GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-04 11:38:08 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Hitachi_HTS721080G9SA00 rev.MC4OC10H Running: jtm16c45.exe; Driver: C:\DOCUME~1\Patrycja\USTAWI~1\Temp\fwddapog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA9BC34BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA9F09C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA9BC3ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA9C05811] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA9BCEFA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA9BCEFF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA9BCF176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA9C051C5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA9BCEF16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA9BCF038] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA9BCEF5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA9BC411C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA9BCF130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA9BC493E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA9BC3508] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA9C05ED7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA9C0618D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA9BC81C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA9C05D42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA9C05BAD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA9F09CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA9BC3170] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA9BC3556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA9BC8534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA9BC53A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA9BCEFD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA9BCF016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA9BCF19A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA9C05521] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA9BCEF3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA9BC7C3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA9BCF0BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA9BCEF86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA9BC7F14] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA9BCF154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA9F09E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA9C05A28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA9BC5272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA9C0587A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA9BC4DD4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA9F167D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA9C04838] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA9BC35A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA9BC35F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA9BC47BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA9BC31FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA9BC33AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA9C05FDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA9BC3350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA9BC4AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA9BC4C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA9BC341A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA9BC44D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA9BC4636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xA9F0841C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA9BC3640] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA9BC3F1A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA9F22E56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D28 80504620 4 Bytes JMP 9CA9F09C .text ntkrnlpa.exe!ZwCallbackReturn + 2F28 80504820 12 Bytes [A4, 35, BC, A9, F2, 35, BC, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2FD0 805048C8 12 Bytes [F8, 4A, BC, A9, 54, 4C, BC, ...] {CLC ; DEC EDX; MOV ESP, 0xbc4c54a9; TEST EAX, 0xa9bc341a} PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4 Bytes CALL A9BC5A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC55E 5 Bytes JMP A9F1FCF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FE2 5 Bytes JMP A9F21810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D119A 7 Bytes JMP A9F22E5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP A9BC9B4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP A9BC9A3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP A9BC99F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP A9BC90A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP A9BC87C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP A9BC9CB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP A9BC9EBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP A9BC98FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP A9BC8688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP A9BC916A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP A9BC8C1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP A9BC8EE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP A9BC8670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP A9BC9A86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 362A BF873207 5 Bytes JMP A9BC8CDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4167 BF873D44 5 Bytes JMP A9BC8E9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890E3F 5 Bytes JMP A9BC9182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF8943E9 5 Bytes JMP A9BC9BFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894EC1 5 Bytes JMP A9BC9E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3862 BF89C276 5 Bytes JMP A9BC9090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DF7 BF89D80B 5 Bytes JMP A9BC8834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A96F BF8C1C9C 5 Bytes JMP A9BC8944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA12D 5 Bytes JMP A9BC8A1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA3AD 5 Bytes JMP A9BC8B48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD41 5 Bytes JMP A9BC856A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB49 BF8F4D5C 5 Bytes JMP A9BC90C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A40 BF9143A8 5 Bytes JMP A9BC8760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2614 BF914F7C 5 Bytes JMP A9BC88F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F8D BF9178F5 5 Bytes JMP A9BC8FFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1934 BF947A54 5 Bytes JMP A9BC9D74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[200] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[200] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[200] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Internet Explorer\iexplore.exe[200] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[200] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 02BD1014 .text C:\Program Files\Internet Explorer\iexplore.exe[200] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 02BD0804 .text C:\Program Files\Internet Explorer\iexplore.exe[200] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 02BD0A08 .text C:\Program Files\Internet Explorer\iexplore.exe[200] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 02BD0C0C .text C:\Program Files\Internet Explorer\iexplore.exe[200] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 02BD0E10 .text C:\Program Files\Internet Explorer\iexplore.exe[200] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 02BD01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[200] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 02BD03FC .text C:\Program Files\Internet Explorer\iexplore.exe[200] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 02BD0600 .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00C60600 .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00C601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00C603FC .