Wyskakujące reklamy, zamulenie komputera.

**Posty:** 75 · przez **jknw** 01 Gru 2015, 23:12

Witam

Jak w temacie, w zasadzie z dnia na dzień zaczęły mi wyskakiwać reklamy na przeglądarce. Dosłownie na każdej stronie po 4-5 ramek, nawet teraz na tej. Oszaleć idzie, nic nie można zrobić, uniemożliwia to normalne użytkowanie laptopa. Mam avg, jednak on niczego nie wykrywa. Proszę o pomoc.
Log z gmera mam nadzieję, że ok gdyż zawiesił się za pierwszym razem i przeszukiwanie zostało przerwane samo z siebie, nic nie ruszałem. Program pracował jakieś 70-80 minut i przerwał. Za drugim razem chyba ok.

gmer:

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-12-01 21:46:52
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST975042 rev.0001 698,64GB
Running: wgdbny3j.exe; Driver: C:\Users\cysio\AppData\Local\Temp\ugloqpod.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\system32\drivers\USBPORT.SYS!DllUnload fffff8801027dd8c 12 bytes {MOV RAX, 0xfffffa8006fe02a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text C:\Windows\system32\Dwm.exe[2720] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc372db0 5 bytes JMP 000007fffc360180
.text C:\Windows\system32\Dwm.exe[2720] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc3737d0 7 bytes JMP 000007fffc3600d8
.text C:\Windows\system32\Dwm.exe[2720] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc37a410 2 bytes JMP 000007fffc360110
.text C:\Windows\system32\Dwm.exe[2720] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefc37a413 2 bytes [FE, FF]
.text C:\Windows\system32\Dwm.exe[2720] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc37aec0 6 bytes JMP 000007fffc360148
.text C:\Windows\system32\Dwm.exe[2720] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc7f89d0 8 bytes JMP 000007fffc3601f0
.text C:\Windows\system32\Dwm.exe[2720] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc7fbe40 8 bytes JMP 000007fffc3601b8
.text C:\Windows\system32\Dwm.exe[2720] C:\Windows\system32\dxgi.dll!CreateDXGIFactory 000007fef6a2dc88 5 bytes JMP 000007fff6a000d8
.text C:\Windows\system32\Dwm.exe[2720] C:\Windows\system32\dxgi.dll!CreateDXGIFactory1 000007fef6a2de10 5 bytes JMP 000007fff6a00110
.text C:\Windows\system32\taskeng.exe[2728] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc372db0 5 bytes JMP 000007fffc360180
.text C:\Windows\system32\taskeng.exe[2728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc3737d0 7 bytes JMP 000007fffc3600d8
.text C:\Windows\system32\taskeng.exe[2728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc37a410 2 bytes JMP 000007fffc360110
.text C:\Windows\system32\taskeng.exe[2728] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefc37a413 2 bytes [FE, FF]
.text C:\Windows\system32\taskeng.exe[2728] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc37aec0 6 bytes JMP 000007fffc360148
.text C:\Windows\system32\taskeng.exe[2728] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc7f89d0 8 bytes JMP 000007fffc3601f0
.text C:\Windows\system32\taskeng.exe[2728] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc7fbe40 8 bytes JMP 000007fffc3601b8
.text C:\Windows\system32\taskeng.exe[2728] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc5e74a0 11 bytes JMP 000007fffc360228
.text C:\Windows\system32\taskeng.exe[2728] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc5fbf10 7 bytes JMP 000007fffc360260
.text C:\Windows\system32\taskeng.exe[2780] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc372db0 5 bytes JMP 000007fffc360180
.text C:\Windows\system32\taskeng.exe[2780] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc3737d0 7 bytes JMP 000007fffc3600d8
.text C:\Windows\system32\taskeng.exe[2780] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc37a410 2 bytes JMP 000007fffc360110
.text C:\Windows\system32\taskeng.exe[2780] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefc37a413 2 bytes [FE, FF]
.text C:\Windows\system32\taskeng.exe[2780] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc37aec0 6 bytes JMP 000007fffc360148
.text C:\Windows\system32\taskeng.exe[2780] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc7f89d0 8 bytes JMP 000007fffc3601f0
.text C:\Windows\system32\taskeng.exe[2780] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc7fbe40 8 bytes JMP 000007fffc3601b8
.text C:\Windows\system32\taskeng.exe[2780] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc5e74a0 11 bytes JMP 000007fffc360228
.text C:\Windows\system32\taskeng.exe[2780] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc5fbf10 7 bytes JMP 000007fffc360260
