Problem z uzyciem procesora i krotkie zawieszanie

**Posty:** 177 · przez **roonnii** 10 Sie 2012, 01:34

OTL.Txt: (114.58 KiB) Ściągnięto 33 razy

Witam posiadam staruszka już wieki czasu który już strasznie zamula. Problemy mam już przy 3 zakładkach w chromie i podczas oglądania Youtube na każdej przeglądarce. Wysoki poziom użycia pliku strony nawet bez włączenia żadnej aplikacji. Posiadam Avasta może on tak strasznie zamula (może coś wyłączyć w nim). Planuje wymianę na nowy ale to dopiero po wakacjach (pisałem już temat- Dzięki za info) ale tymczasem coś muszę zrobić żeby normalnie siedzieć na necie i słuchać muzyki bez żadnej zamuły. Jak do wcześniej działało bez zarzutów Proszę o pomoc i jeśli jest opcja to wyrzucić można prawie wszystko zostawić tylko podstawowe rzeczy. Trochę się nazbierało przez tyle lat użytkowania Windowsa;/ Masakra logi mi sie robily ponad 1.5 godz:)

Dodano 10.08.2012 00:39:01:

Kod: Zaznacz wszystko: GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-08-10 01:38:33 Windows 5.1.2600 Dodatek Service Pack 3 Harddisk1\DR1 -> \Device\00000080 ST3160827AS rev.3.42 Running: 1m669oog.exe; Driver: C:\DOCUME~1\Szymon\USTAWI~1\Temp\fgqdikoc.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xF3CDC536] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xF3DAD7BA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xF3CDCF52] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xF3D1CC31] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xF3CE7D7A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xF3CE7DC6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xF3CE7F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xF3CE7CE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xF3CE7E0A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xF3CE7D30] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xF3CDD146] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xF3CE7F02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xF3CDD8CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xF3CDC584] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xF3D1D2F7] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xF3D1D5AD] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xF3CE0F36] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xF3D1D162] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xF3D1CFCD] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xF3DAD89E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xF3CDC1EC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xF3CDC5D2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xF3CE12A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xF3CDE292] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xF3CE7DA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xF3CE7DE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xF3CE7F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xF3CE7D0E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xF3CE0AAC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xF3CE7E8C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xF3CE7D58] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xF3CE0CDE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xF3CE7F26] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xF3DADA1E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xF3D1CE48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xF3CDE15E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xF3D1CC9A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xF3CDDD08] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xF3DB9338] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xF3D1BC58] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xF3CDC620] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xF3CDC66E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xF3CDD74A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xF3CDC276] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xF3CDC426] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xF3D1D3FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xF3CDC3CC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xF3CDDA2C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xF3CDDB88] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xF3CDC496] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xF3CDD468] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xF3CDD5CA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xF3CDC6BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xF3CDCF96] SSDT \WINDOWS\system32\ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) ZwCreateKey [0x80542C71] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [80542C71] ZwCreateKey [0x80542C71] SSDT \WINDOWS\system32\ntkrnlpa.exe (Jądro i system NT/Microsoft Corporation) ZwOpenKey [0x80542C76] SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [80542C76] ZwOpenKey [0x80542C76] INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 80542C7B INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F364316D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) F3642FC2 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xF3DC5744] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2410 80501C48 4 Bytes CALL B743EAC9 \SystemRoot\System32\DRIVERS\ndisuio.sys (NDIS User mode I/O Driver/Microsoft Corporation) .text ntkrnlpa.exe!ZwCallbackReturn + 26B0 80501EE8 12 Bytes [20, C6, CD, F3, 6E, C6, CD, ...] .text ntkrnlpa.exe!ZwCallbackReturn + 2758 80501F90 12 Bytes [2C, DA, CD, F3, 88, DB, CD, ...] .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF634E3C0, 0x95AECA, 0xE8000020] .text C:\WINDOWS\system32\drivers\aksfridge.sys section is writeable [0xB6D34000, 0x48011, 0xE0000020] .init C:\WINDOWS\system32\drivers\aksfridge.sys entry point in ".init" section [0xB6D89224] .init C:\WINDOWS\system32\drivers\aksfridge.sys unknown last code section [0xB6D89000, 0x4000, 0xE20000E0] .text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xB6CF0300, 0x3B6D8, 0xE8000020] .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB6561400, 0x6E1B2, 0xE8000020] .protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB65EB220] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB65EB220] .protect˙˙˙˙hardlockunknown last code section [0xB65EB000, 0x50EA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB65EB000, 0x50EA, 0xE0000020] .text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF3CBE300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[136] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe[136] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\hasplms.exe[352] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\hasplms.exe[352] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\BinarySense\hldasvc.exe[456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\BinarySense\hldasvc.exe[456] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[480] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[480] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[480] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[480] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[480] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001601F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001603FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[644] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\System32\smss.exe[776] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[836] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[836] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[860] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[860] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1084] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1084] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1180] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1180] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[1296] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wscntfy.exe[1296] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[1296] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wscntfy.exe[1296] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\wscntfy.exe[1296] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\wscntfy.exe[1296] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\wscntfy.exe[1296] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\wscntfy.exe[1296] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\wscntfy.exe[1296] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\system32\wscntfy.exe[1296] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00331014 .text C:\WINDOWS\system32\wscntfy.exe[1296] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00330804 .text C:\WINDOWS\system32\wscntfy.exe[1296] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00330A08 .text C:\WINDOWS\system32\wscntfy.exe[1296] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 3 Bytes JMP 00330C0C .text C:\WINDOWS\system32\wscntfy.exe[1296] ADVAPI32.dll!ChangeServiceConfig2A + 4 77E270DD 1 Byte [88] .text C:\WINDOWS\system32\wscntfy.exe[1296] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00330E10 .text C:\WINDOWS\system32\wscntfy.exe[1296] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003301F8 .text C:\WINDOWS\system32\wscntfy.exe[1296] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003303FC .text C:\WINDOWS\system32\wscntfy.exe[1296] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00330600 .text C:\Program Files\Java\jre6\bin\jqs.exe[1368] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Java\jre6\bin\jqs.exe[1368] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1420] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1420] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1496] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1496] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1700] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1700] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1700] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\brsvc01a.exe[1760] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\brsvc01a.exe[1760] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\brss01a.exe[1784] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\brss01a.exe[1784] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1796] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe[1828] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Winamp\winamp.exe[1924] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001601F8 .text C:\Program Files\Winamp\winamp.exe[1924] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Winamp\winamp.exe[1924] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001603FC .text C:\Program Files\Winamp\winamp.exe[1924] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Winamp\winamp.exe[1924] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\Winamp\winamp.exe[1924] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\Winamp\winamp.exe[1924] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\Winamp\winamp.exe[1924] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\Winamp\winamp.exe[1924] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\Winamp\winamp.exe[1924] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\Winamp\winamp.exe[1924] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\Winamp\winamp.exe[1924] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\Winamp\winamp.exe[1924] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Winamp\winamp.exe[1924] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Winamp\winamp.exe[1924] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Winamp\winamp.exe[1924] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Winamp\winamp.exe[1924] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\System32\svchost.exe[1988] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1988] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2004] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe[2004] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2056] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[2056] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2056] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[2056] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[2056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2056] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2056] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\System32\alg.exe[2056] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\alg.exe[2056] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\alg.exe[2056] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\System32\alg.exe[2056] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\System32\alg.exe[2056] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\alg.exe[2056] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\System32\alg.exe[2056] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2168] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[2168] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2184] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[2184] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2184] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[2184] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2184] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\Explorer.EXE[2184] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\Explorer.EXE[2184] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\Explorer.EXE[2184] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\Explorer.EXE[2184] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\Explorer.EXE[2184] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\Explorer.EXE[2184] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[2184] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\WINDOWS\Explorer.EXE[2184] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\Explorer.EXE[2184] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\Explorer.EXE[2184] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\Explorer.EXE[2184] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\Explorer.EXE[2184] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001601F8 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001603FC .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00580804 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00580A08 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00580600 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005801F8 .text C:\Program Files\Microsoft IntelliType Pro\itype.exe[2236] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005803FC .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001601F8 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001603FC .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00570804 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00570A08 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00570600 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005701F8 .text C:\Program Files\Microsoft IntelliPoint\ipoint.exe[2328] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005703FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 55, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 55, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 55, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 55, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B912AFC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 55, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 55, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 55, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B912B6D .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 55, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B912C9B .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 55, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 55, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 55, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 005701F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 005703FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00841014 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00840804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00840A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00840C0C .