GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2014-06-01 17:26:45 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543225L9A300 rev.FBEOC40C 232,89GB Running: by50elu0.exe; Driver: C:\Users\weronika\AppData\Local\Temp\pxdyikog.sys ---- System - GMER 2.1 ---- SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAddBootEntry [0x8D621B10] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x8D6225EE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEvent [0x8D62E5E0] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateEventPair [0x8D62E62C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x8D62E7C6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateMutant [0x8D62E54E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSection [0x8D62E670] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x8D62E596] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThread [0x8D622B24] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateTimer [0x8D62E780] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x8D6233DC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x8D621B76] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwDuplicateObject [0x8D626B58] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwLoadDriver [0x8D62175E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x8D621BDC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x8D626F4E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x8D623E6C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEvent [0x8D62E60A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenEventPair [0x8D62E64E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x8D62E7EA] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenMutant [0x8D62E574] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenProcess [0x8D626452] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSection [0x8D62E6FE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x8D62E5BE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenThread [0x8D62683A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwOpenTimer [0x8D62E7A4] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x8E95C0CC] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueryObject [0x8D623D38] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwQueueApcThread [0x8D62388E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x8D621C42] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetBootOptions [0x8D621CA8] SSDT \??\C:\Windows\system32\drivers\aswSP.sys ZwSetContextThread [0x8E95C316] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x8D6217F8] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x8D6219CE] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwShutdownSystem [0x8D62195C] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendProcess [0x8D6235A6] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSuspendThread [0x8D623708] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x8D621A56] SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8E8D3640] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwTerminateThread [0x8D623236] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwVdmControl [0x8D621D0E] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwWriteVirtualMemory [0x8D62264A] SSDT \??\C:\Windows\system32\drivers\aswSnx.sys ZwCreateThreadEx [0x8D622D40] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetTimerEx + 340 828ECB94 4 Bytes [10, 1B, 62, 8D] .text ntkrnlpa.exe!KeSetTimerEx + 3C4 828ECC18 4 Bytes [EE, 25, 62, 8D] .text ntkrnlpa.exe!KeSetTimerEx + 404 828ECC58 4 Bytes [E0, E5, 62, 8D] .text ntkrnlpa.exe!KeSetTimerEx + 409 828ECC5D 3 Bytes [E6, 62, 8D] .text ntkrnlpa.exe!KeSetTimerEx + 410 828ECC64 4 Bytes [C6, E7, 62, 8D] .text ... PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82A517F6 4 Bytes CALL 8D62452F \??\C:\Windows\system32\drivers\aswSnx.sys PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82A61177 4 Bytes CALL 8D624545 \??\C:\Windows\system32\drivers\aswSnx.sys .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8CE06000, 0x20BE32, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[324] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_ae0b52e0\aestsrv.exe[460] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Program Files\Malwarebytes Anti-Malware\mbam.exe[492] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[500] ntdll.dll!LdrLoadDll 778779B3 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[500] ntdll.dll!LdrUnloadDll 7788E5AC 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[500] KERNEL32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!SetWindowsHookExW 767C7B69 5 Bytes JMP 6B159A91 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!CallNextHookEx 767C8C33 5 Bytes JMP 6B14D0CD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!GetAsyncKeyState 767C8DF4 3 Bytes JMP 6B078EFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!GetAsyncKeyState + 4 767C8DF8 1 Byte [F4] .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!DialogBoxIndirectParamW 767CBD25 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!DialogBoxIndirectParamW 767CBD25 5 Bytes JMP 6B255329 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!SendInput 767CBEE7 5 Bytes JMP 6B25675F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!EndDialog 767CC178 3 Bytes JMP 6B087E7E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!EndDialog + 4 767CC17C 1 Byte [F4] .