GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-12-19 20:52:03 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\0000007f SAMSUNG_HD103SJ rev.1AJ10001 Running: roz502p4.exe; Driver: C:\DOCUME~1\KATARZ~1\USTAWI~1\Temp\ugtdqpog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB54854BA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB5532C22] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB5485ED6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB54C7811] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB5490FA8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB5490FF4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB5491176] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB54C71C5] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB5490F16] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB5491038] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB5490F5E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xB548611C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB5491130] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xB548693E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB5485508] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB54C7ED7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB54C818D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB548A1C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB54C7D42] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB54C7BAD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB5532CEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB5485170] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB5485556] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB548A534] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB54873A6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB5490FD2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB5491016] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB549119A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB54C7521] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB5490F3C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB5489C3E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB54910BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB5490F86] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB5489F14] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB5491154] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB5532E4A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB54C7A28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB5487272] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB54C787A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xB5486DD4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB553F7D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB54C6838] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB54855A4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB54855F2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xB54867BE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB54851FA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB54853AA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB54C7FDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB5485350] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xB5486AF8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xB5486C54] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB548541A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xB54864D4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xB5486636] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwUnloadDriver [0xB553141C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB5485640] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xB5485F1A] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB554BE56] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 24C8 80501D18 4 Bytes JMP E8B5532C .text ntkrnlpa.exe!ZwCallbackReturn + 26C8 80501F18 12 Bytes [A4, 55, 48, B5, F2, 55, 48, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2770 80501FC0 12 Bytes [F8, 6A, 48, B5, 54, 6C, 48, ...] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 8059B956 4 Bytes CALL B5487A77 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1E1E 5 Bytes JMP B5548CF6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805B8C96 5 Bytes JMP B554A810 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C7540 7 Bytes JMP B554BE5A \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ? C:\WINDOWS\system32\drivers\sptd.sys Proces nie może uzyskać dostępu do pliku, ponieważ jest on używany przez inny proces. .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6207360, 0x20574D, 0xE8000020] .text USBPORT.SYS!DllUnload F61E78AC 5 Bytes JMP 86569590 init C:\WINDOWS\system32\drivers\Senfilt.sys entry point in "init" section [0xB59FCA80] .text win32k.sys!EngFreeUserMem + 674 BF80991D 5 Bytes JMP B548BB4C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5 Bytes JMP B548BA3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813911 5 Bytes JMP B548B9F6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C56B 5 Bytes JMP B548B0A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF8240DB 5 Bytes JMP B548A7C4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828A45 5 Bytes JMP B548BCB6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF831490 5 Bytes JMP B548BEBE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B687 BF839EC7 5 Bytes JMP B548B8FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF85176B 5 Bytes JMP B548A688 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC9A 5 Bytes JMP B548B16A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E304 5 Bytes JMP B548AC1E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E38F 5 Bytes JMP B548AEE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F600 5 Bytes JMP B548A670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5466 BF8649DE 5 Bytes JMP B548BA86 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 3651 BF87322E 5 Bytes JMP B548ACDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 418E BF873D6B 5 Bytes JMP B548AE9E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF890E66 5 Bytes JMP B548B182 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF894410 5 Bytes JMP B548BBFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF894EE8 5 Bytes JMP B548BE1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3862 BF89C29E 5 Bytes JMP B548B090 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DF7 BF89D833 5 Bytes JMP B548A834 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A977 BF8C1CCC 5 Bytes JMP B548A944 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA15D 5 Bytes JMP B548AA1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA3DD 5 Bytes JMP B548AB48 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B2E BF8EBD71 5 Bytes JMP B548A56A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB31 BF8F4D74 5 Bytes JMP B548B0C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 1A40 BF914401 5 Bytes JMP B548A760 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 2614 BF914FD5 5 Bytes JMP B548A8F0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F8D BF91794E 5 Bytes JMP B548AFFE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 1934 BF947AAD 5 Bytes JMP B548BD74 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchFilterHost.exe[524] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\SearchFilterHost.exe[524] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchFilterHost.exe[524] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\SearchFilterHost.exe[524] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\SearchFilterHost.exe[524] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 008E1014 .text C:\WINDOWS\system32\SearchFilterHost.exe[524] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 008E0804 .text C:\WINDOWS\system32\SearchFilterHost.exe[524] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 