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076991401 2 bytes JMP 772db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076991419 2 bytes JMP 772db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076991431 2 bytes JMP 77358fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007699144a 2 bytes CALL 772b489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769914dd 2 bytes JMP 773588c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769914f5 2 bytes JMP 77358aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007699150d 2 bytes JMP 773587ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076991525 2 bytes JMP 77358b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007699153d 2 bytes JMP 772cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076991555 2 bytes JMP 772d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007699156d 2 bytes JMP 77359089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076991585 2 bytes JMP 77358bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007699159d 2 bytes JMP 7735877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769915b5 2 bytes JMP 772cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769915cd 2 bytes JMP 772db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769916b2 2 bytes JMP 77358f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe[3248] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769916bd 2 bytes JMP 77358713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773ba460 7 bytes JMP 000000016fff0228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773c3f80 5 bytes JMP 000000016fff0180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773dffa0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773ef330 5 bytes JMP 000000016fff0110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077419a80 7 bytes JMP 000000016fff00d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077429510 5 bytes JMP 000000016fff0148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077448830 7 bytes JMP 000000016fff01f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc372db0 5 bytes JMP 000007fffc360180
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc3737d0 7 bytes JMP 000007fffc3600d8
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc37a410 2 bytes JMP 000007fffc360110
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefc37a413 2 bytes [FE, FF]
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc37aec0 6 bytes JMP 000007fffc360148
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc5e74a0 11 bytes JMP 000007fffc360228
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc5fbf10 7 bytes JMP 000007fffc360260
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc7f89d0 8 bytes JMP 000007fffc3601f0
.text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[3984] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc7fbe40 8 bytes JMP 000007fffc3601b8
.text C:\Windows\System32\igfxpers.exe[2292] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc372db0 5 bytes JMP 000007fffc360180
.text C:\Windows\System32\igfxpers.exe[2292] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc3737d0 7 bytes JMP 000007fffc3600d8
.text C:\Windows\System32\igfxpers.exe[2292] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc37a410 2 bytes JMP 000007fffc360110
.text C:\Windows\System32\igfxpers.exe[2292] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefc37a413 2 bytes [FE, FF]
.text C:\Windows\System32\igfxpers.exe[2292] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc37aec0 6 bytes JMP 000007fffc360148
.text C:\Windows\System32\igfxpers.exe[2292] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc7f89d0 8 bytes JMP 000007fffc3601f0
.text C:\Windows\System32\igfxpers.exe[2292] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc7fbe40 8 bytes JMP 000007fffc3601b8
.text C:\Windows\System32\igfxpers.exe[2292] C:\Windows\system32\ole32.dll!CoCreateInstance 000007fefc5e74a0 11 bytes JMP 000007fffc360228
.text C:\Windows\System32\igfxpers.exe[2292] C:\Windows\system32\ole32.dll!CoSetProxyBlanket 000007fefc5fbf10 7 bytes JMP 000007fffc360260
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772b1efe 7 bytes JMP 0000000174ac3a00
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772b5b9d 7 bytes JMP 0000000174ac4040
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772c13f9 7 bytes JMP 0000000174ac3c50
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772cea45 7 bytes JMP 0000000174ac39f0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077358f4c 7 bytes JMP 0000000174ac3540
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077358fd1 5 bytes JMP 0000000174ac35f0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077359327 5 bytes JMP 0000000174ac3550
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758c1d29 5 bytes JMP 0000000174ac3500
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758c1dd7 5 bytes JMP 0000000174ac34c0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758c2ab1 5 bytes JMP 000000010101f63e
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758c2d1d 5 bytes JMP 0000000174ac3310
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c58a29 5 bytes JMP 0000000174ac29c0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c64572 5 bytes JMP 0000000174ac3290
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c7e567 5 bytes JMP 0000000174ac3300
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ca07d7 5 bytes JMP 0000000174ac2820
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cb7a5c 5 bytes JMP 0000000174ac3270
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bcd2b4 5 bytes JMP 0000000174ac2ae0
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4380] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bcd4ee 5 bytes JMP 0000000174ac2b00