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00840E10 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 008401F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 008403FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00840600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00850804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00850A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00850600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 008501F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2344] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 008503FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe[2508] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\WINDOWS\SOUNDMAN.EXE[2552] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\WINDOWS\SOUNDMAN.EXE[2552] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\SOUNDMAN.EXE[2552] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\WINDOWS\SOUNDMAN.EXE[2552] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\SOUNDMAN.EXE[2552] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804 .text C:\WINDOWS\SOUNDMAN.EXE[2552] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08 .text C:\WINDOWS\SOUNDMAN.EXE[2552] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600 .text C:\WINDOWS\SOUNDMAN.EXE[2552] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8 .text C:\WINDOWS\SOUNDMAN.EXE[2552] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC .text C:\WINDOWS\SOUNDMAN.EXE[2552] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\WINDOWS\SOUNDMAN.EXE[2552] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\WINDOWS\SOUNDMAN.EXE[2552] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\WINDOWS\SOUNDMAN.EXE[2552] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\WINDOWS\SOUNDMAN.EXE[2552] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\WINDOWS\SOUNDMAN.EXE[2552] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\WINDOWS\SOUNDMAN.EXE[2552] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\WINDOWS\SOUNDMAN.EXE[2552] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\WINDOWS\Explorer.EXE[2556] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[2556] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2556] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[2556] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[2556] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\Explorer.EXE[2556] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\Explorer.EXE[2556] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\Explorer.EXE[2556] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\Explorer.EXE[2556] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\Explorer.EXE[2556] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\Explorer.EXE[2556] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\Explorer.EXE[2556] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\WINDOWS\Explorer.EXE[2556] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\Explorer.EXE[2556] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\Explorer.EXE[2556] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\Explorer.EXE[2556] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\Explorer.EXE[2556] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe[2708] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[2720] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\nvsvc32.exe[2720] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[2720] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\WINDOWS\system32\nvsvc32.exe[2720] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\nvsvc32.exe[2720] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\nvsvc32.exe[2720] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\WINDOWS\system32\nvsvc32.exe[2720] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\WINDOWS\system32\nvsvc32.exe[2720] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\nvsvc32.exe[2720] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\nvsvc32.exe[2720] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\nvsvc32.exe[2720] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\WINDOWS\system32\nvsvc32.exe[2720] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\WINDOWS\system32\nvsvc32.exe[2720] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\WINDOWS\system32\nvsvc32.exe[2720] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\WINDOWS\system32\nvsvc32.exe[2720] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2748] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] advapi32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] advapi32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] advapi32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] advapi32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] advapi32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] advapi32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] advapi32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] advapi32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\PANDORA.TV\PanService\PandoraService.exe[2840] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\System32\svchost.exe[2864] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[2864] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2864] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[2864] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2864] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[2864] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[2864] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[2864] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[2864] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[2864] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[2864] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[2864] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[2864] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[2864] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe[2872] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\system32\PnkBstrA.exe[2880] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\PnkBstrA.exe[2880] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[2880] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\PnkBstrA.exe[2880] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[2880] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\PnkBstrA.exe[2880] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\PnkBstrA.exe[2880] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\PnkBstrA.exe[2880] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\PnkBstrA.exe[2880] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\PnkBstrA.exe[2880] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\PnkBstrA.exe[2880] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\PnkBstrA.exe[2880] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\PnkBstrA.exe[2880] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\PnkBstrA.exe[2880] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\PnkBstrA.exe[2880] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\PnkBstrA.exe[2880] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\PnkBstrA.exe[2880] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\PnkBstrB.exe[2896] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\PnkBstrB.exe[2896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrB.exe[2896] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\PnkBstrB.exe[2896] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrB.exe[2896] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\PnkBstrB.exe[2896] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\PnkBstrB.exe[2896] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\PnkBstrB.exe[2896] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\PnkBstrB.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\PnkBstrB.exe[2896] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\PnkBstrB.exe[2896] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\PnkBstrB.exe[2896] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\PnkBstrB.exe[2896] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\PnkBstrB.exe[2896] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\PnkBstrB.exe[2896] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\PnkBstrB.exe[2896] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\PnkBstrB.exe[2896] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe[2940] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\WINDOWS\System32\svchost.exe[2980] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[2980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2980] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[2980] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[2980] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\svchost.exe[2980] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[2980] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[2980] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\svchost.exe[2980] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\svchost.exe[2980] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[2980] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[2980] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[2980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\svchost.exe[2980] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\svchost.exe[2980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\svchost.exe[2980] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\svchost.exe[2980] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\uTorrent\uTorrent.exe[3008] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003401F8 .text C:\Program Files\uTorrent\uTorrent.exe[3008] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\uTorrent\uTorrent.exe[3008] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003403FC .text C:\Program Files\uTorrent\uTorrent.exe[3008] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\uTorrent\uTorrent.exe[3008] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00B11014 .text C:\Program Files\uTorrent\uTorrent.exe[3008] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00B10804 .text C:\Program Files\uTorrent\uTorrent.exe[3008] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00B10A08 .text C:\Program Files\uTorrent\uTorrent.exe[3008] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00B10C0C .text C:\Program Files\uTorrent\uTorrent.exe[3008] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00B10E10 .text C:\Program Files\uTorrent\uTorrent.exe[3008] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 00B101F8 .text C:\Program Files\uTorrent\uTorrent.exe[3008] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 00B103FC .text C:\Program Files\uTorrent\uTorrent.exe[3008] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00B10600 .text C:\Program Files\uTorrent\uTorrent.exe[3008] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00B20804 .text C:\Program Files\uTorrent\uTorrent.exe[3008] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00B20A08 .text C:\Program Files\uTorrent\uTorrent.exe[3008] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00B20600 .text C:\Program Files\uTorrent\uTorrent.exe[3008] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00B201F8 .text C:\Program Files\uTorrent\uTorrent.exe[3008] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00B203FC .text C:\WINDOWS\system32\ctfmon.exe[3012] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[3012] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3012] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[3012] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[3012] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00381014 .text C:\WINDOWS\system32\ctfmon.exe[3012] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[3012] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[3012] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00380C0C .text C:\WINDOWS\system32\ctfmon.exe[3012] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00380E10 .text C:\WINDOWS\system32\ctfmon.exe[3012] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[3012] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[3012] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\ctfmon.exe[3012] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804 .text C:\WINDOWS\system32\ctfmon.exe[3012] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08 .text C:\WINDOWS\system32\ctfmon.exe[3012] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600 .text C:\WINDOWS\system32\ctfmon.exe[3012] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8 .text C:\WINDOWS\system32\ctfmon.exe[3012] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC .text C:\WINDOWS\system32\ctfmon.exe[3012] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001601F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001603FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3048] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3068] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3068] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3068] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3068] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3068] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3068] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3068] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3068] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3068] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3068] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3068] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe[3068] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014 .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804 .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08 .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10 .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8 .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600 .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Canon\CAL\CALMAIN.exe[3272] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014 .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804 .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08 .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10 .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8 .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600 .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe[3288] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001601F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001603FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3296] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001601F8 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001603FC .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe[3380] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\Program Files\Samsung\Kies\Kies.exe[3420] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Samsung\Kies\Kies.exe[3420] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 004A0804 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 004A0A08 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 004A0600 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 004A01F8 .text C:\Program Files\PC Connectivity Solution\ServiceLayer.exe[3480] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 004A03FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 35, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 35, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 35, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 35, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B910AFC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 35, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 35, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 35, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B910B6D .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 35, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B910C9B .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 35, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 35, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 35, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003701F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003703FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00781014 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00780804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00780A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00780C0C .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00780E10 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 007801F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 007803FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00780600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00790804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00790A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00790600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007901F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3524] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007903FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 1D, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 1D, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 1D, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 1D, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90F2FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 1D, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 1D, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 1D, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90F36D .