) jest wolniejszy niz zx spectrumNie wiem czy od razu nie robic reinstalki na jakas lajtowa wersje xp czy moze jakis syf siedzi
OTL
- Kod: Zaznacz wszystko
OTL logfile created on: 2012-12-27 16:29:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ela\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1013,87 Mb Total Physical Memory | 374,31 Mb Available Physical Memory | 36,92% Memory free
3,87 Gb Paging File | 3,28 Gb Available in Paging File | 84,71% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 107,60 Gb Free Space | 77,39% Space Free | Partition Type: NTFS
Drive D: | 4,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 29,80 Gb Total Space | 4,84 Gb Free Space | 16,25% Space Free | Partition Type: FAT32
Computer Name: ELAG | User Name: Ela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012-12-27 16:05:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ela\Pulpit\OTL.exe
PRC - [2012-12-27 16:05:10 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe
PRC - [2012-12-27 15:55:08 | 000,879,080 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012-07-18 16:24:37 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIGGE.EXE
PRC - [2012-07-03 17:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2012-07-03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009-03-16 15:46:56 | 000,036,864 | ---- | M] () -- C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
PRC - [2009-02-05 07:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2008-12-30 08:09:54 | 000,875,016 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008-07-29 19:29:26 | 000,200,704 | ---- | M] () -- C:\WINDOWS\PLFSetI.exe
PRC - [2008-04-18 06:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008-04-15 13:00:00 | 001,035,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2012-12-27 16:05:10 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe
MOD - [2012-12-27 15:55:35 | 000,057,344 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstautodetect.dll
MOD - [2012-12-27 15:55:35 | 000,038,912 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwaveform.dll
MOD - [2012-12-27 15:55:34 | 000,312,832 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstoggdec.dll
MOD - [2012-12-27 15:55:34 | 000,158,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstffmpegcolorspace.dll
MOD - [2012-12-27 15:55:34 | 000,101,888 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwebmdec.dll
MOD - [2012-12-27 15:55:34 | 000,073,728 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstwavparse.dll
MOD - [2012-12-27 15:55:33 | 000,096,256 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstcoreplugins.dll
MOD - [2012-12-27 15:55:33 | 000,094,208 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioresample.dll
MOD - [2012-12-27 15:55:33 | 000,093,696 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstaudioconvert.dll
MOD - [2012-12-27 15:55:33 | 000,067,072 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdirectsound.dll
MOD - [2012-12-27 15:55:33 | 000,062,976 | ---- | M] () -- C:\Program Files\Opera\gstreamer\plugins\gstdecodebin2.dll
MOD - [2012-12-27 15:55:32 | 000,835,584 | ---- | M] () -- C:\Program Files\Opera\gstreamer\gstreamer.dll
MOD - [2012-12-27 12:28:26 | 002,041,856 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12122701\algo.dll
MOD - [2012-12-19 08:57:08 | 002,040,832 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12121900\algo.dll
MOD - [2012-12-17 18:07:13 | 014,586,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2009-03-16 15:46:56 | 000,036,864 | ---- | M] () -- C:\WINDOWS\WebCam\M3000\M3000Mnt.exe
MOD - [2008-07-29 19:29:26 | 000,200,704 | ---- | M] () -- C:\WINDOWS\PLFSetI.exe
MOD - [2008-04-15 13:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2003-06-07 06:30:08 | 000,057,344 | ---- | M] () -- C:\Program Files\Launch Manager\PowerUtl.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - File not found [Disabled | Unknown] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012-12-17 18:07:16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012-07-03 17:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010-01-29 20:34:02 | 000,058,720 | ---- | M] () [Auto | Stopped] -- C:\Documents and Settings\All Users\Dane aplikacji\Zwunzi\zwunzi141.exe -- (Zwunzi Service)
SRV - [2009-02-05 07:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008-04-18 06:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts5161ccid.sys -- (USBCCID)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\Ela\USTAWI~1\Temp\ugldapod.sys -- (ugldapod)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (Rts516xIR)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012-07-03 17:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012-07-03 17:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012-07-03 17:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012-07-03 17:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012-07-03 17:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012-07-03 17:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012-07-03 17:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012-03-13 07:03:34 | 000,144,408 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\zgdcnet.sys -- (zgdcnet)