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772b1efe 7 bytes JMP 0000000174ac3a00
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772b5b9d 7 bytes JMP 0000000174ac4040
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772c13f9 7 bytes JMP 0000000174ac3c50
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772cea45 7 bytes JMP 0000000174ac39f0
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077358f4c 7 bytes JMP 0000000174ac3540
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077358fd1 5 bytes JMP 0000000174ac35f0
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077359327 5 bytes JMP 0000000174ac3550
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758c1d29 5 bytes JMP 0000000174ac3500
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758c1dd7 5 bytes JMP 0000000174ac34c0
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758c2ab1 5 bytes JMP 0000000174ac3600
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758c2d1d 5 bytes JMP 0000000174ac3310
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076991401 2 bytes JMP 772db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076991419 2 bytes JMP 772db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076991431 2 bytes JMP 77358fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007699144a 2 bytes CALL 772b489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769914dd 2 bytes JMP 773588c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769914f5 2 bytes JMP 77358aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007699150d 2 bytes JMP 773587ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076991525 2 bytes JMP 77358b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007699153d 2 bytes JMP 772cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076991555 2 bytes JMP 772d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007699156d 2 bytes JMP 77359089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076991585 2 bytes JMP 77358bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007699159d 2 bytes JMP 7735877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769915b5 2 bytes JMP 772cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769915cd 2 bytes JMP 772db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769916b2 2 bytes JMP 77358f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769916bd 2 bytes JMP 77358713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c58a29 5 bytes JMP 0000000174ac29c0
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c64572 5 bytes JMP 0000000174ac3290
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c7e567 5 bytes JMP 0000000174ac3300
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ca07d7 5 bytes JMP 0000000174ac2820
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cb7a5c 5 bytes JMP 0000000174ac3270
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000752d5ea5 5 bytes JMP 0000000174ac2980
.text C:\Program Files (x86)\syncables\syncables desktop\syncables.exe[4396] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075309d0b 5 bytes JMP 0000000174ac2910
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772b1efe 7 bytes JMP 0000000174ac3a00
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772b5b9d 7 bytes JMP 0000000174ac4040
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772c13f9 7 bytes JMP 0000000174ac3c50
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772cea45 7 bytes JMP 0000000174ac39f0
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077358f4c 7 bytes JMP 0000000174ac3540
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077358fd1 5 bytes JMP 0000000174ac35f0
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077359327 5 bytes JMP 0000000174ac3550
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758c1d29 5 bytes JMP 0000000174ac3500
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758c1dd7 5 bytes JMP 0000000174ac34c0
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758c2ab1 5 bytes JMP 0000000174ac3600
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758c2d1d 5 bytes JMP 0000000174ac3310
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c58a29 5 bytes JMP 0000000174ac29c0
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c64572 5 bytes JMP 0000000174ac3290
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c7e567 5 bytes JMP 0000000174ac3300
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ca07d7 5 bytes JMP 0000000174ac2820
.text C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe[4496] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cb7a5c 5 bytes JMP 0000000174ac3270
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777cfc90 5 bytes JMP 00000001748f19d0
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777cfe54 5 bytes JMP 00000001748f15f0
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000777d00a8 5 bytes JMP 00000001748f1bb0
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772b1efe 7 bytes JMP 0000000174ac3a00
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772b5b9d 7 bytes JMP 0000000174ac4040
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772c13f9 7 bytes JMP 0000000174ac3c50