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 1D, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F49B .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 1D, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 1D, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 1D, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001E01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001E03FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 005F1014 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 005F0804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 005F0A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 005F0C0C .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 005F0E10 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 005F01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 005F03FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 005F0600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00600804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00600A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00600600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 006001F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3636] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 006003FC .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8 .text C:\WINDOWS\System32\wbem\wmiapsrv.exe[3696] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001501F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001503FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003E1014 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003E0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003E0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003E0C0C .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003E0E10 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003E01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003E03FC .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003E0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8 .text C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe[3808] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 1A, 00] {SUB [EAX], AL; SBB AL, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 1A, 00] {SUB [EBX], AL; SBB AL, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 1A, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 1A, 00] {TEST AL, 0x1; SBB AL, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B90EFFC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 1A, 00] {TEST AL, 0x2; SBB AL, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 1A, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 1A, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B90F06D .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 1A, 00] {TEST AL, 0x0; SBB AL, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B90F19B .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 1A, 00] {SUB [ECX], AL; SBB AL, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 1A, 00] {SUB [EDX], AL; SBB AL, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 1A, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001C01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001C03FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 005D1014 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 005D0804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 005D0A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 005D0C0C .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 005D0E10 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 005D01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 005D03FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 005D0600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 005E0804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 005E0A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 005E0600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005E01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[4112] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005E03FC .text C:\WINDOWS\system32\taskmgr.exe[4828] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\taskmgr.exe[4828] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\system32\taskmgr.exe[4828] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\taskmgr.exe[4828] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\system32\taskmgr.exe[4828] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 00311014 .text C:\WINDOWS\system32\taskmgr.exe[4828] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\taskmgr.exe[4828] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\taskmgr.exe[4828] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 00310C0C .text C:\WINDOWS\system32\taskmgr.exe[4828] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 00310E10 .text C:\WINDOWS\system32\taskmgr.exe[4828] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\taskmgr.exe[4828] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\taskmgr.exe[4828] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\taskmgr.exe[4828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804 .text C:\WINDOWS\system32\taskmgr.exe[4828] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08 .text C:\WINDOWS\system32\taskmgr.exe[4828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600 .text C:\WINDOWS\system32\taskmgr.exe[4828] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8 .text C:\WINDOWS\system32\taskmgr.exe[4828] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001601F8 .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001603FC .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 009C1014 .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 009C0804 .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 009C0C0C .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 009C0E10 .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 009C03FC .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 009C0600 .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009D0804 .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009D0A08 .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009D0600 .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009D01F8 .text C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe[4832] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009D03FC .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4932] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4932] ntdll.dll!DbgUiRemoteBreakin 7C94FFE3 1 Byte [C3] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4932] KERNEL32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [28, 00, 3B, 00] {SUB [EAX], AL; CMP EAX, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtMapViewOfSection + 6 7C90D506 1 Byte [28] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtMapViewOfSection + 6 7C90D506 4 Bytes [28, 03, 3B, 00] {SUB [EBX], AL; CMP EAX, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtMapViewOfSection + B 7C90D50B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [68, 00, 3B, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [A8, 01, 3B, 00] {TEST AL, 0x1; CMP EAX, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes CALL 7B9110FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [A8, 02, 3B, 00] {TEST AL, 0x2; CMP EAX, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [68, 01, 3B, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [68, 02, 3B, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes CALL 7B91116D .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [A8, 00, 3B, 00] {TEST AL, 0x0; CMP EAX, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes CALL 7B91129B .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [28, 01, 3B, 00] {SUB [ECX], AL; CMP EAX, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [28, 02, 3B, 00] {SUB [EDX], AL; CMP EAX, [EAX]} .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 1 Byte [68] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtUnmapViewOfSection + 6 7C90DEF6 4 Bytes [68, 03, 3B, 00] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!NtUnmapViewOfSection + B 7C90DEFB 1 Byte [E2] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 003D01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 003D03FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 007E1014 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 007E0804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 007E0A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 007E0C0C .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 007E0E10 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 007E01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 007E03FC .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 007E0600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 007F0804 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 007F0A08 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 007F0600 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 007F01F8 .text C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[5476] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 007F03FC .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001401F8 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001403FC .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003D1014 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003D0804 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003D0A08 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003D0C0C .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003D0E10 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003D01F8 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003D03FC .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003D0600 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[5952] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] ntdll.dll!LdrLoadDll 7C9163A3 5 Bytes JMP 001601F8 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171AA 1 Byte [62] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] ntdll.dll!LdrUnloadDll 7C91736B 5 Bytes JMP 001603FC .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] kernel32.dll!GetBinaryTypeW + 80 7C868C2C 1 Byte [62] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] ADVAPI32.dll!SetServiceObjectSecurity 77E26D59 5 Bytes JMP 003F1014 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] ADVAPI32.dll!ChangeServiceConfigA 77E26E41 5 Bytes JMP 003F0804 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] ADVAPI32.dll!ChangeServiceConfigW 77E26FD9 5 Bytes JMP 003F0A08 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] ADVAPI32.dll!ChangeServiceConfig2A 77E270D9 5 Bytes JMP 003F0C0C .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] ADVAPI32.dll!ChangeServiceConfig2W 77E27161 5 Bytes JMP 003F0E10 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] ADVAPI32.dll!CreateServiceA 77E271E9 5 Bytes JMP 003F01F8 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] ADVAPI32.dll!CreateServiceW 77E27381 5 Bytes JMP 003F03FC .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[6056] ADVAPI32.dll!DeleteService 77E27489 5 Bytes JMP 003F0600 ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 00960ED0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 00960BC0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 009596B0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 0095ABF0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0095DD60 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 0095B940 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 0095AF20 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0095D0A0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 009600A0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 009600E0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 00961220 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0095FC90 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0095DCC0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 0095C460 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 0095B5F0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 0095BEE0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 009617A0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0095D3F0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0095DB20 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0095E750 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0095E230 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0095E6D0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0095F1F0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0095E8C0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 0095B2A0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 0095C310 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 009601C0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0095E370 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0095DC60 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0095D820 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0095DE70 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 00961240 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0095E170 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 009614E0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 00961480 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 009616D0 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 00961770 IAT C:\Program Files\Common Files\BinarySense\hldasvc.exe[584] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 009615A0 IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003D0002 IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003D0000 IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1700] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[2168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Ntfs \Ntfs AFPAnsi.sys (Windows NT File System Protector Network Edition/Alfa Corporation) AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) Device \FileSystem\Fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 EUBKMON.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 EUBKMON.sys AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 EUBKMON.sys AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.) Device \Driver\Disk \Device\Harddisk1\DR1 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.) Device \FileSystem\Fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software) AttachedDevice \FileSystem\Fastfat \Fat AFPAnsi.sys (Windows NT File System Protector Network Edition/Alfa Corporation) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x92 0xB0 0xD6 0x1A ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x6E 0xD7 0xD6 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x43 0x94 0x99 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0xB5 0x1A 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x03 0x82 0x1C 0xC9 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x1B 0x40 0x9B 0x19 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x52 0x12 0x25 0xFC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x99 0xF3 0x4B 0x96 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xED 0x90 0xBB 0xF8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB5 0xDB 0xC6 0x05 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xD0 0x9D 0x83 0xCC ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x39 0xE3 0xD7 0x75 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x52 0x12 0x25 0xFC ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 2 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x92 0xB0 0xD6 0x1A ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x10 0x6E 0xD7 0xD6 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x87 0x43 0x94 0x99 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xB3 0xB5 0x1A 0x34 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x03 0x82 0x1C 0xC9 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x1B 0x40 0x9B 0x19 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0x52 0x12 0x25 0xFC ... ---- Files - GMER 1.0.15 ---- File C:\Documents and Settings\Szymon\Ustawienia lokalne\temp\fla899.tmp 8974583 bytes File C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Profile 1\Cache\f_000c0c 48327 bytes File C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Profile 1\Cache\f_000c0d 38109 bytes ---- EOF - GMER 1.0.15 ----