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!EnableWindow 767CDC79 5 Bytes JMP 6B15DD1D C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!CreateWindowExW 767D3D67 5 Bytes JMP 6B15DB04 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!GetKeyState 767D87C7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!GetKeyState 767D87C7 5 Bytes JMP 6B15D2CB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!IsDialogMessageW 767D99AE 5 Bytes JMP 6B0859D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!CreateDialogParamA 767E16FD 5 Bytes JMP 6B255F95 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!IsDialogMessage 767E179A 5 Bytes JMP 6B255831 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!DialogBoxParamW 767E1FD5 5 Bytes JMP 6B0854C5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!CreateDialogIndirectParamA 767E27CD 5 Bytes JMP 6B255FCC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!CreateDialogIndirectParamW 767E9AFA 5 Bytes JMP 6B256003 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!UnhookWindowsHookEx 767F08BE 5 Bytes JMP 6B0C466E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!CreateDialogParamW 767F1C58 5 Bytes JMP 6B15DE90 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!SetKeyboardState 767F1ECE 5 Bytes JMP 6B255BA0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!SetCursorPos 76806F1A 5 Bytes JMP 6B2567B3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!DialogBoxParamA 768080B2 5 Bytes JMP 6B2552C6 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!DialogBoxIndirectParamA 768083DD 5 Bytes JMP 6B25538C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!MessageBoxIndirectA 7681D471 5 Bytes JMP 6B25525B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!MessageBoxIndirectW 7681D56B 5 Bytes JMP 6B2551F0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!MessageBoxExA 7681D5D1 5 Bytes JMP 6B25518E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!MessageBoxExW 7681D5F5 5 Bytes JMP 6B25512C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] USER32.dll!keybd_event 7681D93C 5 Bytes JMP 6B256AE3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] SHELL32.dll!SHGetFileInfoW + 7CB 768CEC10 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[500] SHELL32.dll!SHGetFileInfoW + 7D3 768CEC18 4 Bytes [57, 2F, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[500] SHELL32.dll!SHGetFileInfoW + 8D3 768CED18 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[500] SHELL32.dll!SHGetFileInfoW + 8DB 768CED20 4 Bytes [57, 2F, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[500] SHELL32.dll!SHGetFileInfoW + 917 768CED5C 4 Bytes [4D, 30, A3, 65] .text ... .text C:\Program Files\Internet Explorer\iexplore.exe[500] SHELL32.dll!SHRestricted + DFD 768E8390 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[500] SHELL32.dll!SHRestricted + E05 768E8398 8 Bytes [57, 2F, A3, 65, 9C, 5B, A2, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[500] SHELL32.dll!SHRestricted + F89 768E851C 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[500] SHELL32.dll!SHRestricted + F91 768E8524 4 Bytes [57, 2F, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[500] SHELL32.dll!SHBindToObject + 693 768EA9B8 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[500] SHELL32.dll!SHBindToObject + 69B 768EA9C0 4 Bytes [57, 2F, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[500] ole32.dll!OleLoadFromStream 76509794 5 Bytes JMP 6B255691 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[500] ole32.dll!CoCreateInstance 7653E2D8 5 Bytes JMP 6B15DB60 C:\Windows\system32\IEFRAME.dll .text C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdeserv.exe[572] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Windows\system32\csrss.exe[580] KERNEL32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Windows\system32\wininit.exe[632] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Windows\system32\csrss.exe[652] KERNEL32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Windows\system32\services.exe[684] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text ... .text C:\Program Files\Internet Explorer\iexplore.exe[1312] ntdll.dll!LdrLoadDll 778779B3 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[1312] ntdll.dll!LdrUnloadDll 7788E5AC 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[1312] KERNEL32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!SetWindowsHookExW 767C7B69 5 Bytes JMP 6B159A91 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!CallNextHookEx 767C8C33 5 Bytes JMP 6B14D0CD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!GetAsyncKeyState 767C8DF4 3 Bytes JMP 6B078EFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!GetAsyncKeyState + 4 767C8DF8 1 Byte [F4] .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!DialogBoxIndirectParamW 767CBD25 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!DialogBoxIndirectParamW 767CBD25 5 Bytes JMP 6B255329 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!SendInput 767CBEE7 5 Bytes JMP 6B25675F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!EndDialog 767CC178 3 Bytes JMP 6B087E7E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!EndDialog + 4 767CC17C 1 Byte [F4] .