DRV - [2012-03-13 07:03:34 | 000,114,456 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\zgdcnmea.sys -- (zgdcnmea)
DRV - [2012-03-13 07:03:34 | 000,114,456 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\zgdcmdm.sys -- (zgdcmdm)
DRV - [2012-03-13 07:03:32 | 000,114,456 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\zgdcdiag.sys -- (zgdcdiag)
DRV - [2012-03-13 07:03:32 | 000,114,456 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\zgdcat.sys -- (zgdcat)
DRV - [2012-03-13 07:03:32 | 000,015,896 | ---- | M] (HandSet Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\massfilter_LTE.sys -- (massfilter_lte)
DRV - [2009-11-13 09:43:50 | 000,049,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c)
DRV - [2009-08-31 11:18:16 | 005,891,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009-06-22 05:59:26 | 001,574,112 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\athw.sys -- (AR5416)
DRV - [2009-05-11 06:01:30 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2009-04-15 11:13:34 | 000,991,136 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2009-03-24 03:15:14 | 000,145,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\M3000KNT.sys -- (M3000Srv)
DRV - [2009-02-20 09:53:18 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009-02-18 10:46:56 | 000,534,312 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2009-02-03 07:42:30 | 000,162,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2008-10-30 22:19:14 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008-08-05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008-02-18 09:14:38 | 000,106,624 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Gt51Ip.sys -- (GT72NDISIPXP)
DRV - [2008-02-08 05:00:22 | 000,059,648 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gt72ubus.sys -- (GT72UBUS)
DRV - [2007-03-30 05:38:14 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER)
DRV - [2006-11-02 14:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006-01-04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_one&r=0xph01107065l0374wuh5w68n2475s
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_one&r=0xph01107065l0374wuh5w68n2475s
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_one&r=0xph01107065l0374wuh5w68n2475s
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.onet.pl/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0415&m=aspire_one&r=0xph01107065l0374wuh5w68n2475s
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_plPL363
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
[color=#E56717]========== Chrome ==========[/color]
CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U16 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: avast! WebRep = C:\Documents and Settings\Ela\Ustawienia lokalne\Dane aplikacji\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
O1 HOSTS File: ([2008-04-15 13:00:00 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [M3000Mnt] Rundll32.exe M3000Rmv.dll ,WinMainRmv /StartStillMnt File not found
O4 - HKLM..\Run: [PLFSetI] C:\WINDOWS\PLFSetI.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Wyślij do interfejsu Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Wyślij do urządzenia &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1263928403046 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A173DF04-3E7D-4792-AC9D-2919024EEDF1}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7921887-451A-45F9-BCEB-6AC5B57FDE98}: NameServer = 212.2.96.53 212.2.96.54
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ela\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ela\Dane aplikacji\IrfanView\IrfanView_Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-09-24 16:11:05 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012-03-28 09:32:08 | 000,179,736 | R--- | M] (ZTE Corporation) - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2012-03-28 09:32:09 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2012-03-28 09:32:09 | 000,001,272 | R--- | M] () - D:\Autorun.xml -- [ CDFS ]
O32 - AutoRun File - [2012-11-26 14:28:18 | 000,000,000 | ---D | M] - H:\AUTO -- [ FAT32 ]
O33 - MountPoints2\{27108d02-47f5-11e1-8662-00f1d000f1d0}\Shell - "" = Autorun
O33 - MountPoints2\{27108d02-47f5-11e1-8662-00f1d000f1d0}\Shell\AutoRun\command - "" = D:\Install_Nokia_Ovi_Suite.exe
O33 - MountPoints2\{2ee8f1ee-286d-11df-8282-00f1d000f1d0}\Shell\AutoRun\command - "" = s1.exe
O33 - MountPoints2\{2ee8f1ee-286d-11df-8282-00f1d000f1d0}\Shell\open\Command - "" = s1.exe
O33 - MountPoints2\{74613960-c0d5-11df-83fd-00f1d000f1d0}\Shell\AutoRun\command - "" = awb3ryk.exe
O33 - MountPoints2\{74613960-c0d5-11df-83fd-00f1d000f1d0}\Shell\open\Command - "" = awb3ryk.exe
O33 - MountPoints2\{ca230a26-4463-11e2-8786-00f1d000f1d0}\Shell - "" = AutoRun
O33 - MountPoints2\{ca230a26-4463-11e2-8786-00f1d000f1d0}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2012-03-28 09:32:08 | 000,179,736 | R--- | M] (ZTE Corporation)
O33 - MountPoints2\{d46ec67e-6e64-11df-830f-00f1d000f1d0}\Shell - "" = AutoRun
O33 - MountPoints2\{d46ec67e-6e64-11df-830f-00f1d000f1d0}\Shell\AutoRun\command - "" = D:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012-12-27 16:14:16 | 000,412,080 | ---- | C] (OpenInstall ) -- C:\Documents and Settings\Ela\Pulpit\Connectify.exe