**Posty:** 18165 · przez **wojtas** 10 Sie 2012, 15:17

brakuje drugiego logu z OTL : OTL.txt

Ask Toolbar odinstaluj tego śmiecia

Użyj AdwCleaner i kliknij w nim Delete (w przypadku Visty/Windows7 uruchom z prawokliku jako Administrator)
Pokaż raport z niego oraz czekamy na log

**Posty:** 177 · przez **roonnii** 10 Sie 2012, 22:13

Kod: Zaznacz wszystko: # AdwCleaner v1.500 - Logfile created 08/10/2012 at 21:58:59 # Updated 23/02/2012 by Xplode # Operating system : Microsoft Windows XP Dodatek Service Pack 3 (32 bits) # User : Szymon - PRIVATE-OH4VE3H # Running from : C:\Documents and Settings\Szymon\Moje dokumenty\Downloads\adwcleaner.exe # Option [Delete] ***** [Services] ***** ***** [Files / Folders] ***** ***** [H. Navipromo] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D5E2D34-BED5-4B9F-9793-A31E26E6806E} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}] ***** [Internet Browsers] ***** -\\ Internet Explorer v6.0.2900.5512 [OK] Registry is clean. -\\ Mozilla Firefox v4.0.1 (pl) Profile : tklucyve.Domyślny użytkownik File : C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\Firefox\Profiles\tklucyve.Domyślny użytkownik\prefs.js [OK] File is clean. Profile : wismkzo0.default File : C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\Firefox\Profiles\wismkzo0.default\prefs.js [OK] File is clean. -\\ Opera v12.1.1532.0 File : C:\Documents and Settings\Szymon\Dane aplikacji\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[S1].txt - [25727 octets] - [04/03/2012 14:48:51] AdwCleaner[S2].txt - [1461 octets] - [10/08/2012 21:58:59] ########## EOF - C:\AdwCleaner[S2].txt - [1589 octets] ##########

Dodano 10.08.2012 21:14:47:

Kod: Zaznacz wszystko: OTL logfile created on: 2012-08-10 00:49:42 - Run 4 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 1023,48 Mb Total Physical Memory | 382,48 Mb Available Physical Memory | 37,37% Memory free 2,40 Gb Paging File | 1,54 Gb Available in Paging File | 63,99% Paging File free Paging file location(s): C:\pagefile.sys 1536 3072 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 94,18 Gb Total Space | 48,76 Gb Free Space | 51,77% Space Free | Partition Type: NTFS Drive D: | 54,86 Gb Total Space | 51,22 Gb Free Space | 93,37% Space Free | Partition Type: NTFS Drive I: | 1397,26 Gb Total Space | 125,43 Gb Free Space | 8,98% Space Free | Partition Type: NTFS Computer Name: PRIVATE-OH4VE3H | User Name: Szymon | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-08-10 00:03:21 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\OTL.exe PRC - [2012-08-09 23:49:02 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe PRC - [2012-08-07 07:25:12 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012-08-07 07:25:02 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe PRC - [2012-08-07 07:25:02 | 000,960,440 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe PRC - [2012-07-03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012-07-03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2012-06-07 10:14:45 | 001,239,576 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe PRC - [2012-02-10 06:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2011-12-23 00:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe PRC - [2011-12-23 00:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe PRC - [2011-12-21 16:40:56 | 000,578,264 | ---- | M] (Pandora.TV) -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe PRC - [2011-04-01 07:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe PRC - [2011-02-18 16:02:44 | 000,841,544 | ---- | M] (BinarySense, Inc.) -- C:\Program Files\Common Files\BinarySense\hldasvc.exe PRC - [2010-12-08 15:31:06 | 000,628,736 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe PRC - [2010-11-16 15:48:32 | 000,152,576 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2010-06-07 12:15:42 | 000,618,496 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe PRC - [2009-10-27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2009-10-27 10:13:44 | 000,090,112 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe PRC - [2009-09-08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe PRC - [2008-09-05 11:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe PRC - [2008-04-24 13:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe PRC - [2008-04-14 22:51:18 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2004-12-22 11:09:44 | 000,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-08-09 23:49:02 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy\1m669oog.exe MOD - [2012-08-09 23:07:17 | 000,115,137 | ---- | M] () -- C:\Documents and Settings\Szymon\Ustawienia lokalne\temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll MOD - [2012-08-09 10:10:14 | 001,793,024 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12080900\algo.dll MOD - [2012-08-07 07:25:12 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012-06-07 10:14:43 | 000,441,880 | ---- | M] () -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll MOD - [2012-06-07 10:14:42 | 003,922,456 | ---- | M] () -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.56\pdf.dll MOD - [2012-06-07 10:13:27 | 000,553,496 | ---- | M] () -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.56\libglesv2.dll MOD - [2012-06-07 10:13:26 | 000,117,784 | ---- | M] () -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.56\libegl.dll MOD - [2012-06-07 10:13:16 | 000,134,696 | ---- | M] () -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.56\avutil-51.dll MOD - [2012-06-07 10:13:15 | 000,250,408 | ---- | M] () -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.56\avformat-54.dll MOD - [2012-06-07 10:13:14 | 002,375,720 | ---- | M] () -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll MOD - [2012-06-07 09:23:19 | 009,252,040 | ---- | M] () -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\19.0.1084.56\gcswf32.dll MOD - [2012-02-19 02:30:31 | 017,632,256 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3989b4ca6cf904061992daec9e7d5644\PresentationFramework.ni.dll MOD - [2012-02-19 02:29:33 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\0b4eef4cf57751f56d89ff0314ee06b0\PresentationFramework.Luna.ni.dll MOD - [2011-12-23 16:15:24 | 000,023,176 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll MOD - [2011-12-23 00:08:36 | 000,093,832 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll MOD - [2011-12-23 00:08:36 | 000,064,648 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll MOD - [2011-12-23 00:08:30 | 000,245,896 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll MOD - [2011-12-23 00:08:30 | 000,114,312 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll MOD - [2011-12-23 00:08:30 | 000,069,768 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll MOD - [2011-12-23 00:08:28 | 000,051,848 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll MOD - [2011-12-06 16:19:48 | 002,090,496 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll MOD - [2011-12-06 16:19:48 | 001,269,760 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avformat-53.dll MOD - [2011-12-06 16:19:48 | 000,133,632 | ---- | M] () -- C:\Program Files\PANDORA.TV\PanService\avutil-51.dll MOD - [2010-11-27 10:16:01 | 001,159,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\6a6f4be744ed5bc5273cbcf0fcf303e3\System.Management.ni.dll MOD - [2010-11-27 10:13:09 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\6e7f1bdc845816dfc797f8002b76b5e8\System.ServiceProcess.ni.dll MOD - [2010-11-27 10:13:01 | 011,912,704 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web\a70842538614699d690561ef5f43598b\System.Web.ni.dll MOD - [2010-11-27 10:12:47 | 000,767,488 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\dc1f0dbf1d3ba856eccec90b62b55d79\System.Runtime.Remoting.ni.dll MOD - [2010-11-27 10:11:48 | 001,776,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\035910922f160d304fb834aae41f45a6\System.Xaml.ni.dll MOD - [2010-11-27 01:56:42 | 011,057,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\3963e9ce8d44f50e8367e92a8e3e42e6\PresentationCore.ni.dll MOD - [2010-11-27 01:56:21 | 013,006,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\17e020ae92d7fab33bcc1c98b25019d0\System.Windows.Forms.ni.dll MOD - [2010-11-27 01:55:49 | 003,779,072 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\d17606e813f01376bd0def23726ecc62\WindowsBase.ni.dll MOD - [2010-11-27 01:55:41 | 001,651,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\dd57bc19f5807c6dbe8f88d4a23277f6\System.Drawing.ni.dll MOD - [2010-11-27 01:55:33 | 005,571,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\e997d0200c25f7db6bd32313d50b729d\System.Xml.ni.dll MOD - [2010-11-27 01:55:26 | 000,973,312 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\ac18c2dcd06bd2a0589bac94ccae5716\System.Configuration.ni.dll MOD - [2010-11-27 01:55:21 | 007,025,664 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\713647b987b140a17e3c4ffe4c721f85\System.Core.ni.dll MOD - [2010-11-27 01:55:05 | 009,000,960 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\964da027ebca3b263a05cadb8eaa20a3\System.ni.dll MOD - [2010-11-27 01:54:45 | 014,415,872 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\246f1a5abb686b9dcdf22d3505b08cea\mscorlib.ni.dll MOD - [2010-06-07 12:15:42 | 000,618,496 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe MOD - [2010-03-09 04:55:56 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2009-09-11 09:47:48 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\sst3cl3.dll MOD - [2009-02-27 20:04:20 | 000,311,296 | ---- | M] () -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.POL MOD - [2008-11-25 18:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll MOD - [2008-04-14 22:50:38 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2007-09-20 19:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll MOD - [2004-10-05 04:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-07-03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012-02-10 06:10:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011-12-23 00:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent) SRV - [2011-12-23 00:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent) SRV - [2011-12-21 16:40:56 | 000,578,264 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files\PANDORA.TV\PanService\PandoraService.exe -- (PanService) SRV - [2011-04-22 14:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Stopped] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011-04-01 07:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011-02-18 16:02:44 | 000,841,544 | ---- | M] (BinarySense, Inc.) [Auto | Running] -- C:\Program Files\Common Files\BinarySense\hldasvc.exe -- (HDDlife HDD Access service) SRV - [2010-12-08 15:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2009-09-08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8) SRV - [2008-09-05 11:23:20 | 000,075,040 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\Ralink\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter) SRV - [2008-04-24 13:40:56 | 002,562,048 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\system32\hasplms.exe -- (hasplms) SRV - [2001-10-26 19:30:00 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw) DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Szymon\USTAWI~1\Temp\fgqdikoc.sys -- (fgqdikoc) DRV - [2012-07-03 18:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012-07-03 18:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012-07-03 18:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012-07-03 18:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012-07-03 18:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012-07-03 18:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012-07-03 18:21:53 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012-07-03 18:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2012-05-23 18:49:30 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv) DRV - [2012-05-21 04:09:00 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudmdm.sys -- (ssudmdm) DRV - [2012-05-21 04:09:00 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssudbus.sys -- (dg_ssudbus) DRV - [2012-02-12 04:32:56 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2011-12-23 00:09:40 | 000,185,864 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK) DRV - [2011-12-23 00:09:38 | 000,043,784 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON) DRV - [2011-12-23 00:09:32 | 000,016,008 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS) DRV - [2011-12-23 00:09:30 | 000,050,312 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP) DRV - [2011-04-01 07:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) DRV - [2011-04-01 07:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS) DRV - [2010-07-30 15:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2010-07-30 15:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2010-07-30 15:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2010-07-30 15:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2010-07-26 20:37:17 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt) DRV - [2010-07-09 14:18:56 | 000,020,328 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134) DRV - [2010-03-09 04:52:45 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010-01-04 20:48:09 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2010-01-04 20:48:09 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009-08-05 21:37:48 | 000,094,208 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ezplay.sys -- (ezplay) DRV - [2009-07-23 21:05:37 | 000,008,368 | ---- | M] (Alexey V.Voronin @ Hexy) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AMD64CAx86.sys -- (AMD64CA) DRV - [2009-03-04 18:30:14 | 000,709,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt2870.sys -- (rt2870) DRV - [2009-02-20 19:09:16 | 000,044,032 | R--- | M] (Siemens Home and Office Communication Devices GmbH & Co. KG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GigasetGenericUSB.sys -- (GigasetGenericUSB) DRV - [2008-08-26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008-08-07 15:42:36 | 000,016,512 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RAPIProtocol.sys -- (RAPIProtocol) DRV - [2008-07-07 09:40:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2008-03-18 16:09:16 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge) DRV - [2008-02-11 16:55:04 | 000,586,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2008-01-09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007-11-02 12:47:38 | 000,109,992 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916mdm.sys -- (s916mdm) DRV - [2007-11-02 12:47:38 | 000,103,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916mgmt.sys -- (s916mgmt) DRV - [2007-11-02 12:47:38 | 000,100,008 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916obex.sys -- (s916obex) DRV - [2007-11-02 12:47:38 | 000,083,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916bus.sys -- (s916bus) DRV - [2007-11-02 12:47:38 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s916mdfl.sys -- (s916mdfl) DRV - [2007-07-15 03:37:04 | 000,027,992 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\pstrip.sys -- (PStrip) DRV - [2007-05-31 09:32:34 | 000,099,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V0420Vid.sys -- (V0420VID) DRV - [2007-03-16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007-03-16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2007-02-16 02:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL) DRV - [2006-11-20 09:48:40 | 000,506,112 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207) DRV - [2006-11-02 08:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB) DRV - [2006-09-28 14:10:52 | 000,011,648 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2006-09-28 14:10:52 | 000,011,648 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gggen.sys -- (gggen) DRV - [2006-07-24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2006-07-01 23:32:26 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8) DRV - [2005-11-07 18:38:18 | 008,718,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) DRV - [2005-05-17 11:45:08 | 000,092,800 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata) DRV - [2005-04-05 21:22:30 | 000,012,928 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus) DRV - [2005-04-05 21:22:28 | 000,033,536 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD) DRV - [2005-02-11 10:24:24 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex) DRV - [2005-02-11 10:22:48 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt) DRV - [2005-02-11 10:21:10 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm) DRV - [2005-02-11 10:21:02 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl) DRV - [2005-02-11 10:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) DRV - [2004-12-22 11:07:12 | 002,304,320 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) DRV - [2004-09-21 01:09:10 | 000,186,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv) DRV - [2002-09-16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv) DRV - [2001-10-26 01:40:02 | 000,031,776 | ---- | M] (Alfa Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AFPAnsi.sys -- (AFPAnsi) DRV - [2001-08-17 22:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Default_Page_URL = IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Search Page = IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7 IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1275210071-789336058-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultthis.engineName: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "ACPro" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: false FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll File not found FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2011-01-18 20:28:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-07-08 09:55:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-06-27 19:35:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012-05-28 05:24:12 | 000,000,000 | ---D | M] [2008-10-09 19:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\Extensions [2008-10-09 19:11:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\Extensions\home2@tomtom.com [2010-12-10 21:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\Firefox\Profiles\tklucyve.Domyślny użytkownik\extensions [2010-12-10 21:27:14 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\Firefox\Profiles\tklucyve.Domyślny użytkownik\extensions\support@predictad.com [2012-07-03 23:23:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\Firefox\Profiles\wismkzo0.default\extensions [2012-04-09 19:35:42 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\Firefox\Profiles\wismkzo0.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2009-04-18 22:13:34 | 000,000,000 | ---D | M] (OggX (powered by TIME S.A.)) -- C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\Firefox\Profiles\wismkzo0.default\extensions\{eaf8a4ef-d221-45ca-9deb-d0934b45fa34} [2010-12-10 21:27:16 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Documents and Settings\Szymon\Dane aplikacji\Mozilla\Firefox\Profiles\wismkzo0.default\extensions\support@predictad.com [2012-03-13 19:46:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-01-24 20:11:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012-03-13 19:46:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012-04-09 19:35:42 | 000,377,600 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\SZYMON\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\WISMKZO0.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI [2012-03-13 19:46:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2011-06-27 19:35:18 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008-11-11 09:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll [2012-03-13 19:46:38 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010-07-12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-12-10 21:27:16 | 000,003,187 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\acpro.xml [2011-06-27 19:35:25 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2011-06-27 19:35:26 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2011-06-27 19:35:26 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2011-06-27 19:35:26 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2011-06-27 19:35:26 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2011-06-27 19:35:26 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2012-03-04 14:44:46 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-1275210071-789336058-839522115-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKU\S-1-5-21-1275210071-789336058-839522115-1003..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-1275210071-789336058-839522115-1003..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1275210071-789336058-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1275210071-789336058-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1275210071-789336058-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKU\S-1-5-21-1275210071-789336058-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1275210071-789336058-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1275210071-789336058-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Kolekcja wycinków HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Zaznaczanie HP Smart - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O15 - HKU\S-1-5-21-1275210071-789336058-839522115-1003\..Trusted Domains: ([]msn in Mój komputer) O15 - HKU\S-1-5-21-1275210071-789336058-839522115-1003\..Trusted Domains: aol.com ([objects] * is out of zone range - 5) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{660E5A30-1811-47E0-B71F-8396BAEED7D8}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\hddlife {BD758015-47D9-477A-8873-4B688A2BC0E2} - C:\Program Files\Common Files\BinarySense\hlAPP.dll (BinarySense, Inc.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008-02-29 11:01:25 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2011-09-12 21:16:05 | 000,162,314 | ---- | M] () - C:\AutoMapaSetupLog.txt -- [ NTFS ] O33 - MountPoints2\{450343f6-86d9-11e1-8cf1-000fea314897}\Shell\AutoRun\command - "" = E:\RunClubSanDisk.exe O33 - MountPoints2\{8c636813-54c1-11e0-8115-000fea314897}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012-08-09 22:48:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Szymon\Pulpit\Galaxy S III programy [2012-08-09 22:29:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Szymon\Recent [2012-07-22 17:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\AskToolbar [2010-06-21 11:24:50 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\Documents and Settings\All Users\Dane aplikacji\hpeF8.dll [2009-08-05 21:37:48 | 000,094,208 | ---- | C] (VSO Software) -- C:\Documents and Settings\Szymon\Dane aplikacji\ezplay.sys [2009-08-05 21:37:26 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Szymon\Dane aplikacji\pcouffin.