008E0A08 .text C:\WINDOWS\system32\SearchFilterHost.exe[524] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 008E0C0C .text C:\WINDOWS\system32\SearchFilterHost.exe[524] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 008E0E10 .text C:\WINDOWS\system32\SearchFilterHost.exe[524] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 008E01F8 .text C:\WINDOWS\system32\SearchFilterHost.exe[524] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 008E03FC .text C:\WINDOWS\system32\SearchFilterHost.exe[524] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 008E0600 .text C:\WINDOWS\system32\SearchFilterHost.exe[524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00AF0804 .text C:\WINDOWS\system32\SearchFilterHost.exe[524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00AF0A08 .text C:\WINDOWS\system32\SearchFilterHost.exe[524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00AF0600 .text C:\WINDOWS\system32\SearchFilterHost.exe[524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00AF01F8 .text C:\WINDOWS\system32\SearchFilterHost.exe[524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00AF03FC .text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[716] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[716] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003C1014 .text C:\WINDOWS\Explorer.EXE[716] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003C0804 .text C:\WINDOWS\Explorer.EXE[716] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003C0A08 .text C:\WINDOWS\Explorer.EXE[716] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003C0C0C .text C:\WINDOWS\Explorer.EXE[716] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003C0E10 .text C:\WINDOWS\Explorer.EXE[716] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003C01F8 .text C:\WINDOWS\Explorer.EXE[716] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003C03FC .text C:\WINDOWS\Explorer.EXE[716] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003C0600 .text C:\WINDOWS\Explorer.EXE[716] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00CF0804 .text C:\WINDOWS\Explorer.EXE[716] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00CF0A08 .text C:\WINDOWS\Explorer.EXE[716] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00CF0600 .text C:\WINDOWS\Explorer.EXE[716] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00CF01F8 .text C:\WINDOWS\Explorer.EXE[716] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00CF03FC .text C:\WINDOWS\System32\smss.exe[728] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[788] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[788] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[812] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[812] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\services.exe[856] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[856] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[868] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[868] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1020] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1020] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1220] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1220] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1352] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1352] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1376] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00BB1014 .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00BB0804 .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00BB0A08 .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00BB0C0C .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00BB0E10 .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00BB01F8 .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00BB03FC .text C:\WINDOWS\system32\svchost.exe[1376] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00BB0600 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1464] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1464] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1464] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1464] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1464] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 006E1014 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1464] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 006E0804 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1464] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 006E0A08 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1464] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 006E0C0C .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1464] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 006E0E10 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1464] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006E01F8 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1464] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006E03FC .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1464] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 006E0600 .text C:\WINDOWS\system32\svchost.exe[1488] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1488] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe[1592] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe[1592] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe[1592] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe[1592] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1644] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1644] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1644] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1716] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1752] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe[1752] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40ST7.EXE[1924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003001F8 .text C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40ST7.EXE[1924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40ST7.EXE[1924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003003FC .text C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40ST7.EXE[1924] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00B01014 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00B00804 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00B00A08 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00B00C0C .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00B00E10 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00B001F8 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00B003FC .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00B00600 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00A70804 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00A70A08 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00A70600 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00A701F8 .text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1932] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00A703FC .text C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE[1952] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003001F8 .text C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE[1952] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE[1952] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003003FC .text C:\Documents and Settings\All Users\Dane aplikacji\EPSON\EPW!3 SSRP\E_S40RP7.EXE[1952] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00431014 .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00430804 .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00430A08 .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00430C0C .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00430E10 .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004301F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004303FC .