[2012-12-27 16:05:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ela\Pulpit\OTL.exe
[2012-12-12 14:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ela\Dane aplikacji\Plus Internet
[2012-12-12 14:58:53 | 000,144,408 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zgdcnet.sys
[2012-12-12 14:58:53 | 000,114,456 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zgdcvousb.sys
[2012-12-12 14:58:53 | 000,114,456 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zgdcnmea.sys
[2012-12-12 14:58:53 | 000,114,456 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zgdcmdm.sys
[2012-12-12 14:58:53 | 000,114,456 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zgdcdiag.sys
[2012-12-12 14:58:53 | 000,114,456 | ---- | C] (ZTE Incorporated) -- C:\WINDOWS\System32\drivers\zgdcat.sys
[2012-12-12 14:58:53 | 000,015,896 | ---- | C] (HandSet Incorporated) -- C:\WINDOWS\System32\drivers\massfilter_LTE.sys
[2012-12-12 14:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Plus Internet
[2012-12-12 14:58:49 | 000,000,000 | ---D | C] -- C:\Program Files\Plus Internet
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012-12-27 16:26:38 | 003,944,814 | ---- | M] () -- C:\Documents and Settings\Ela\Pulpit\ccsetup326.zip
[2012-12-27 16:14:16 | 000,412,080 | ---- | M] (OpenInstall ) -- C:\Documents and Settings\Ela\Pulpit\Connectify.exe
[2012-12-27 16:06:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012-12-27 16:05:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ela\Pulpit\OTL.exe
[2012-12-27 16:05:10 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe
[2012-12-27 15:55:02 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012-12-27 15:54:36 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2012-12-27 15:35:53 | 000,000,548 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Plus.lnk
[2012-12-27 15:32:43 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012-12-27 15:31:24 | 000,001,032 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012-12-27 15:31:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012-12-27 15:31:14 | 1063,194,624 | -HS- | M] () -- C:\hiberfil.sys
[2012-12-27 15:02:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012-12-17 18:07:14 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012-12-17 18:07:14 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012-12-12 14:58:51 | 000,000,746 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Plus Internet.lnk
[2012-11-30 13:47:02 | 004,676,295 | ---- | M] () -- C:\Documents and Settings\Ela\Pulpit\fakty referendalne.pdf
[2012-11-28 08:19:37 | 000,258,212 | ---- | M] () -- C:\Documents and Settings\Ela\Pulpit\pierwsze dzielo Iwa.jpg
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012-12-27 16:26:38 | 003,944,814 | ---- | C] () -- C:\Documents and Settings\Ela\Pulpit\ccsetup326.zip
[2012-12-27 16:05:10 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe
[2012-12-27 15:35:53 | 000,000,548 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Plus.lnk
[2012-12-12 14:58:51 | 000,000,746 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Plus Internet.lnk
[2012-11-30 13:47:02 | 004,676,295 | ---- | C] () -- C:\Documents and Settings\Ela\Pulpit\fakty referendalne.pdf
[2012-11-28 08:19:34 | 000,258,212 | ---- | C] () -- C:\Documents and Settings\Ela\Pulpit\pierwsze dzielo Iwa.jpg
[2011-03-06 10:25:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010-03-16 15:13:13 | 000,013,312 | ---- | C] () -- C:\Documents and Settings\Ela\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-02-10 16:40:25 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Ela\Dane aplikacji\wklnhst.dat
[2010-01-20 00:21:29 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Ela\Ustawienia lokalne\Dane aplikacji\fusioncache.dat
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009-09-24 16:15:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009-04-29 05:35:21 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009-02-09 11:53:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008-04-15 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\TEMP:94213A87
< End of report >
EXTRAS
- Kod: Zaznacz wszystko
OTL Extras logfile created on: 2012-12-27 16:29:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Ela\Pulpit
Windows XP Home Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd
1013,87 Mb Total Physical Memory | 374,31 Mb Available Physical Memory | 36,92% Memory free
3,87 Gb Paging File | 3,28 Gb Available in Paging File | 84,71% Paging File free
Paging file location(s): C:\pagefile.sys 3048 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139,04 Gb Total Space | 107,60 Gb Free Space | 77,39% Space Free | Partition Type: NTFS
Drive D: | 4,63 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 29,80 Gb Total Space | 4,84 Gb Free Space | 16,25% Space Free | Partition Type: FAT32
Computer Name: ELAG | User Name: Ela | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[color=#E56717]========== System Restore Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
[color=#E56717]========== Authorized Applications List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Acer\Acer VCM\VC.exe" = C:\Program Files\Acer\Acer VCM\VC.exe:*:Enabled:Acer Video Quality Enhancement -- (Acer Incoporated)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}" = ZTE LTE Device USB Driver
