\ctfmon.exe[3576] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\Program Files\Messenger\msmsgs.exe[3608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\Program Files\Messenger\msmsgs.exe[3608] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[3608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\Program Files\Messenger\msmsgs.exe[3608] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00B01014 .text C:\Program Files\Messenger\msmsgs.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00B00804 .text C:\Program Files\Messenger\msmsgs.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00B00A08 .text C:\Program Files\Messenger\msmsgs.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00B00C0C .text C:\Program Files\Messenger\msmsgs.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00B00E10 .text C:\Program Files\Messenger\msmsgs.exe[3608] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00B001F8 .text C:\Program Files\Messenger\msmsgs.exe[3608] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00B003FC .text C:\Program Files\Messenger\msmsgs.exe[3608] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00B00600 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00B71014 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00B70804 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00B70A08 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00B70C0C .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00B70E10 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00B701F8 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00B703FC .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00B70600 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 018C0804 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 018C0A08 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 018C0600 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 018C01F8 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3636] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 018C03FC .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[3852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[3852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[3852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe[3852] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E8F232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E8E914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E8E856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E8F0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EA2EB0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[800] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1504] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[3392] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 8A54E1E8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-0 8A4C6430 Device \Driver\usbuhci \Device\USBPDO-1 8A4C6430 Device \Driver\usbuhci \Device\USBPDO-2 8A4C6430 Device \Driver\usbuhci \Device\USBPDO-3 8A4C6430 Device \Driver\usbehci \Device\USBPDO-4 8A4C9430 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Cdrom \Device\CdRom0 8A41B430 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 [B7E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [B7E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B7E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [B7E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f [B7E1EB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\Cdrom \Device\CdRom1 8A41B430 Device \Driver\PCI_PNP6364 \Device\0000003d sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\PCI_PNP6364 \Device\0000003d sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\NetBT \Device\NetBt_Wins_Export 899F41E8 Device \Driver\NetBT \Device\NetbiosSmb 899F41E8 Device \Driver\NetBT \Device\NetBT_Tcpip_{E64951DF-C351-4158-9B8C-93608F9C4520} 899F41E8 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 8A4C6430 Device \Driver\usbuhci \Device\USBFDO-1 8A4C6430 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 899E91E8 Device \Driver\usbuhci \Device\USBFDO-2 8A4C6430 Device \FileSystem\MRxSmb \Device\LanmanRedirector 899E91E8 Device \Driver\usbuhci \Device\USBFDO-3 8A4C6430 Device \Driver\usbehci \Device\USBFDO-4 8A4C9430 Device \Driver\a2of7r4k \Device\Scsi\a2of7r4k1 8A38F1E8 Device \Driver\a2of7r4k \Device\Scsi\a2of7r4k1Port2Path0Target0Lun0 8A38F1E8 Device \FileSystem\Cdfs \Cdfs 899C71E8 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3B 0x65 0xD0 0x75 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0x6A 0x95 0xDA ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6C 0xC6 0xD6 0x8A ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x42 0x24 0x4C 0x6B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0x6A 0x95 0xDA ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA6 0xFE 0x1B 0xA4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xE2 0xEF 0xF5 0x06 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xED 0x6A 0x95 0xDA ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6C 0xC6 0xD6 0x8A ... Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xF5 0x1D 0x4D 0x73 ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Alina\Ustawienia lokalne\Dane aplikacji\Mozilla\Firefox\Profiles\7m956ayu.default\thumbnails\dbaae7f9cfe505e012bd17fd7a203386-1.png 26003 bytes ---- EOF - GMER 1.0.15 ----