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!EnableWindow 767CDC79 5 Bytes JMP 6B15DD1D C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!CreateWindowExW 767D3D67 5 Bytes JMP 6B15DB04 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!GetKeyState 767D87C7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!GetKeyState 767D87C7 5 Bytes JMP 6B15D2CB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!IsDialogMessageW 767D99AE 5 Bytes JMP 6B0859D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!CreateDialogParamA 767E16FD 5 Bytes JMP 6B255F95 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!IsDialogMessage 767E179A 5 Bytes JMP 6B255831 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!DialogBoxParamW 767E1FD5 5 Bytes JMP 6B0854C5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!CreateDialogIndirectParamA 767E27CD 5 Bytes JMP 6B255FCC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!CreateDialogIndirectParamW 767E9AFA 5 Bytes JMP 6B256003 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!UnhookWindowsHookEx 767F08BE 5 Bytes JMP 6B0C466E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!CreateDialogParamW 767F1C58 5 Bytes JMP 6B15DE90 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!SetKeyboardState 767F1ECE 5 Bytes JMP 6B255BA0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!SetCursorPos 76806F1A 5 Bytes JMP 6B2567B3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!DialogBoxParamA 768080B2 5 Bytes JMP 6B2552C6 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!DialogBoxIndirectParamA 768083DD 5 Bytes JMP 6B25538C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!MessageBoxIndirectA 7681D471 5 Bytes JMP 6B25525B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!MessageBoxIndirectW 7681D56B 5 Bytes JMP 6B2551F0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!MessageBoxExA 7681D5D1 5 Bytes JMP 6B25518E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!MessageBoxExW 7681D5F5 5 Bytes JMP 6B25512C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] USER32.dll!keybd_event 7681D93C 5 Bytes JMP 6B256AE3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] SHELL32.dll!SHRestricted + DFD 768E8390 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[1312] SHELL32.dll!SHRestricted + E05 768E8398 8 Bytes [57, 2F, A3, 65, 9C, 5B, A2, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[1312] ole32.dll!OleLoadFromStream 76509794 5 Bytes JMP 6B255691 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[1312] ole32.dll!CoCreateInstance 7653E2D8 5 Bytes JMP 6B15DB60 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe[1340] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Windows\system32\AUDIODG.EXE[1352] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe[1388] KERNEL32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[1416] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Windows\system32\svchost.exe[1476] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text ... .text C:\Program Files\Internet Explorer\iexplore.exe[3124] ntdll.dll!LdrLoadDll 778779B3 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3124] ntdll.dll!LdrUnloadDll 7788E5AC 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[3124] KERNEL32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!SetWindowsHookExW 767C7B69 5 Bytes JMP 6B159A91 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!CallNextHookEx 767C8C33 5 Bytes JMP 6B14D0CD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!GetAsyncKeyState 767C8DF4 3 Bytes JMP 6B078EFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!GetAsyncKeyState + 4 767C8DF8 1 Byte [F4] .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!DialogBoxIndirectParamW 767CBD25 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!DialogBoxIndirectParamW 767CBD25 5 Bytes JMP 6B255329 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!SendInput 767CBEE7 5 Bytes JMP 6B25675F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!EndDialog 767CC178 3 Bytes JMP 6B087E7E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!EndDialog + 4 767CC17C 1 Byte [F4] .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!EnableWindow 767CDC79 5 Bytes JMP 6B15DD1D C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!CreateWindowExW 767D3D67 5 Bytes JMP 6B15DB04 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!GetKeyState 767D87C7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!GetKeyState 767D87C7 5 Bytes JMP 6B15D2CB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!IsDialogMessageW 767D99AE 5 Bytes JMP 6B0859D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!CreateDialogParamA 767E16FD 5 Bytes JMP 6B255F95 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!IsDialogMessage 767E179A 5 Bytes JMP 6B255831 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!DialogBoxParamW 767E1FD5 5 Bytes JMP 6B0854C5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!CreateDialogIndirectParamA 767E27CD 5 Bytes JMP 6B255FCC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!CreateDialogIndirectParamW 767E9AFA 5 Bytes JMP 6B256003 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!UnhookWindowsHookEx 767F08BE 5 Bytes JMP 6B0C466E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!CreateDialogParamW 767F1C58 5 Bytes JMP 6B15DE90 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!SetKeyboardState 767F1ECE 5 Bytes JMP 6B255BA0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!SetCursorPos 76806F1A 5 Bytes JMP 6B2567B3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!DialogBoxParamA 768080B2 5 Bytes JMP 6B2552C6 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!DialogBoxIndirectParamA 768083DD 5 Bytes JMP 6B25538C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!MessageBoxIndirectA 7681D471 5 Bytes JMP 