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000772c3bab 5 bytes JMP 00000001748f1760
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772cea45 7 bytes JMP 0000000174ac39f0
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077358f4c 7 bytes JMP 0000000174ac3540
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077358fd1 5 bytes JMP 0000000174ac35f0
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077359327 5 bytes JMP 0000000174ac3550
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758c1d29 5 bytes JMP 0000000174ac3500
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758c1dd7 5 bytes JMP 0000000174ac34c0
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758c2ab1 5 bytes JMP 0000000174ac3600
.text C:\Program Files (x86)\Bloody5\Bloody5\Bloody5.exe[4836] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758c2d1d 5 bytes JMP 0000000174ac3310
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007761dc30 5 bytes JMP 0000000077780128
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761dd50 5 bytes JMP 0000000077780018
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007761ded0 5 bytes JMP 00000000777801b0
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\kernel32.dll!RegSetValueExW 00000000773ba460 7 bytes JMP 000000016fff0228
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\kernel32.dll!RegQueryValueExW 00000000773c3f80 5 bytes JMP 000000016fff0180
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773cdb10 1 byte JMP 00000000777800a0
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\kernel32.dll!CreateProcessInternalW + 2 00000000773cdb12 3 bytes {JMP 0x3b2590}
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\kernel32.dll!RegDeleteValueW 00000000773dffa0 5 bytes JMP 000000016fff01b8
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\kernel32.dll!K32GetMappedFileNameW 00000000773ef330 5 bytes JMP 000000016fff0110
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\kernel32.dll!K32EnumProcessModulesEx 0000000077419a80 7 bytes JMP 000000016fff00d8
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\kernel32.dll!K32GetModuleInformation 0000000077429510 5 bytes JMP 000000016fff0148
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\kernel32.dll!RegSetValueExA 0000000077448830 7 bytes JMP 000000016fff01f0
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\KERNELBASE.dll!FreeLibrary 000007fefc372db0 5 bytes JMP 000007fffc1d0180
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleW 000007fefc3737d0 7 bytes JMP 000007fffc1d00d8
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW 000007fefc37a410 2 bytes JMP 000007fffc1d0110
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\KERNELBASE.dll!GetModuleHandleExW + 3 000007fefc37a413 2 bytes [E5, FF]
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefc37aec0 6 bytes JMP 000007fffc1d0148
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\GDI32.dll!D3DKMTQueryAdapterInfo 000007fefc7f89d0 8 bytes JMP 000007fffc1d01f0
.text C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe[4904] C:\Windows\system32\GDI32.dll!D3DKMTGetDisplayModeList 000007fefc7fbe40 8 bytes JMP 000007fffc1d01b8
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777cfc90 5 bytes JMP 00000001748f19d0
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777cfe54 5 bytes JMP 00000001748f15f0
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000777d00a8 5 bytes JMP 00000001748f1bb0
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772b1efe 7 bytes JMP 0000000174ac3a00
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772b5b9d 7 bytes JMP 0000000174ac4040
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772c13f9 7 bytes JMP 0000000174ac3c50
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000772c3bab 5 bytes JMP 00000001748f1760
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772cea45 7 bytes JMP 0000000174ac39f0
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077358f4c 7 bytes JMP 0000000174ac3540
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077358fd1 5 bytes JMP 0000000174ac35f0
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077359327 5 bytes JMP 0000000174ac3550
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758c1d29 5 bytes JMP 0000000174ac3500
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758c1dd7 5 bytes JMP 0000000174ac34c0
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758c2ab1 5 bytes JMP 0000000174ac3600
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758c2d1d 5 bytes JMP 0000000174ac3310
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c58a29 5 bytes JMP 0000000174ac29c0
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c64572 5 bytes JMP 0000000174ac3290
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c7e567 5 bytes JMP 0000000174ac3300
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ca07d7 5 bytes JMP 0000000174ac2820
.text C:\Program Files (x86)\AVG\AVG2015\avgui.exe[5944] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cb7a5c 5 bytes JMP 0000000174ac3270