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012-08-10 01:20:01 | 000,001,136 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-789336058-839522115-1003UA.job [2012-08-10 01:11:00 | 000,001,132 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-789336058-839522115-1008UA.job [2012-08-09 22:27:30 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job [2012-08-09 18:30:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-08-08 16:11:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-789336058-839522115-1008Core.job [2012-08-07 22:51:18 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-08-06 21:27:41 | 000,000,032 | ---- | M] () -- C:\WINDOWS\Menu.INI [2012-07-30 04:20:00 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1275210071-789336058-839522115-1003Core.job [2012-07-16 21:37:30 | 000,205,824 | ---- | M] () -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-07-02 23:32:04 | 000,365,744 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1275210071-789336058-839522115-1008-0.dat [2012-05-28 04:19:05 | 000,075,776 | ---- | C] () -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-05-27 22:08:43 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2012-05-22 23:15:26 | 000,167,360 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2012-02-19 03:04:45 | 000,043,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys [2012-01-24 00:59:16 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012-01-24 00:59:16 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012-01-24 00:59:16 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012-01-24 00:57:52 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012-01-03 09:28:06 | 002,570,286 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe [2011-12-05 21:31:32 | 000,484,656 | ---- | C] () -- C:\WINDOWS\ssndii.exe [2011-12-05 21:30:57 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\sst3cl3.dll [2011-07-14 23:13:54 | 000,981,372 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-S-1-5-21-1275210071-789336058-839522115-1003-0.dat [2011-07-14 23:13:52 | 000,313,522 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\WPFFontCache_v0400-System.dat [2011-06-07 11:13:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011-06-07 11:13:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011-06-07 11:13:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011-06-07 11:13:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011-06-07 11:13:38 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe [2011-05-26 23:43:50 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat [2011-05-26 23:40:19 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2011-05-14 22:55:03 | 000,000,037 | ---- | C] () -- C:\WINDOWS\Grappler.ini [2011-05-14 22:54:34 | 000,012,800 | ---- | C] () -- C:\WINDOWS\ioctrl.dll [2011-04-25 19:53:16 | 000,205,824 | ---- | C] () -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-04-12 22:33:45 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011-04-01 07:07:02 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll [2011-04-01 07:07:02 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe [2011-04-01 07:06:56 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll [2011-04-01 06:56:00 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2011-03-22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll [2011-02-02 22:53:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2011-02-02 22:49:22 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini [2011-02-02 22:49:21 | 000,000,871 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011-02-02 22:49:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2011-02-02 22:46:46 | 000,000,893 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2011-02-02 22:46:46 | 000,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2011-02-02 22:46:46 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf05a.dat [2011-02-02 22:44:57 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2010-11-27 02:22:31 | 000,000,139 | ---- | C] () -- C:\Documents and Settings\NetworkService\Ustawienia lokalne\Dane aplikacji\fusioncache.dat [2010-11-10 23:14:55 | 000,013,931 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat [2010-11-04 13:18:01 | 000,000,149 | ---- | C] () -- C:\WINDOWS\bg_info.ini [2010-09-25 14:11:02 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini [2010-09-15 18:39:38 | 000,055,936 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010-09-07 18:59:07 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI [2009-12-19 22:40:42 | 000,000,166 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\.zreglib [2009-12-19 22:19:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Szymon\Dane aplikacji\AVSMediaPlayer.m3u [2009-08-05 21:37:48 | 000,007,861 | ---- | C] () -- C:\Documents and Settings\Szymon\Dane aplikacji\ezplay.cat [2009-08-05 21:37:48 | 000,001,104 | ---- | C] () -- C:\Documents and Settings\Szymon\Dane aplikacji\ezplay.inf [2009-08-05 21:37:48 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Szymon\Dane aplikacji\ezplay.ini [2009-08-05 21:37:26 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Szymon\Dane aplikacji\inst.exe [2009-08-05 21:37:26 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Szymon\Dane aplikacji\pcouffin.cat [2009-08-05 21:37:26 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Szymon\Dane aplikacji\pcouffin.inf [2009-05-07 11:15:27 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Szymon\Dane aplikacji\PnkBstrK.sys [2008-11-01 22:08:14 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt [2008-04-26 20:23:11 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\ezsid.dat [color=#E56717]========== LOP Check ==========[/color] [2012-05-28 03:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\AVAST Software [2009-01-17 00:35:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Azureus [2012-04-10 13:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\boost_interprocess [2010-10-17 16:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Cached Installations [2011-07-06 19:23:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ClubSanDisk [2010-10-15 20:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Codemasters [2010-02-08 21:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DAEMON Tools Lite [2010-10-15 22:36:49 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Dane aplikacji\DSS [2012-05-27 22:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ESET [2010-05-17 18:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gadu-Gadu 10 [2010-10-17 16:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Gigaset QuickSync [2011-01-18 20:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Installations [2008-10-06 16:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ipla [2009-11-11 14:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Kazaa Lite [2008-10-24 01:15:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Nokia [2008-03-31 21:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\PC Suite [2010-11-10 23:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ralink Driver [2012-07-02 22:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Samsung [2011-10-16 19:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\ScanSoft [2009-12-19 22:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\SlySoft [2009-05-27 21:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Tages [2012-08-09 18:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TEMP [2008-10-09 19:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\TomTom [2010-12-12 14:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Dane aplikacji\Ubisoft [2012-06-04 21:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Dane aplikacji\Samsung [2012-06-04 22:32:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Dane aplikacji\Samsung [2012-07-02 21:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pusty\Dane aplikacji\Opera [2012-07-03 16:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pusty\Dane aplikacji\PC Suite [2012-07-03 16:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pusty\Dane aplikacji\Samsung [2012-06-26 20:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\abgx360 [2011-03-10 20:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\AliceHilfe [2009-05-27 21:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Atari [2010-05-12 23:48:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\AutoUpdate [2010-05-01 05:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Azureus [2009-12-02 20:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\BearShareTb [2010-02-20 00:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\BESTplayer [2012-03-04 00:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\BinarySense [2009-02-21 18:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Bioshock [2010-08-15 11:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Bioshock2 [2010-10-23 01:23:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\ChomikBox [2008-03-24 16:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\DAEMON Tools [2010-02-08 21:56:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\DAEMON Tools Lite [2008-04-08 19:00:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\DAEMON Tools Pro [2010-05-01 01:51:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Desktopicon [2009-11-19 18:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\DonationCoder [2012-07-14 19:54:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Dropbox [2012-07-02 22:10:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Eltima Software [2010-09-04 23:52:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\ESET [2010-10-28 22:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\FreeAudioPack [2011-01-21 13:41:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\FreeCDRipper [2010-06-15 18:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Gadu-Gadu 10 [2008-03-03 11:45:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\gnupg [2010-10-27 23:34:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\ImgBurn [2008-10-06 16:35:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\ipla [2010-06-12 14:00:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Kamerzysta [2011-07-01 20:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\kikin [2008-12-03 01:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Leadertech [2010-06-21 22:51:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\MyPhoneExplorer [2011-01-18 20:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Nokia [2008-11-11 21:42:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Nokia Multimedia Player [2009-05-16 22:58:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Nowe Gadu-Gadu [2008-11-08 15:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\NSeries [2009-01-26 19:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\OpenOffice.org [2011-04-15 21:40:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Opera [2011-07-01 22:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\PC Suite [2012-06-13 18:53:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Samsung [2010-10-28 22:43:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Softplicity [2012-04-06 15:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\TeamViewer [2010-10-27 22:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Thinstall [2008-10-09 19:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\TomTom [2008-11-22 23:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\TrueCrypt [2010-05-17 17:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Ubisoft [2012-08-10 00:45:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\uTorrent [2009-12-23 12:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\Vso [2011-05-15 10:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\WebCam Recorder [2010-01-22 12:55:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Szymon\Dane aplikacji\XemiComputers [2012-08-09 22:27:30 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2BE9FEFC < End of report >