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[200] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[228] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\DatacardService\HWDeviceService.exe[228] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\blueconnect\DataCardMonitor.exe[260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\blueconnect\DataCardMonitor.exe[260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\blueconnect\DataCardMonitor.exe[260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\blueconnect\DataCardMonitor.exe[260] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[284] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\ctfmon.exe[284] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[284] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\ctfmon.exe[284] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[284] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00A41014 .text C:\WINDOWS\system32\ctfmon.exe[284] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00A40804 .text C:\WINDOWS\system32\ctfmon.exe[284] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00A40A08 .text C:\WINDOWS\system32\ctfmon.exe[284] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00A40C0C .text C:\WINDOWS\system32\ctfmon.exe[284] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00A40E10 .text C:\WINDOWS\system32\ctfmon.exe[284] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00A401F8 .text C:\WINDOWS\system32\ctfmon.exe[284] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00A403FC .text C:\WINDOWS\system32\ctfmon.exe[284] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00A40600 .text C:\Documents and Settings\All Users\Dane aplikacji\Internet Manager\OnlineUpdate\ouc.exe[384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\Internet Manager\OnlineUpdate\ouc.exe[384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[392] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[392] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009C1014 .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009C0804 .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009C03FC .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009C0600 .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\Patrycja\Pulpit\jtm16c45.exe[504] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text C:\Program Files\Messenger\msmsgs.exe[568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\Program Files\Messenger\msmsgs.exe[568] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\Program Files\Messenger\msmsgs.exe[568] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Messenger\msmsgs.exe[568] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00C71014 .text C:\Program Files\Messenger\msmsgs.exe[568] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00C70804 .text C:\Program Files\Messenger\msmsgs.exe[568] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00C70A08 .text C:\Program Files\Messenger\msmsgs.exe[568] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00C70C0C .text C:\Program Files\Messenger\msmsgs.exe[568] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00C70E10 .text C:\Program Files\Messenger\msmsgs.exe[568] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00C701F8 .text C:\Program Files\Messenger\msmsgs.exe[568] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00C703FC .text C:\Program Files\Messenger\msmsgs.exe[568] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00C70600 .text C:\Program Files\Messenger\msmsgs.exe[568] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00A50804 .text C:\Program Files\Messenger\msmsgs.exe[568] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00A50A08 .text C:\Program Files\Messenger\msmsgs.exe[568] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00A50600 .text C:\Program Files\Messenger\msmsgs.exe[568] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00A501F8 .text C:\Program Files\Messenger\msmsgs.exe[568] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00A503FC .text C:\WINDOWS\system32\svchost.exe[584] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\smss.exe[916] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[1020] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1044] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[1044] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1088] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[1088] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1100] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[1100] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Patrycja\Dane aplikacji\blueconnect\ouc.exe[1216] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Patrycja\Dane aplikacji\blueconnect\ouc.exe[1216] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Patrycja\Dane aplikacji\blueconnect\ouc.exe[1216] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Patrycja\Dane aplikacji\blueconnect\ouc.exe[1216] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Patrycja\Dane aplikacji\blueconnect\ouc.exe[1216] ADVAPI32.DLL!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014 .text C:\Documents and Settings\Patrycja\Dane aplikacji\blueconnect\ouc.exe[1216] ADVAPI32.DLL!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Patrycja\Dane aplikacji\blueconnect\ouc.exe[1216] ADVAPI32.DLL!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Patrycja\Dane aplikacji\blueconnect\ouc.exe[1216] ADVAPI32.DLL!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C .text C:\Documents and Settings\Patrycja\Dane aplikacji\blueconnect\ouc.exe[1216] ADVAPI32.DLL!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10 .text C:\Documents and Settings\Patrycja\Dane aplikacji\blueconnect\ouc.exe[1216] ADVAPI32.DLL!CreateServiceA 77E27211 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Patrycja\Dane aplikacji\blueconnect\ouc.exe[1216] ADVAPI32.DLL!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Patrycja\Dane aplikacji\blueconnect\ouc.exe[1216] ADVAPI32.DLL!DeleteService 77E274B1 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\svchost.exe[1276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1276] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1344] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1344] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1360] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1440] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1440] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1532] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1532] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Internet Explorer\iexplore.exe[1664] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 03521014 .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 03520804 .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 03520A08 .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 03520C0C .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 03520E10 .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 035201F8 .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 035203FC .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 03520600 .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00C60600 .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00C601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00C603FC .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1664] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\WLTRYSVC.EXE[1708] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\bcmwltry.exe[1768] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\bcmwltry.exe[1768] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1828] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1828] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1828] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2040] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2040] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01CD1014 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01CD0804 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01CD0A08 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01CD0C0C .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01CD0E10 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 01CD01F8 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 01CD03FC .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01CD0600 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01B40804 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01B40A08 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01B40600 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 01B401F8 .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 01B403FC .text C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE[2076] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 30F52DF0 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Internet Explorer\iexplore.exe[2236] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 027D1014 .