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777cfc90 5 bytes JMP 00000001748f19d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777cfe54 5 bytes JMP 00000001748f15f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5976] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000777d00a8 5 bytes JMP 00000001748f1bb0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5976] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772b1efe 7 bytes JMP 0000000174ac3a00
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5976] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772b5b9d 7 bytes JMP 0000000174ac4040
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5976] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772c13f9 7 bytes JMP 0000000174ac3c50
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5976] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000772c3bab 5 bytes JMP 00000001748f1760
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5976] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772cea45 7 bytes JMP 0000000174ac39f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5976] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077358f4c 7 bytes JMP 0000000174ac3540
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5976] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077358fd1 5 bytes JMP 0000000174ac35f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe[5976] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077359327 5 bytes JMP 0000000174ac3550
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777cfc90 5 bytes JMP 00000001748f19d0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777cfe54 5 bytes JMP 00000001748f15f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000777d00a8 5 bytes JMP 00000001748f1bb0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772b1efe 7 bytes JMP 0000000174ac3a00
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772b5b9d 7 bytes JMP 0000000174ac4040
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772c13f9 7 bytes JMP 0000000174ac3c50
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000772c3bab 5 bytes JMP 00000001748f1760
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772cea45 7 bytes JMP 0000000174ac39f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077358f4c 7 bytes JMP 0000000174ac3540
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077358fd1 5 bytes JMP 0000000174ac35f0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077359327 5 bytes JMP 0000000174ac3550
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c58a29 5 bytes JMP 0000000174ac29c0
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c64572 5 bytes JMP 0000000174ac3290
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c7e567 5 bytes JMP 0000000174ac3300
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ca07d7 5 bytes JMP 0000000174ac2820
.text C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe[6008] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cb7a5c 5 bytes JMP 0000000174ac3270
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777cfc90 5 bytes JMP 00000001748f19d0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777cfe54 5 bytes JMP 00000001748f15f0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000777d00a8 5 bytes JMP 00000001748f1bb0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772b1efe 7 bytes JMP 0000000174ac3a00
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772b5b9d 7 bytes JMP 0000000174ac4040
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772c13f9 7 bytes JMP 0000000174ac3c50
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000772c3bab 5 bytes JMP 00000001748f1760
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772cea45 7 bytes JMP 0000000174ac39f0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077358f4c 7 bytes JMP 0000000174ac3540
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077358fd1 5 bytes JMP 0000000174ac35f0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077359327 5 bytes JMP 0000000174ac3550
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758c1d29 5 bytes JMP 0000000174ac3500
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758c1dd7 5 bytes JMP 0000000174ac34c0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758c2ab1 5 bytes JMP 0000000174ac3600
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758c2d1d 5 bytes JMP 0000000174ac3310
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c58a29 5 bytes JMP 0000000174ac29c0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c64572 5 bytes JMP 0000000174ac3290
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c7e567 5 bytes JMP 0000000174ac3300
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ca07d7 5 bytes JMP 0000000174ac2820
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cb7a5c 5 bytes JMP 0000000174ac3270
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bcd2b4 5 bytes JMP 0000000174ac2ae0
.text C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe[6052] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bcd4ee 5 bytes JMP 0000000174ac2b00
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777cfc90 5 bytes JMP 00000001748f19d0
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777cfe54 5 bytes JMP 00000001748f15f0
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000777d00a8 5 bytes JMP 00000001748f1bb0