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Narzędzie do przekazywania usługi Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2A5FBE73-76DA-4A31-BD86-1B0E01DC33F8}" = Windows Live Messenger
"{2AFF2951-86B1-3C53-B34D-B440F11E7D0A}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - PLK
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C9415-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{44E42AAA-432F-4E03-8D7D-C8DB4FEE526A}" = Microsoft Works
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{51958BA7-21E4-4A8B-9098-CD8375BD17B2}" = Asystent rejestracji usługi Windows Live
"{56A648C2-D185-46A9-BBFF-78AE7A503000}" = WebCam
"{5A0DDC27-88E5-3CAD-BC3D-28FFD05CA6B9}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - PLK
"{64CB2553-C109-4132-AA51-1F421B515FD1}" = Microsoft .NET Framework 1.1 Polish Language Pack
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11109097}" = Luxor - Amun Rising
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111940693}" = Bookworm Adventures
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11198580}" = Fizzball
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113644907}" = Gold Miner Vegas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113938743}" = Supercow
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115329757}" = Jewelleria
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FDC4F3F-1DD7-433E-841E-E20C294609B4}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0415-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Polish) 12
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0415-0000-0000000FF1CE}" = Pakiet zgodności dla systemu Office 2007
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Polish)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = USB2.0 Card Reader Software
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1045-7B44-A90000000001}" = Adobe Reader 9 - Polish
"{B6892A3F-51F5-4BA4-92E5-3F4A1A10720D}" = Podstawowe programy Windows Live
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF589477-3D27-4C6F-82A3-78547ACAC55D}" = Galeria fotografii usługi Windows Live
"{D2D3D146-67BC-43D0-9015-2E7BAC2E032B}" = OpenOffice.org 3.1
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DB4690C5-9015-401D-A96C-A49909B7C372}" = Poczta usługi Windows Live
"{DD49053A-0140-44EF-AE75-C4BC1FDB8286}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"4U Download YouTube Video_is1" = 4U Download YouTube Video (version 4.9.2)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audio Recorder for FREE_is1" = Audio Recorder for FREE 2009 v12.6.1
"avast" = avast! Free Antivirus
"EPSON Scanner" = EPSON Scan
"EPSON SX125 Series" = EPSON SX125 Series Printer Uninstall
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"iPlus_wygaszacz_2_is1" = iPlus_wygaszacz_2
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Opera 12.12.1707" = Opera 12.12
"Plus Internet_is1" = Plus Internet 2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.11
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Podstawowe programy Windows Live
"WinRAR archiver" = Archiwizator WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zwunzi" = Zwunzi 1.0 build 141
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 2012-07-29 15:37:59 | Computer Name = ELAG | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd iexplore.exe, wersja 8.0.6001.18702, moduł
powodujący błąd aswwebrepie.dll, wersja 7.0.1456.418, adres błędu 0x0004d9fb.
[ OSession Events ]
Error - 2010-03-16 15:04:15 | Computer Name = ELAG | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 22
seconds with 0 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 2012-12-19 16:57:22 | Computer Name = ELAG | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Zwunzi Service.
Error - 2012-12-22 08:18:04 | Computer Name = ELAG | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Zwunzi Service.
Error - 2012-12-22 08:19:07 | Computer Name = ELAG | Source = Windows Update Agent | ID = 16
Description = Nie można nawiązać połączenia: System Windows nie może połączyć się
z usługą aktualizacji automatycznych i dlatego nie można pobrać i zainstalować
aktualizacji zgodnie z ustalonym harmonogramem. System Windows będzie kontynuował
próby ustanowienia połączenia.
Error - 2012-12-24 05:05:35 | Computer Name = ELAG | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Zwunzi Service.
Error - 2012-12-24 06:05:58 | Computer Name = ELAG | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Zwunzi Service.
Error - 2012-12-24 06:46:14 | Computer Name = ELAG | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Zwunzi Service.
Error - 2012-12-27 10:02:48 | Computer Name = ELAG | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Zwunzi Service.
Error - 2012-12-27 10:03:52 | Computer Name = ELAG | Source = Windows Update Agent | ID = 16
Description = Nie można nawiązać połączenia: System Windows nie może połączyć się
z usługą aktualizacji automatycznych i dlatego nie można pobrać i zainstalować
aktualizacji zgodnie z ustalonym harmonogramem. System Windows będzie kontynuował
próby ustanowienia połączenia.