6B25525B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!MessageBoxIndirectW 7681D56B 5 Bytes JMP 6B2551F0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!MessageBoxExA 7681D5D1 5 Bytes JMP 6B25518E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!MessageBoxExW 7681D5F5 5 Bytes JMP 6B25512C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] USER32.dll!keybd_event 7681D93C 5 Bytes JMP 6B256AE3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] SHELL32.dll!SHRestricted + DFD 768E8390 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[3124] SHELL32.dll!SHRestricted + E05 768E8398 8 Bytes [57, 2F, A3, 65, 9C, 5B, A2, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[3124] SHELL32.dll!SHRestricted + FB1 768E8544 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[3124] SHELL32.dll!SHRestricted + FB9 768E854C 4 Bytes [57, 2F, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[3124] SHELL32.dll!ILFree + 5F3 768E9AFC 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[3124] SHELL32.dll!ILFree + 5FB 768E9B04 4 Bytes [57, 2F, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[3124] ole32.dll!OleLoadFromStream 76509794 5 Bytes JMP 6B255691 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3124] ole32.dll!CoCreateInstance 7653E2D8 5 Bytes JMP 6B15DB60 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3684] ntdll.dll!LdrLoadDll 778779B3 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[3684] ntdll.dll!LdrUnloadDll 7788E5AC 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[3684] KERNEL32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxIndirectParamW 767CBD25 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxIndirectParamW 767CBD25 5 Bytes JMP 6B255329 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!CreateWindowExW 767D3D67 5 Bytes JMP 6B15DB04 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxParamW 767E1FD5 5 Bytes JMP 6B0854C5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxParamA 768080B2 5 Bytes JMP 6B2552C6 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!DialogBoxIndirectParamA 768083DD 5 Bytes JMP 6B25538C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!MessageBoxIndirectA 7681D471 5 Bytes JMP 6B25525B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!MessageBoxIndirectW 7681D56B 5 Bytes JMP 6B2551F0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!MessageBoxExA 7681D5D1 5 Bytes JMP 6B25518E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[3684] USER32.dll!MessageBoxExW 7681D5F5 5 Bytes JMP 6B25512C C:\Windows\system32\IEFRAME.dll .text C:\Windows\system32\Dwm.exe[3780] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Windows\system32\taskeng.exe[3804] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Windows\Explorer.EXE[3816] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Windows\system32\wuauclt.exe[3856] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[3992] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text ... .text C:\Program Files\Internet Explorer\iexplore.exe[5004] ntdll.dll!LdrLoadDll 778779B3 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5004] ntdll.dll!LdrUnloadDll 7788E5AC 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[5004] KERNEL32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!SetWindowsHookExW 767C7B69 5 Bytes JMP 6B159A91 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!CallNextHookEx 767C8C33 5 Bytes JMP 6B14D0CD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!GetAsyncKeyState 767C8DF4 3 Bytes JMP 6B078EFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!GetAsyncKeyState + 4 767C8DF8 1 Byte [F4] .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxIndirectParamW 767CBD25 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxIndirectParamW 767CBD25 5 Bytes JMP 6B255329 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!SendInput 767CBEE7 5 Bytes JMP 6B25675F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!EndDialog 767CC178 3 Bytes JMP 6B087E7E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!EndDialog + 4 767CC17C 1 Byte [F4] .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!EnableWindow 767CDC79 5 Bytes JMP 6B15DD1D C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!CreateWindowExW 767D3D67 5 Bytes JMP 6B15DB04 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!GetKeyState 767D87C7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!GetKeyState 767D87C7 5 Bytes JMP 6B15D2CB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!IsDialogMessageW 767D99AE 5 Bytes JMP 6B0859D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!CreateDialogParamA 767E16FD 5 Bytes JMP 6B255F95 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!IsDialogMessage 767E179A 5 Bytes JMP 6B255831 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxParamW 767E1FD5 5 Bytes JMP 6B0854C5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!CreateDialogIndirectParamA 767E27CD 5 Bytes JMP 6B255FCC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!CreateDialogIndirectParamW 767E9AFA 5 Bytes JMP 6B256003 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!UnhookWindowsHookEx 767F08BE 5 Bytes JMP 6B0C466E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!CreateDialogParamW 767F1C58 5 Bytes JMP 6B15DE90 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!SetKeyboardState 767F1ECE 5 Bytes JMP 6B255BA0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!SetCursorPos 76806F1A 5 Bytes JMP 6B2567B3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxParamA 768080B2 5 Bytes JMP 6B2552C6 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!DialogBoxIndirectParamA 768083DD 5 Bytes JMP 6B25538C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!MessageBoxIndirectA 7681D471 5 Bytes JMP 6B25525B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!MessageBoxIndirectW 7681D56B 5 Bytes JMP 6B2551F0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!MessageBoxExA 7681D5D1 5 Bytes JMP 6B25518E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!MessageBoxExW 7681D5F5 5 Bytes JMP 6B25512C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] USER32.dll!keybd_event 7681D93C 5 Bytes JMP 6B256AE3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] SHELL32.dll!SHRestricted + DFD 768E8390 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[5004] SHELL32.dll!SHRestricted + E05 768E8398 8 Bytes [57, 2F, A3, 65, 9C, 5B, A2, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[5004] ole32.dll!OleLoadFromStream 76509794 5 Bytes JMP 6B255691 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5004] ole32.dll!CoCreateInstance 7653E2D8 5 Bytes JMP 6B15DB60 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] ntdll.dll!LdrLoadDll 778779B3 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5084] ntdll.dll!LdrUnloadDll 7788E5AC 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[5084] KERNEL32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!SetWindowsHookExW 767C7B69 5 Bytes JMP 6B159A91 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!CallNextHookEx 767C8C33 5 Bytes JMP 6B14D0CD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!GetAsyncKeyState 767C8DF4 3 Bytes JMP 6B078EFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!GetAsyncKeyState + 4 767C8DF8 1 Byte [F4] .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!DialogBoxIndirectParamW 767CBD25 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!DialogBoxIndirectParamW 767CBD25 5 Bytes JMP 6B255329 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!SendInput 767CBEE7 5 Bytes JMP 6B25675F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!EndDialog 767CC178 3 Bytes JMP 6B087E7E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!EndDialog + 4 767CC17C 1 Byte [F4] .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!EnableWindow 767CDC79 5 Bytes JMP 6B15DD1D C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!CreateWindowExW 767D3D67 5 Bytes JMP 6B15DB04 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!GetKeyState 767D87C7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!GetKeyState 767D87C7 5 Bytes JMP 6B15D2CB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!IsDialogMessageW 767D99AE 5 Bytes JMP 6B0859D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!CreateDialogParamA 767E16FD 5 Bytes JMP 6B255F95 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!IsDialogMessage 767E179A 5 Bytes JMP 6B255831 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!DialogBoxParamW 767E1FD5 5 Bytes JMP 6B0854C5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!CreateDialogIndirectParamA 767E27CD 5 Bytes JMP 6B255FCC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!CreateDialogIndirectParamW 767E9AFA 5 Bytes JMP 6B256003 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!UnhookWindowsHookEx 767F08BE 5 Bytes JMP 6B0C466E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!CreateDialogParamW 767F1C58 5 Bytes JMP 6B15DE90 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!SetKeyboardState 767F1ECE 5 Bytes JMP 6B255BA0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!SetCursorPos 76806F1A 5 Bytes JMP 6B2567B3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!DialogBoxParamA 768080B2 5 Bytes JMP 6B2552C6 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!DialogBoxIndirectParamA 768083DD 5 Bytes JMP 6B25538C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!MessageBoxIndirectA 7681D471 5 Bytes JMP 6B25525B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!MessageBoxIndirectW 7681D56B 5 Bytes JMP 6B2551F0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!MessageBoxExA 7681D5D1 5 Bytes JMP 6B25518E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!MessageBoxExW 7681D5F5 5 Bytes JMP 6B25512C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] USER32.dll!keybd_event 7681D93C 5 Bytes JMP 6B256AE3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] SHELL32.dll!SHRestricted + DFD 768E8390 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[5084] SHELL32.dll!SHRestricted + E05 768E8398 8 Bytes [57, 2F, A3, 65, 9C, 5B, A2, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[5084] SHELL32.dll!SHRestricted + FB1 768E8544 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[5084] SHELL32.dll!SHRestricted + FB9 768E854C 4 Bytes [57, 2F, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[5084] SHELL32.dll!ILFree + 5F3 768E9AFC 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[5084] SHELL32.dll!ILFree + 5FB 768E9B04 4 Bytes [57, 2F, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[5084] ole32.dll!OleLoadFromStream 76509794 5 Bytes JMP 6B255691 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5084] ole32.dll!CoCreateInstance 7653E2D8 5 Bytes JMP 6B15DB60 C:\Windows\system32\IEFRAME.dll .text C:\Users\weronika\Desktop\BEZPIECZENSTWO\by50elu0.exe[5416] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[5508] ntdll.dll!LdrLoadDll 778779B3 5 Bytes JMP 000501F8 .text C:\Program Files\Internet Explorer\iexplore.exe[5508] ntdll.dll!LdrUnloadDll 7788E5AC 5 Bytes JMP 000503FC .text C:\Program Files\Internet Explorer\iexplore.exe[5508] KERNEL32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!SetWindowsHookExW 767C7B69 5 Bytes JMP 6B159A91 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!CallNextHookEx 767C8C33 5 Bytes JMP 6B14D0CD C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!GetAsyncKeyState 767C8DF4 3 Bytes JMP 6B078EFF C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!GetAsyncKeyState + 4 767C8DF8 1 Byte [F4] .