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772b1efe 7 bytes JMP 0000000174ac3a00
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772b5b9d 7 bytes JMP 0000000174ac4040
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772c13f9 7 bytes JMP 0000000174ac3c50
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000772c3bab 5 bytes JMP 00000001748f1760
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772cea45 7 bytes JMP 0000000174ac39f0
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077358f4c 7 bytes JMP 0000000174ac3540
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077358fd1 5 bytes JMP 0000000174ac35f0
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077359327 5 bytes JMP 0000000174ac3550
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758c1d29 5 bytes JMP 0000000174ac3500
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758c1dd7 5 bytes JMP 0000000174ac34c0
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758c2ab1 5 bytes JMP 0000000174ac3600
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758c2d1d 5 bytes JMP 0000000174ac3310
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c58a29 5 bytes JMP 0000000174ac29c0
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c64572 5 bytes JMP 0000000174ac3290
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c7e567 5 bytes JMP 0000000174ac3300
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ca07d7 5 bytes JMP 0000000174ac2820
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cb7a5c 5 bytes JMP 0000000174ac3270
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076991401 2 bytes JMP 772db21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076991419 2 bytes JMP 772db346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076991431 2 bytes JMP 77358fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007699144a 2 bytes CALL 772b489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769914dd 2 bytes JMP 773588c4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769914f5 2 bytes JMP 77358aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007699150d 2 bytes JMP 773587ba C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076991525 2 bytes JMP 77358b8a C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007699153d 2 bytes JMP 772cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076991555 2 bytes JMP 772d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007699156d 2 bytes JMP 77359089 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076991585 2 bytes JMP 77358bea C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007699159d 2 bytes JMP 7735877e C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769915b5 2 bytes JMP 772cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769915cd 2 bytes JMP 772db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769916b2 2 bytes JMP 77358f4c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769916bd 2 bytes JMP 77358713 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\ole32.dll!CoSetProxyBlanket 00000000752d5ea5 5 bytes JMP 0000000174ac2980
.text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[6084] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000075309d0b 5 bytes JMP 0000000174ac2910
.text C:\Windows\system32\SearchIndexer.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007761dc30 5 bytes JMP 0000000077780128
.text C:\Windows\system32\SearchIndexer.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761dd50 5 bytes JMP 0000000077780018
.text C:\Windows\system32\SearchIndexer.exe[276] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007761ded0 5 bytes JMP 00000000777801b0
.text C:\Windows\system32\svchost.exe[5828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007761dc30 5 bytes JMP 00000001775c0128
.text C:\Windows\system32\svchost.exe[5828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761dd50 5 bytes JMP 00000001775c0018
.text C:\Windows\system32\svchost.exe[5828] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007761ded0 5 bytes JMP 00000001775c01b0
.text C:\Windows\system32\svchost.exe[5828] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773cdb10 1 byte JMP 00000000775c00a0
.text C:\Windows\system32\svchost.exe[5828] C:\Windows\system32\kernel32.dll!CreateProcessInternalW + 2 00000000773cdb12 3 bytes {JMP 0x1f2590}
.text C:\Windows\servicing\TrustedInstaller.exe[6156] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007761dc30 5 bytes JMP 0000000077780128
.text C:\Windows\servicing\TrustedInstaller.exe[6156] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007761dd50 5 bytes JMP 0000000077780018
.text C:\Windows\servicing\TrustedInstaller.exe[6156] C:\Windows\SYSTEM32\ntdll.dll!NtResumeThread 000000007761ded0 5 bytes JMP 00000000777801b0
.text C:\Windows\servicing\TrustedInstaller.exe[6156] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 00000000773cdb10 1 byte JMP 00000000777800a0
.text C:\Windows\servicing\TrustedInstaller.exe[6156] C:\Windows\system32\kernel32.dll!CreateProcessInternalW + 2 00000000773cdb12 3 bytes {JMP 0x3b2590}
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777cfc90 5 bytes JMP 00000001748f19d0