**Posty:** 18165 · przez **wojtas** 11 Sie 2012, 15:08

Ask Toolbar odinstalowany?

W logach nic takiego nie ma...

Uruchom OTL i w sekcji własne opcje skanowania / skrypt wklej:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | Disabled | Stopped] -- System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Szymon\USTAWI~1\Temp\fgqdikoc.sys -- (fgqdikoc)
IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=tb50TB50CLie7
IE - HKU\S-1-5-21-1275210071-789336058-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
O4 - HKLM..\Run: [] File not found
[2012-07-22 17:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\AskToolbar
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2BE9FEFC

:Commands
[emptytemp]

Kliknij wykonaj skrypt. I potwierdź reset komputera .

Następnie uruchamiasz OTL z opcją skanuj. Pokazujesz nowy log OTL.txt oraz raport z czyszczenia (zawartość notatnika, która otworzy się po restarcie).

**Posty:** 177 · przez **roonnii** 14 Sie 2012, 19:33

raport

Kod: Zaznacz wszystko: All processes killed ========== OTL ========== Service wanatw stopped successfully! Service wanatw deleted successfully! File system32\DRIVERS\wanatw4.sys not found. Service sptd stopped successfully! Service sptd deleted successfully! File System32\Drivers\sptd.sys not found. Error: No service named fgqdikoc was found to stop! Service\Driver key fgqdikoc not found. File C:\DOCUME~1\Szymon\USTAWI~1\Temp\fgqdikoc.sys not found. Registry key HKEY_USERS\S-1-5-21-1275210071-789336058-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found. Registry key HKEY_USERS\S-1-5-21-1275210071-789336058-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found. Folder C:\Documents and Settings\Szymon\Ustawienia lokalne\Dane aplikacji\AskToolbar\ not found. ADS C:\Documents and Settings\All Users\Dane aplikacji\TEMP:2BE9FEFC deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temp folder emptied: 65984 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 718301 bytes User: Pusty ->Temp folder emptied: 145494280 bytes ->Temporary Internet Files folder emptied: 2955632 bytes ->Java cache emptied: 22499 bytes ->Google Chrome cache emptied: 390666782 bytes ->Opera cache emptied: 51650968 bytes ->Flash cache emptied: 4828 bytes User: Szymon ->Temp folder emptied: 5050329 bytes ->Temporary Internet Files folder emptied: 564831 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 48970446 bytes ->Apple Safari cache emptied: 0 bytes ->Opera cache emptied: 0 bytes ->Flash cache emptied: 4326 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 98304 bytes RecycleBin emptied: 736638449 bytes Total Files Cleaned = 1 319,00 mb OTL by OldTimer - Version 3.2.56.0 log created on 08142012_192645 Files\Folders moved on Reboot... File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. File move failed. C:\WINDOWS\temp\hlktmp scheduled to be moved on reboot. PendingFileRenameOperations files... [2012-08-14 19:29:35 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5 [2012-08-14 19:29:15 | 008,405,015 | ---- | M] () C:\WINDOWS\temp\hlktmp : Unable to obtain MD5 Registry entries deleted on Reboot...

**Posty:** 18165 · przez **wojtas** 15 Sie 2012, 14:09

więcej nic nie ma

*Uruchom OTL z opcji sprzątanie.
* wykonaj optymalizację Windowsa ( instrukcja dla Windowsa XP, lecz w innych systemach jest podobnie )
* zrób pełny skan Malwarebytes Anti-Malware (zaktualizuj, gdy coś znajdzie pokaż raport, i usuń wszystko za pomocą tego programu )
* Skasuj stan przywracania systemu