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!DialogBoxIndirectParamW 767CBD25 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!DialogBoxIndirectParamW 767CBD25 5 Bytes JMP 6B255329 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!SendInput 767CBEE7 5 Bytes JMP 6B25675F C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!EndDialog 767CC178 3 Bytes JMP 6B087E7E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!EndDialog + 4 767CC17C 1 Byte [F4] .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!EnableWindow 767CDC79 5 Bytes JMP 6B15DD1D C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!CreateWindowExW 767D3D67 5 Bytes JMP 6B15DB04 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!GetKeyState 767D87C7 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!GetKeyState 767D87C7 5 Bytes JMP 6B15D2CB C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!IsDialogMessageW 767D99AE 5 Bytes JMP 6B0859D7 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!CreateDialogParamA 767E16FD 5 Bytes JMP 6B255F95 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!IsDialogMessage 767E179A 5 Bytes JMP 6B255831 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!DialogBoxParamW 767E1FD5 5 Bytes JMP 6B0854C5 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!CreateDialogIndirectParamA 767E27CD 5 Bytes JMP 6B255FCC C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!CreateDialogIndirectParamW 767E9AFA 5 Bytes JMP 6B256003 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!UnhookWindowsHookEx 767F08BE 5 Bytes JMP 6B0C466E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!CreateDialogParamW 767F1C58 5 Bytes JMP 6B15DE90 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!SetKeyboardState 767F1ECE 5 Bytes JMP 6B255BA0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!SetCursorPos 76806F1A 5 Bytes JMP 6B2567B3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!DialogBoxParamA 768080B2 5 Bytes JMP 6B2552C6 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!DialogBoxIndirectParamA 768083DD 5 Bytes JMP 6B25538C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!MessageBoxIndirectA 7681D471 5 Bytes JMP 6B25525B C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!MessageBoxIndirectW 7681D56B 5 Bytes JMP 6B2551F0 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!MessageBoxExA 7681D5D1 5 Bytes JMP 6B25518E C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!MessageBoxExW 7681D5F5 5 Bytes JMP 6B25512C C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] USER32.dll!keybd_event 7681D93C 5 Bytes JMP 6B256AE3 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] SHELL32.dll!SHRestricted + DFD 768E8390 4 Bytes [4D, 30, A3, 65] .text C:\Program Files\Internet Explorer\iexplore.exe[5508] SHELL32.dll!SHRestricted + E05 768E8398 8 Bytes [57, 2F, A3, 65, 9C, 5B, A2, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[5508] ole32.dll!OleLoadFromStream 76509794 5 Bytes JMP 6B255691 C:\Windows\system32\IEFRAME.dll .text C:\Program Files\Internet Explorer\iexplore.exe[5508] ole32.dll!CoCreateInstance 7653E2D8 5 Bytes JMP 6B15DB60 C:\Windows\system32\IEFRAME.dll .text C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe[5604] kernel32.dll!GetBinaryTypeW + 70 777C1CE8 1 Byte [62] ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000A0002 IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000A0000 IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73CD8864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73D19855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73CDB984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73CCFB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73CD7A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73CCEA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73D0B12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73CDBC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73CD0756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73CD06BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73CC71B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73D5D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73CF7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73CCE109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73CC697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73CC69A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll IAT C:\Windows\Explorer.EXE[3816] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73CD2475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll ---- Devices - GMER 2.1 ---- AttachedDevice \Driver\tdx \Device\Tcp aswTdi.sys AttachedDevice \Driver\tdx \Device\Udp aswTdi.sys Device \FileSystem\fastfat \Fat C3437A7A AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 84839D90 ---- Registry - GMER 2.1 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextSqmReportTime 2014-06-01 15:11:27 ---- EOF - GMER 2.1 ----