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777cfe54 5 bytes JMP 00000001748f15f0
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000777d00a8 5 bytes JMP 00000001748f1bb0
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772b1efe 7 bytes JMP 0000000174ac3a00
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772b5b9d 7 bytes JMP 0000000174ac4040
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772c13f9 7 bytes JMP 0000000174ac3c50
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000772c3bab 5 bytes JMP 00000001748f1760
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772cea45 7 bytes JMP 0000000174ac39f0
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077358f4c 7 bytes JMP 0000000174ac3540
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077358fd1 5 bytes JMP 0000000174ac35f0
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077359327 5 bytes JMP 0000000174ac3550
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758c1d29 5 bytes JMP 0000000174ac3500
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758c1dd7 5 bytes JMP 0000000174ac34c0
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758c2ab1 5 bytes JMP 0000000174ac3600
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758c2d1d 5 bytes JMP 0000000174ac3310
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c58a29 5 bytes JMP 0000000174ac29c0
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c64572 5 bytes JMP 0000000174ac3290
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c7e567 5 bytes JMP 0000000174ac3300
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ca07d7 5 bytes JMP 0000000174ac2820
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cb7a5c 5 bytes JMP 0000000174ac3270
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bcd2b4 5 bytes JMP 0000000174ac2ae0
.text C:\Users\cysio\AppData\Local\GG\Application\gghub.exe[10656] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bcd4ee 5 bytes JMP 0000000174ac2b00
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection 00000000777cfc90 5 bytes JMP 00000001748f19d0
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 00000000777cfe54 5 bytes JMP 00000001748f15f0
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 00000000777d00a8 5 bytes JMP 00000001748f1bb0
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772b1efe 7 bytes JMP 0000000174ac3a00
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772b5b9d 7 bytes JMP 0000000174ac4040
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772c13f9 7 bytes JMP 0000000174ac3c50
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000772c3bab 5 bytes JMP 00000001748f1760
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772cea45 7 bytes JMP 0000000174ac39f0
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077358f4c 7 bytes JMP 0000000174ac3540
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077358fd1 5 bytes JMP 0000000174ac35f0
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077359327 5 bytes JMP 0000000174ac3550
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758c1d29 5 bytes JMP 0000000174ac3500
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758c1dd7 5 bytes JMP 0000000174ac34c0
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758c2ab1 5 bytes JMP 0000000174ac3600
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758c2d1d 5 bytes JMP 0000000174ac3310
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c58a29 5 bytes JMP 0000000174ac29c0
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c64572 5 bytes JMP 0000000174ac3290
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c7e567 5 bytes JMP 0000000174ac3300
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ca07d7 5 bytes JMP 0000000174ac2820
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cb7a5c 5 bytes JMP 0000000174ac3270
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076991401 2 bytes JMP 772db21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076991419 2 bytes JMP 772db346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076991431 2 bytes JMP 77358fd1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007699144a 2 bytes CALL 772b489d C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000769914dd 2 bytes JMP 773588c4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000769914f5 2 bytes JMP 77358aa0 C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007699150d 2 bytes JMP 773587ba C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076991525 2 bytes JMP 77358b8a C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007699153d 2 bytes JMP 772cfca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076991555 2 bytes JMP 772d68ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007699156d 2 bytes JMP 77359089 C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076991585 2 bytes JMP 77358bea C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007699159d 2 bytes JMP 7735877e C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000769915b5 2 bytes JMP 772cfd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000769915cd 2 bytes JMP 772db2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000769916b2 2 bytes JMP 77358f4c C:\Windows\syswow64\kernel32.dll