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 027D0804 .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 027D0A08 .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 027D0C0C .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 027D0E10 .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 027D01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 027D03FC .text C:\Program Files\Internet Explorer\iexplore.exe[2236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 027D0600 .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00C60804 .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C60A08 .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00C60600 .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00C601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00C603FC .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2236] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP2014MC.EXE[2260] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP2014MC.EXE[2260] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP2014MC.EXE[2260] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HP2014MC.EXE[2260] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 05DF1014 .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 05DF0804 .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 05DF0A08 .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 05DF0C0C .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 05DF0E10 .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 05DF01F8 .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 05DF03FC .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 05DF0600 .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 06090804 .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 06090A08 .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 06090600 .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 060901F8 .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 060903FC .text C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE[2512] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 30F52DF0 C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll (Microsoft Office 2003 component/Microsoft Corporation) .text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[2852] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2852] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003C1014 .text C:\WINDOWS\Explorer.EXE[2852] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003C0804 .text C:\WINDOWS\Explorer.EXE[2852] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003C0A08 .text C:\WINDOWS\Explorer.EXE[2852] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003C0C0C .text C:\WINDOWS\Explorer.EXE[2852] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003C0E10 .text C:\WINDOWS\Explorer.EXE[2852] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C01F8 .text C:\WINDOWS\Explorer.EXE[2852] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C03FC .text C:\WINDOWS\Explorer.EXE[2852] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003C0600 .text C:\WINDOWS\Explorer.EXE[2852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 02110804 .text C:\WINDOWS\Explorer.EXE[2852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 02110A08 .text C:\WINDOWS\Explorer.EXE[2852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 02110600 .text C:\WINDOWS\Explorer.EXE[2852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 021101F8 .text C:\WINDOWS\Explorer.EXE[2852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 021103FC .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01290804 .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01290A08 .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01290600 .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 012901F8 .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 012903FC .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00DC1014 .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00DC0804 .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00DC0A08 .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00DC0C0C .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00DC0E10 .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00DC01F8 .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00DC03FC .text C:\Documents and Settings\Patrycja\Pulpit\OTL.exe[3112] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00DC0600 .text C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe[3124] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe[3124] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe[3124] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe[3124] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe[3124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01111014 .text C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe[3124] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01110804 .text C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe[3124] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01110A08 .text C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe[3124] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01110C0C .text C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe[3124] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01110E10 .text C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe[3124] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 011101F8 .text C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe[3124] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 011103FC .text C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe[3124] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01110600 .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Internet Explorer\iexplore.exe[3420] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 03571014 .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 03570804 .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 03570A08 .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 03570C0C .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 03570E10 .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 035701F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 035703FC .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 03570600 .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 405D5505 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 406A9AB5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!CallNextHookEx 7E37B3C6 5 Bytes JMP 4069D12D C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!CreateWindowExW 7E37D0A3 5 Bytes JMP 406ADB24 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 4061466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00C60600 .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00C601F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00C603FC .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 407A725F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 407A7191 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 407A71FC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 407A7062 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 407A70C4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 407A72C2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 407A7126 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ole32.dll!CoCreateInstance 774EF1BC 5 Bytes JMP 406ADB80 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3420] ole32.dll!OleLoadFromStream 7751983B 5 Bytes JMP 407A75C7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3512] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[3512] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[3544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\igfxpers.exe[3544] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxpers.exe[3544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\igfxpers.exe[3544] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jusched.exe[3560] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\Java\jre6\bin\jusched.exe[3560] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jusched.exe[3560] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\Java\jre6\bin\jusched.exe[3560] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jusched.exe[3560] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00A81014 .text C:\Program Files\Java\jre6\bin\jusched.exe[3560] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00A80804 .text C:\Program Files\Java\jre6\bin\jusched.exe[3560] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00A80A08 .text C:\Program Files\Java\jre6\bin\jusched.exe[3560] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00A80C0C .text C:\Program Files\Java\jre6\bin\jusched.exe[3560] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00A80E10 .text C:\Program Files\Java\jre6\bin\jusched.exe[3560] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00A801F8 .text C:\Program Files\Java\jre6\bin\jusched.exe[3560] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00A803FC .text C:\Program Files\Java\jre6\bin\jusched.exe[3560] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00A80600 .text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[3716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[3716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[3716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[3716] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[3776] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\hkcmd.exe[3776] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\hkcmd.exe[3776] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\hkcmd.exe[3776] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[3820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\igfxsrvc.exe[3820] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[3820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\igfxsrvc.exe[3820] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\igfxsrvc.exe[3820] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01260804 .text C:\WINDOWS\system32\igfxsrvc.exe[3820] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01260A08 .text C:\WINDOWS\system32\igfxsrvc.exe[3820] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01260600 .text C:\WINDOWS\system32\igfxsrvc.exe[3820] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 012601F8 .text C:\WINDOWS\system32\igfxsrvc.exe[3820] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 012603FC .text C:\WINDOWS\system32\rundll32.exe[3844] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\rundll32.exe[3844] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[3844] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\rundll32.exe[3844] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[3844] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00A51014 .text C:\WINDOWS\system32\rundll32.exe[3844] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00A50804 .text C:\WINDOWS\system32\rundll32.exe[3844] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00A50A08 .text C:\WINDOWS\system32\rundll32.exe[3844] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00A50C0C .text C:\WINDOWS\system32\rundll32.exe[3844] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00A50E10 .text C:\WINDOWS\system32\rundll32.exe[3844] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00A501F8 .text C:\WINDOWS\system32\rundll32.exe[3844] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00A503FC .text C:\WINDOWS\system32\rundll32.exe[3844] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00A50600 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3852] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3852] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3852] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00A81014 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3852] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00A80804 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3852] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00A80A08 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3852] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00A80C0C .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3852] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00A80E10 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3852] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00A801F8 .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3852] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00A803FC .text C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe[3852] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00A80600 .text C:\WINDOWS\system32\WLTRAY.exe[4052] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\WLTRAY.exe[4052] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\WLTRAY.exe[4052] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\WLTRAY.exe[4052] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\WLTRAY.exe[4052] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00BD1014 .text C:\WINDOWS\system32\WLTRAY.exe[4052] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00BD0804 .text C:\WINDOWS\system32\WLTRAY.exe[4052] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00BD0A08 .text C:\WINDOWS\system32\WLTRAY.exe[4052] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00BD0C0C .text C:\WINDOWS\system32\WLTRAY.exe[4052] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00BD0E10 .text C:\WINDOWS\system32\WLTRAY.exe[4052] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00BD01F8 .text C:\WINDOWS\system32\WLTRAY.exe[4052] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00BD03FC .text C:\WINDOWS\system32\WLTRAY.exe[4052] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00BD0600 .text C:\WINDOWS\system32\WLTRAY.exe[4052] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01350804 .text C:\WINDOWS\system32\WLTRAY.exe[4052] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01350A08 .text C:\WINDOWS\system32\WLTRAY.exe[4052] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01350600 .text C:\WINDOWS\system32\WLTRAY.exe[4052] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 013501F8 .text C:\WINDOWS\system32\WLTRAY.exe[4052] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 013503FC .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[4068] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[4068] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[4068] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[4068] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[4068] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00C50804 .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[4068] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00C50A08 .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[4068] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00C50600 .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[4068] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00C501F8 .text C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe[4068] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00C503FC ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [F7A42D56] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [F7A42D56] BMLoad.sys (Bytemobile Kernel Driver Loader/Bytemobile, Inc.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Internet Explorer\iexplore.exe[200] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\WINDOWS\system32\services.exe[1088] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[1088] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[1344] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\PROGRA~1\ALWILS~1\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Internet Explorer\iexplore.exe[1664] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1828] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Internet Explorer\iexplore.exe[3420] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \Driver\BTHUSB \Device\0000009b bthport.sys (Sterownik magistrali Bluetooth/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp tcpipBM.sys (Bytemobile Kernel Network Provider/Bytemobile, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) ---- Processes - GMER 1.0.15 ---- Library c:\windows\system32\z (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [1360] 0x6A300000 Library c:\windows\system32\z (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [2852] 0x6A300000 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001641b4739d Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001641b4739d (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001641b4739d (not active ControlSet) ---- EOF - GMER 1.0.15 ----