Error - 2012-12-27 10:23:28 | Computer Name = ELAG | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Zwunzi Service.
Error - 2012-12-27 10:31:29 | Computer Name = ELAG | Source = Service Control Manager | ID = 7009
Description = Limit czasu (30000 milisekund) podczas oczekiwania na połączenie się
z usługą Zwunzi Service.
< End of report >
GMER
- Kod: Zaznacz wszystko
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-27 17:10:55
Windows 5.1.2600 Dodatek Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.FB2O
Running: 98hjlyfk.exe; Driver: C:\DOCUME~1\Ela\USTAWI~1\Temp\ugldapod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xA05C4536]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xA066D7BA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xA05C4F52]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xA0604C31]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xA05CFD7A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xA05CFDC6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xA05CFF48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xA06045E5]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xA05CFCE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xA05CFE0A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xA05CFD30]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateThread [0xA05C5146]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xA05CFF02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDebugActiveProcess [0xA05C58CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xA05C4584]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xA06052F7]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xA06055AD]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xA05C8F36]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xA0605162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xA0604FCD]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xA066D89E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xA05C41EC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xA05C45D2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xA05C92A8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xA05C6292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xA05CFDA4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xA05CFDE8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xA05CFF6C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xA0604941]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xA05CFD0E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xA05C8AAC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xA05CFE8C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xA05CFD58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xA05C8CDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xA05CFF26]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xA066DA1E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xA0604E48]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xA05C615E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xA0604C9A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueueApcThread [0xA05C5D08]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xA0679338]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xA0603C58]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xA05C4620]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xA05C466E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetContextThread [0xA05C574A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xA05C4276]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xA05C4426]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xA06053FE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xA05C43CC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendProcess [0xA05C5A2C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSuspendThread [0xA05C5B88]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xA05C4496]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateProcess [0xA05C5468]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwTerminateThread [0xA05C55CA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xA05C46BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwWriteVirtualMemory [0xA05C4F96]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xA0685744]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 122 804E497C 4 Bytes CALL CCEEA67D
.text ntoskrnl.exe!ZwYieldExecution + 3C2 804E4C1C 12 Bytes [20, 46, 5C, A0, 6E, 46, 5C, ...]
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [2C, 5A, 5C, A0, 88, 5B, 5C, ...]
PAGE ntoskrnl.exe!ObInsertObject 8056DA64 5 Bytes JMP A06840FE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwReplyWaitReceivePortEx + 3CC 805766FB 4 Bytes CALL A05C6943 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8059056D 7 Bytes JMP A0685748 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 805E74E6 5 Bytes JMP A068261C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
.text win32k.sys!EngFreeUserMem + 674 BF809952 5 Bytes JMP A05CA8C0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C8AE 5 Bytes JMP A05CA7B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813941 5 Bytes JMP A05CA76A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 322E BF81E7C2 5 Bytes JMP A05C93FC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMulDiv + 4975 BF823E97 5 Bytes JMP A05C9E1C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 7AAB BF82BB0A 5 Bytes JMP A05C9538 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 2C80 BF83D688 5 Bytes JMP A05CAA2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + 4722 BF83F12A 5 Bytes JMP A05CAC32 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 105F1 BF85F745 5 Bytes JMP A05C9992 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 1067C BF85F7D0 5 Bytes JMP A05C9C58 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!FONTOBJ_pxoGetXform + 12296 BF8613EA 5 Bytes JMP A05CA670 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBlt + 35C1 BF8656FF 5 Bytes JMP A05CA7FA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF87CE9C 5 Bytes JMP A05C9A52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 411E BF87D9BF 5 Bytes JMP A05C9C12 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF89AC38 5 Bytes JMP A05C9EF6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGradientFill + 3AA1 BF89F596 5 Bytes JMP A05CA972 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngStretchBltROP + 43B1 BF8A3E9C 5 Bytes JMP A05C9E04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2E70 BF8AD34B 5 Bytes JMP A05C9EDE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToWideChar + 2F30 BF8AD40B 5 Bytes JMP A05C93E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 1093 BF8B91FD 5 Bytes JMP A05C95A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 7558 BF8BF6C2 5 Bytes JMP A05CAB90 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3E8 BF8C3233 3 Bytes JMP A05C96B8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAlphaBlend + 3EC BF8C3237 1 Byte [E0]