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00430600 .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 006C0804 .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 006C0A08 .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 006C0600 .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006C01F8 .text C:\Program Files\Java\jre7\bin\jqs.exe[2112] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006C03FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2240] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2240] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2240] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[2240] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[2276] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[2276] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[2276] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\WinFast\WFDTV\DTVSchdl.exe[2276] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00931014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00930804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00930A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00930C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00930E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009301F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009303FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2484] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00930600 .text C:\WINDOWS\system32\nvsvc32.exe[2528] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\nvsvc32.exe[2528] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[2528] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\nvsvc32.exe[2528] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[2528] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 008B1014 .text C:\WINDOWS\system32\nvsvc32.exe[2528] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 008B0804 .text C:\WINDOWS\system32\nvsvc32.exe[2528] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 008B0A08 .text C:\WINDOWS\system32\nvsvc32.exe[2528] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 008B0C0C .text C:\WINDOWS\system32\nvsvc32.exe[2528] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 008B0E10 .text C:\WINDOWS\system32\nvsvc32.exe[2528] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 008B01F8 .text C:\WINDOWS\system32\nvsvc32.exe[2528] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 008B03FC .text C:\WINDOWS\system32\nvsvc32.exe[2528] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 008B0600 .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2564] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alwil Software\Avast5\avastUI.exe[2564] kernel32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 005B01F8 .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 005B03FC .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 002B0804 .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 002B0A08 .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 002B0600 .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 002B01F8 .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 002B03FC .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002A1014 .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002A0804 .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002A0A08 .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002A0C0C .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002A0E10 .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002A01F8 .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002A03FC .text C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002A0600 .text C:\WINDOWS\system32\svchost.exe[2672] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[2672] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2672] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[2672] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00AC1014 .text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00AC0804 .text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00AC0A08 .text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00AC0C0C .text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00AC0E10 .text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00AC01F8 .text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00AC03FC .text C:\WINDOWS\system32\svchost.exe[2672] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00AC0600 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00C21014 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00C20804 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00C20A08 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00C20C0C .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00C20E10 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00C201F8 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00C203FC .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2676] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00C20600 .text C:\WINDOWS\system32\wuauclt.exe[2736] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wuauclt.exe[2736] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2736] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wuauclt.exe[2736] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\wuauclt.exe[2736] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\wuauclt.exe[2736] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\wuauclt.exe[2736] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\wuauclt.exe[2736] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\wuauclt.exe[2736] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\wuauclt.exe[2736] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\wuauclt.exe[2736] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\wuauclt.exe[2736] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\SearchProtocolHost.exe[2912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004101F8 .text C:\WINDOWS\system32\SearchProtocolHost.exe[2912] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchProtocolHost.exe[2912] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 004103FC .text C:\WINDOWS\system32\SearchProtocolHost.exe[2912] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\SearchProtocolHost.exe[2912] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 008D1014 .text C:\WINDOWS\system32\SearchProtocolHost.exe[2912] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 008D0804 .text C:\WINDOWS\system32\SearchProtocolHost.exe[2912] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 008D0A08 .text C:\WINDOWS\system32\SearchProtocolHost.exe[2912] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 008D0C0C .text C:\WINDOWS\system32\SearchProtocolHost.exe[2912] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 008D0E10 .text C:\WINDOWS\system32\SearchProtocolHost.exe[2912] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 008D01F8 .text C:\WINDOWS\system32\SearchProtocolHost.exe[2912] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 008D03FC .text C:\WINDOWS\system32\SearchProtocolHost.exe[2912] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 008D0600 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2964] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2964] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00F41014 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2964] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00F40804 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2964] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00F40A08 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2964] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00F40C0C .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2964] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00F40E10 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2964] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00F401F8 .