.text win32k.sys!EngFillPath + 1517 BF8EB872 5 Bytes JMP A05C9790 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1797 BF8EBAF2 5 Bytes JMP A05C98BC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + B241 BF8F559C 5 Bytes JMP A05C9E34 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bCloseFigure + 19EF BF8F9928 5 Bytes JMP A05C92DE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A0A BF9135D6 5 Bytes JMP A05C94D4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 25DE BF9141AA 5 Bytes JMP A05C9664 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 4F3D BF916B09 5 Bytes JMP A05C9D72 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 190E BF944A89 5 Bytes JMP A05CAAE8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\spoolsv.exe[152] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\spoolsv.exe[152] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[744] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\Explorer.EXE[744] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[744] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\Explorer.EXE[744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\Explorer.EXE[744] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\Explorer.EXE[744] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\Opera\opera.exe[852] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Opera\opera.exe[852] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Opera\opera.exe[852] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Opera\opera.exe[852] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Opera\opera.exe[852] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Opera\opera.exe[852] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Opera\opera.exe[852] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Opera\opera.exe[852] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Opera\opera.exe[852] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Opera\opera.exe[852] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Opera\opera.exe[852] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Opera\opera.exe[852] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Opera\opera.exe[852] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Opera\opera.exe[852] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Opera\opera.exe[852] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Opera\opera.exe[852] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Opera\opera.exe[852] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\System32\smss.exe[884] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1048] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\WINDOWS\system32\csrss.exe[1136] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\csrss.exe[1136] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1160] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\winlogon.exe[1160] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1204] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\services.exe[1204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1216] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\lsass.exe[1216] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009D1014
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009D0804
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009D0A08
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009D0C0C
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009D0E10
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009D01F8
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009D03FC
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009D0600
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 009E0804
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 009E0A08
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 009E0600
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 009E01F8
.text C:\Documents and Settings\Ela\Pulpit\98hjlyfk.exe[1332] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 009E03FC
.text C:\WINDOWS\system32\svchost.exe[1376] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1376] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1464] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\svchost.exe[1464] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe[1484] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1564] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1564] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1680] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1680] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Java\jre6\bin\jqs.exe[1728] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\Program Files\Acer\Acer VCM\RS_Service.exe[1792] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Acer\Acer VCM\RS_Service.exe[1792] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Acer\Acer VCM\RS_Service.exe[1792] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Acer\Acer VCM\RS_Service.exe[1792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Acer\Acer VCM\RS_Service.exe[1792] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Acer\Acer VCM\RS_Service.exe[1792] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Acer\Acer VCM\RS_Service.exe[1792] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Acer\Acer VCM\RS_Service.exe[1792] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Acer\Acer VCM\RS_Service.exe[1792] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Acer\Acer VCM\RS_Service.exe[1792] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Acer\Acer VCM\RS_Service.exe[1792] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Acer\Acer VCM\RS_Service.exe[1792] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\wuauclt.exe[1812] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\wuauclt.exe[1812] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1812] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\wuauclt.exe[1812] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wuauclt.exe[1812] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\wuauclt.exe[1812] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\wuauclt.exe[1812] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\wuauclt.exe[1812] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\wuauclt.exe[1812] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\wuauclt.exe[1812] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\wuauclt.exe[1812] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\wuauclt.exe[1812] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\wuauclt.exe[1812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\wuauclt.exe[1812] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\wuauclt.exe[1812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\wuauclt.exe[1812] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\wuauclt.exe[1812] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\wuauclt.exe[1812] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1960] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1960] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1960] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\svchost.exe[1980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\svchost.exe[1980] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe[2688] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\System32\alg.exe[2896] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\alg.exe[2896] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2896] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\alg.exe[2896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\alg.exe[2896] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00300804
.text C:\WINDOWS\System32\alg.exe[2896] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00300A08
.text C:\WINDOWS\System32\alg.exe[2896] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00300600
.text C:\WINDOWS\System32\alg.exe[2896] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003001F8
.text C:\WINDOWS\System32\alg.exe[2896] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003003FC
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00311014
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00310804
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00310A08
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00310C0C
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00310E10
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003101F8
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003103FC
.text C:\WINDOWS\System32\alg.exe[2896] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00310600
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00581014
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00580804
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00580A08
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00580C0C
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00580E10
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 005801F8
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 005803FC
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00580600
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00590804
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00590A08
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00590600
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 005901F8
.text C:\PROGRA~1\LAUNCH~1\LManager.exe[2904] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 005903FC
.text C:\WINDOWS\system32\hkcmd.exe[2928] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\hkcmd.exe[2928] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[2928] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\hkcmd.exe[2928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\hkcmd.exe[2928] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\hkcmd.exe[2928] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\hkcmd.exe[2928] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\hkcmd.exe[2928] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\hkcmd.exe[2928] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\hkcmd.exe[2928] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00431014
.text C:\WINDOWS\system32\hkcmd.exe[2928] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00430804
.text C:\WINDOWS\system32\hkcmd.exe[2928] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00430A08
.text C:\WINDOWS\system32\hkcmd.exe[2928] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00430C0C
.text C:\WINDOWS\system32\hkcmd.exe[2928] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00430E10
.text C:\WINDOWS\system32\hkcmd.exe[2928] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 004301F8
.text C:\WINDOWS\system32\hkcmd.exe[2928] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 004303FC
.text C:\WINDOWS\system32\hkcmd.exe[2928] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00430600
.text C:\WINDOWS\system32\igfxpers.exe[2940] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\igfxpers.exe[2940] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[2940] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\igfxpers.exe[2940] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxpers.exe[2940] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\igfxpers.exe[2940] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\igfxpers.exe[2940] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\igfxpers.exe[2940] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\igfxpers.exe[2940] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\igfxpers.exe[2940] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\igfxpers.exe[2940] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\igfxpers.exe[2940] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\igfxpers.exe[2940] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\igfxpers.exe[2940] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\igfxpers.exe[2940] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\igfxpers.exe[2940] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\igfxpers.exe[2940] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003F0804
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003F0A08
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003F0600
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003F01F8
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3076] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003F03FC
.text C:\WINDOWS\RTHDCPL.EXE[3124] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\RTHDCPL.EXE[3124] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3124] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\RTHDCPL.EXE[3124] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\RTHDCPL.EXE[3124] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014
.text C:\WINDOWS\RTHDCPL.EXE[3124] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804
.text C:\WINDOWS\RTHDCPL.EXE[3124] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08
.text C:\WINDOWS\RTHDCPL.EXE[3124] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C
.text C:\WINDOWS\RTHDCPL.EXE[3124] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10
.text C:\WINDOWS\RTHDCPL.EXE[3124] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8
.text C:\WINDOWS\RTHDCPL.EXE[3124] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC
.text C:\WINDOWS\RTHDCPL.EXE[3124] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600
.text C:\WINDOWS\RTHDCPL.EXE[3124] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\RTHDCPL.EXE[3124] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\RTHDCPL.EXE[3124] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\RTHDCPL.EXE[3124] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\RTHDCPL.EXE[3124] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\PLFSetI.exe[3140] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\PLFSetI.exe[3140] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\PLFSetI.exe[3140] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\PLFSetI.exe[3140] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\PLFSetI.exe[3140] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\PLFSetI.exe[3140] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\PLFSetI.exe[3140] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\PLFSetI.exe[3140] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\PLFSetI.exe[3140] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\PLFSetI.exe[3140] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\PLFSetI.exe[3140] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\PLFSetI.exe[3140] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\PLFSetI.exe[3140] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\PLFSetI.exe[3140] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\PLFSetI.exe[3140] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\PLFSetI.exe[3140] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\PLFSetI.exe[3140] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3156] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3156] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\igfxsrvc.exe[3168] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\ctfmon.exe[3248] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000A01F8
.text C:\WINDOWS\system32\ctfmon.exe[3248] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3248] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000A03FC
.text C:\WINDOWS\system32\ctfmon.exe[3248] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\ctfmon.exe[3248] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00381014
.text C:\WINDOWS\system32\ctfmon.exe[3248] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00380804
.text C:\WINDOWS\system32\ctfmon.exe[3248] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00380A08
.text C:\WINDOWS\system32\ctfmon.exe[3248] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00380C0C
.text C:\WINDOWS\system32\ctfmon.exe[3248] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00380E10
.text C:\WINDOWS\system32\ctfmon.exe[3248] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003801F8
.text C:\WINDOWS\system32\ctfmon.exe[3248] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003803FC