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2964] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00F403FC .text C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[2964] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00F40600 .text C:\WINDOWS\system32\ctfmon.exe[2984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\ctfmon.exe[2984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\ctfmon.exe[2984] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[2984] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00A51014 .text C:\WINDOWS\system32\ctfmon.exe[2984] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00A50804 .text C:\WINDOWS\system32\ctfmon.exe[2984] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00A50A08 .text C:\WINDOWS\system32\ctfmon.exe[2984] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00A50C0C .text C:\WINDOWS\system32\ctfmon.exe[2984] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00A50E10 .text C:\WINDOWS\system32\ctfmon.exe[2984] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00A501F8 .text C:\WINDOWS\system32\ctfmon.exe[2984] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00A503FC .text C:\WINDOWS\system32\ctfmon.exe[2984] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00A50600 .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01081014 .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01080804 .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01080A08 .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01080C0C .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01080E10 .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 010801F8 .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 010803FC .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01080600 .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01520804 .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01520A08 .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01520600 .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 015201F8 .text C:\Program Files\WinFast\WFDTV\WFWIZ.exe[3028] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 015203FC .text C:\Program Files\NetMeter\NetMeter.exe[3136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text C:\Program Files\NetMeter\NetMeter.exe[3136] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NetMeter\NetMeter.exe[3136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text C:\Program Files\NetMeter\NetMeter.exe[3136] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\NetMeter\NetMeter.exe[3136] advapi32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009F1014 .text C:\Program Files\NetMeter\NetMeter.exe[3136] advapi32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009F0804 .text C:\Program Files\NetMeter\NetMeter.exe[3136] advapi32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009F0A08 .text C:\Program Files\NetMeter\NetMeter.exe[3136] advapi32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009F0C0C .text C:\Program Files\NetMeter\NetMeter.exe[3136] advapi32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009F0E10 .text C:\Program Files\NetMeter\NetMeter.exe[3136] advapi32.dll!CreateServiceA 77E27211 5 Bytes JMP 009F01F8 .text C:\Program Files\NetMeter\NetMeter.exe[3136] advapi32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009F03FC .text C:\Program Files\NetMeter\NetMeter.exe[3136] advapi32.dll!DeleteService 77E274B1 5 Bytes JMP 009F0600 .text C:\Program Files\NetMeter\NetMeter.exe[3136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00A00804 .text C:\Program Files\NetMeter\NetMeter.exe[3136] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00A00A08 .text C:\Program Files\NetMeter\NetMeter.exe[3136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00A00600 .text C:\Program Files\NetMeter\NetMeter.exe[3136] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00A001F8 .text C:\Program Files\NetMeter\NetMeter.exe[3136] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00A003FC .text C:\WINDOWS\system32\SearchIndexer.exe[3156] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003501F8 .text C:\WINDOWS\system32\SearchIndexer.exe[3156] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[3156] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003503FC .text C:\WINDOWS\system32\SearchIndexer.exe[3156] KERNEL32.dll!WriteFile 7C8112FF 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation) .text C:\WINDOWS\system32\SearchIndexer.exe[3156] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\system32\SearchIndexer.exe[3156] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009A1014 .text C:\WINDOWS\system32\SearchIndexer.exe[3156] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009A0804 .text C:\WINDOWS\system32\SearchIndexer.exe[3156] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009A0A08 .text C:\WINDOWS\system32\SearchIndexer.exe[3156] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009A0C0C .text C:\WINDOWS\system32\SearchIndexer.exe[3156] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009A0E10 .text C:\WINDOWS\system32\SearchIndexer.exe[3156] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009A01F8 .text C:\WINDOWS\system32\SearchIndexer.exe[3156] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009A03FC .text C:\WINDOWS\system32\SearchIndexer.exe[3156] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009A0600 .text C:\WINDOWS\system32\SearchIndexer.exe[3156] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01200804 .text C:\WINDOWS\system32\SearchIndexer.exe[3156] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01200A08 .text C:\WINDOWS\system32\SearchIndexer.exe[3156] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01200600 .text C:\WINDOWS\system32\SearchIndexer.exe[3156] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 012001F8 .text C:\WINDOWS\system32\SearchIndexer.exe[3156] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 012003FC .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003201F8 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003203FC .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01171014 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01170804 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01170A08 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01170C0C .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01170E10 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 011701F8 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 011703FC .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01170600 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 01960804 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 01960A08 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 01960600 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 019601F8 .text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[3256] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 019603FC .text C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[3288] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D01F8 .text C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[3288] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[3288] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003D03FC .text C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[3288] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[3288] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00B21014 .text C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[3288] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00B20804 .text C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[3288] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00B20A08 .text C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[3288] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00B20C0C .text C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[3288] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00B20E10 .text C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[3288] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 00B201F8 .text C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[3288] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 00B203FC .text C:\Program Files\MultiKeyboard Driver\KbdDrv.exe[3288] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00B20600 .text D:\Programy\OTL.exe[3748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003E01F8 .text D:\Programy\OTL.exe[3748] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text D:\Programy\OTL.exe[3748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003E03FC .text D:\Programy\OTL.exe[3748] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text D:\Programy\OTL.exe[3748] user32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00EC0804 .text D:\Programy\OTL.exe[3748] user32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00EC0A08 .text D:\Programy\OTL.exe[3748] user32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00EC0600 .text D:\Programy\OTL.exe[3748] user32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00EC01F8 .text D:\Programy\OTL.exe[3748] user32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00EC03FC .text D:\Programy\OTL.exe[3748] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00691014 .text D:\Programy\OTL.exe[3748] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00690804 .text D:\Programy\OTL.exe[3748] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00690A08 .text D:\Programy\OTL.exe[3748] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00690C0C .text D:\Programy\OTL.exe[3748] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00690E10 .text D:\Programy\OTL.exe[3748] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 006901F8 .text D:\Programy\OTL.exe[3748] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 006903FC .text D:\Programy\OTL.exe[3748] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00690600 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004201F8 .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 004203FC .text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3784] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3964] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 004201F8 .text C:\WINDOWS\System32\alg.exe[3964] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[3964] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 004203FC .text C:\WINDOWS\System32\alg.exe[3964] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 016C4470 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 005203FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] KERNEL32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 0191047C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] KERNEL32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 01910459 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] KERNEL32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 016CF972 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] KERNEL32.dll!GetBinaryTypeW + 80 7C868E04 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 022E0804 .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 022E0A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 022E0600 .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 022E01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 022E03FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7 Bytes JMP 019103DA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 02A51014 .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 02A50804 .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 02A50A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 02A50C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 02A50E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 02A501F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 02A503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[4004] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 02A50600 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F7356AD0] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F7356C16] sptd.sys IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F7356B98] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F7357744] sptd.sys IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F735761A] sptd.sys IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F736C57E] sptd.sys ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00F62F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00F62DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00F62D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\Explorer.EXE[716] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00F62DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[856] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1644] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\Alwil Software\Avast5\avastUI.exe[2564] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00802F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00802DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00802D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Documents and Settings\KATARZYNA\Moje dokumenty\Pobieranie\roz502p4.exe[2624] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00802DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT D:\Programy\OTL.exe[3748] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00C62F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT D:\Programy\OTL.exe[3748] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00C62DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT D:\Programy\OTL.exe[3748] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00C62D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT D:\Programy\OTL.exe[3748] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00C62DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4004] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtCreateFile] [00A32F60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4004] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32DB0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4004] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtClose] [00A32D70] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4004] @ C:\WINDOWS\system32\KERNEL32.dll [ntdll.dll!NtDuplicateObject] [00A32DC0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 867CF1E8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbohci \Device\USBPDO-0 86564790 Device \Driver\usbehci \Device\USBPDO-1 865571E8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Ftdisk \Device\HarddiskVolume1 867D11E8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd) Device \Driver\Ftdisk \Device\HarddiskVolume2 867D11E8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd) Device \Driver\Cdrom \Device\CdRom0 8654A790 Device \Driver\Ftdisk \Device\HarddiskVolume3 867D11E8 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd) Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F72CFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort0 [F72CFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\atapi \Device\Ide\IdePort1 [F72CFB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX} Device \Driver\NetBT \Device\NetBt_Wins_Export 8626E790 Device \Driver\NetBT \Device\NetbiosSmb 8626E790 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbohci \Device\USBFDO-0 86564790 Device \Driver\NetBT \Device\NetBT_Tcpip_{6DBEFE0E-F4DF-4F78-873D-60A4A5C9F23F} 8626E790 Device \Driver\usbehci \Device\USBFDO-1 865571E8 Device \Driver\nvata \Device\NvAta0 867D01E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 857781E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 857781E8 Device \Driver\Ftdisk \Device\FtControl 867D11E8 Device \Driver\nvata \Device\0000007f 867D01E8 Device \FileSystem\Cdfs \Cdfs 862A6420 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 ---- EOF - GMER 1.0.15 ----