.text C:\WINDOWS\system32\ctfmon.exe[3248] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00380600
.text C:\WINDOWS\system32\ctfmon.exe[3248] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00390804
.text C:\WINDOWS\system32\ctfmon.exe[3248] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00390A08
.text C:\WINDOWS\system32\ctfmon.exe[3248] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00390600
.text C:\WINDOWS\system32\ctfmon.exe[3248] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003901F8
.text C:\WINDOWS\system32\ctfmon.exe[3248] USER32.dll!UnhookWinEvent 7E3818AC 3 Bytes JMP 003903FC
.text C:\WINDOWS\system32\ctfmon.exe[3248] USER32.dll!UnhookWinEvent + 4 7E3818B0 1 Byte [82]
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001401F8
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001403FC
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003D0804
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003D0A08
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003D0600
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003D01F8
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003D03FC
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\WINDOWS\WebCam\M3000\M3000Mnt.exe[3272] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00F50804
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00F50A08
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00F50600
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 00F501F8
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3280] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 00F503FC
.text C:\Program Files\Messenger\msmsgs.exe[3396] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\Program Files\Messenger\msmsgs.exe[3396] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[3396] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\Program Files\Messenger\msmsgs.exe[3396] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\Program Files\Messenger\msmsgs.exe[3396] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00321014
.text C:\Program Files\Messenger\msmsgs.exe[3396] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00320804
.text C:\Program Files\Messenger\msmsgs.exe[3396] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00320A08
.text C:\Program Files\Messenger\msmsgs.exe[3396] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00320C0C
.text C:\Program Files\Messenger\msmsgs.exe[3396] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00320E10
.text C:\Program Files\Messenger\msmsgs.exe[3396] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003201F8
.text C:\Program Files\Messenger\msmsgs.exe[3396] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003203FC
.text C:\Program Files\Messenger\msmsgs.exe[3396] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00320600
.text C:\Program Files\Messenger\msmsgs.exe[3396] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00330804
.text C:\Program Files\Messenger\msmsgs.exe[3396] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00330A08
.text C:\Program Files\Messenger\msmsgs.exe[3396] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00330600
.text C:\Program Files\Messenger\msmsgs.exe[3396] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003301F8
.text C:\Program Files\Messenger\msmsgs.exe[3396] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003303FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00320804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00320A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00320600
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003201F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003203FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00331014
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00330804
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00330A08
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00330C0C
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00330E10
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003301F8
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003303FC
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE[3456] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00330600
.text C:\WINDOWS\system32\igfxext.exe[3508] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 001501F8
.text C:\WINDOWS\system32\igfxext.exe[3508] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\igfxext.exe[3508] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 001503FC
.text C:\WINDOWS\system32\igfxext.exe[3508] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\igfxext.exe[3508] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 003E0804
.text C:\WINDOWS\system32\igfxext.exe[3508] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 003E0A08
.text C:\WINDOWS\system32\igfxext.exe[3508] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 003E0600
.text C:\WINDOWS\system32\igfxext.exe[3508] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003E01F8
.text C:\WINDOWS\system32\igfxext.exe[3508] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003E03FC
.text C:\WINDOWS\system32\igfxext.exe[3508] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003F1014
.text C:\WINDOWS\system32\igfxext.exe[3508] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003F0804
.text C:\WINDOWS\system32\igfxext.exe[3508] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003F0A08
.text C:\WINDOWS\system32\igfxext.exe[3508] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003F0C0C
.text C:\WINDOWS\system32\igfxext.exe[3508] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003F0E10
.text C:\WINDOWS\system32\igfxext.exe[3508] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003F01F8
.text C:\WINDOWS\system32\igfxext.exe[3508] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003F03FC
.text C:\WINDOWS\system32\igfxext.exe[3508] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003F0600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 000901F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] ntdll.dll!RtlDosSearchPath_U + 1D1 7C9171CA 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 000903FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62]
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 00310804
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] USER32.dll!UnhookWindowsHookEx 7E37D5F3 5 Bytes JMP 00310A08
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00310600
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] USER32.dll!SetWinEventHook 7E3817F7 5 Bytes JMP 003101F8
.text C:\WINDOWS\system32\wbem\wmiapsrv.exe[3796] USER32.dll!UnhookWinEvent 7E3818AC 5 Bytes JMP 003103FC
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[1204] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002
IAT C:\WINDOWS\system32\services.exe[1204] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000
IAT C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1960] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[3156] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6D0] C:\PROGRA~1\ALWILS~1\Avast5\aswCmnBS.dll (Common functions/AVAST Software)
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\Ela\Ustawienia lokalne\Temp\{01425564-EE36-4A8F-8132-EED7CEF13860}-21.0.1180.83_chrome_installer.exe (size mismatch) 3161935/3143891 bytes executable
File C:\Documents and Settings\Ela\Ustawienia lokalne\Temp\{2128A5E3-46F8-4B9A-97CC-5EC84B67308D}-21.0.1180.79_chrome_installer.exe (size mismatch) 4560761/4544105 bytes executable
File C:\Documents and Settings\Ela\Ustawienia lokalne\Temp\{660C26E8-774D-4C61-B29D-358DF54D0237}-21.0.1180.83_chrome_installer.exe (size mismatch) 5064813/5048157 bytes executable
---- EOF - GMER 1.0.15 ----