.text C:\Users\cysio\AppData\Local\GG\Application\ggdrive\ggdrive.exe[6884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000769916bd 2 bytes JMP 77358713 C:\Windows\syswow64\kernel32.dll
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\kernel32.dll!RegQueryValueExW 00000000772b1efe 7 bytes JMP 0000000174ac3a00
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\kernel32.dll!RegSetValueExW 00000000772b5b9d 7 bytes JMP 0000000174ac4040
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\kernel32.dll!RegSetValueExA 00000000772c13f9 7 bytes JMP 0000000174ac3c50
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\kernel32.dll!RegDeleteValueW 00000000772cea45 7 bytes JMP 0000000174ac39f0
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\kernel32.dll!K32EnumProcessModulesEx 0000000077358f4c 7 bytes JMP 0000000174ac3540
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\kernel32.dll!K32GetModuleInformation 0000000077358fd1 5 bytes JMP 0000000174ac35f0
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\kernel32.dll!K32GetMappedFileNameW 0000000077359327 5 bytes JMP 0000000174ac3550
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleW 00000000758c1d29 5 bytes JMP 0000000174ac3500
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\KERNELBASE.dll!GetModuleHandleExW 00000000758c1dd7 5 bytes JMP 0000000174ac34c0
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW 00000000758c2ab1 5 bytes JMP 0000000174ac3600
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\KERNELBASE.dll!FreeLibrary 00000000758c2d1d 5 bytes JMP 0000000174ac3310
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\GDI32.dll!D3DKMTGetDisplayModeList 0000000075bcd2b4 5 bytes JMP 0000000174ac2ae0
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\GDI32.dll!D3DKMTQueryAdapterInfo 0000000075bcd4ee 5 bytes JMP 0000000174ac2b00
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075c58a29 5 bytes JMP 0000000174ac29c0
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesA 0000000075c64572 5 bytes JMP 0000000174ac3290
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\USER32.dll!EnumDisplayDevicesW 0000000075c7e567 5 bytes JMP 0000000174ac3300
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\USER32.dll!ChangeDisplaySettingsExW 0000000075ca07d7 5 bytes JMP 0000000174ac2820
.text D:\biżące z neta\wgdbny3j.exe[13380] C:\Windows\syswow64\USER32.dll!DisplayConfigGetDeviceInfo 0000000075cb7a5c 5 bytes JMP 0000000174ac3270

---- Kernel IAT/EAT - GMER 2.1 ----

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff88001057ed8] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff88001057c7c] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff88001058658] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff88001058a54] \SystemRoot\System32\Drivers\sptd.sys [.text]
IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010588b0] \SystemRoot\System32\Drivers\sptd.sys [.text]

---- Devices - GMER 2.1 ----

Device \Driver\awm43gy8 \Device\Scsi\awm43gy81 fffffa80073072c0
Device \FileSystem\Ntfs \Ntfs fffffa800497a2c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{245D96BD-90EE-4D6E-842C-82D77CB1E969} fffffa8006b6a2c0
Device \Driver\usbehci \Device\USBPDO-1 fffffa8006fbf2c0
Device \Driver\cdrom \Device\CdRom0 fffffa8006c0a2c0
Device \Driver\cdrom \Device\CdRom1 fffffa8006c0a2c0
Device \Driver\usbehci \Device\USBFDO-0 fffffa8006fbf2c0
Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa8006a382c0
Device \Driver\dtsoftbus01 \Device\0000007c fffffa8006a382c0
Device \Driver\usbehci \Device\USBFDO-1 fffffa8006fbf2c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{28D5A2F0-4E39-42EB-911B-AA87C2320237} fffffa8006b6a2c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8006b6a2c0
Device \Driver\awm43gy8 \Device\ScsiPort1 fffffa80073072c0
Device \Driver\usbehci \Device\USBPDO-0 fffffa8006fbf2c0

---- Modules - GMER 2.1 ----

Module \SystemRoot\System32\Drivers\awm43gy8.SYS fffff88008400000-fffff8800844f000 (323584 bytes)

---- Threads - GMER 2.1 ----

Thread C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164:1180] 0000000075457587
Thread C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164:1192] 00000000777ec557
Thread C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1164:7092] 00000000778027c1
Thread C:\Windows\system32\svchost.exe [1244:11828] 000007fefb204af4
Thread C:\Windows\System32\svchost.exe [1368:1724] 000007fef97859a0
Thread C:\Windows\System32\svchost.exe [1368:1836] 000007fefb9f1a70
Thread C:\Windows\System32\svchost.exe [1368:4388] 000007fef5a244d0
Thread C:\Windows\System32\svchost.exe [1368:5676] 000007fef05a20c0
Thread C:\Windows\System32\svchost.exe [1368:2116] 000007fef05a26a8
Thread C:\Windows\System32\svchost.exe [1368:3608] 000007fef05a29dc
Thread C:\Windows\System32\svchost.exe [1368:3836] 000007fef7d589b8
Thread C:\Windows\system32\svchost.exe [1440:13792] 000007feff0c4164
Thread C:\Windows\system32\svchost.exe [1440:13984] 000007fefed31ab0
Thread C:\Windows\system32\WLANExt.exe [1772:1848] 000007fef8f69110
Thread C:\Windows\system32\WLANExt.exe [1772:1852] 000007fef8eda0f8
Thread C:\Windows\system32\WLANExt.exe [1772:1856] 000007fef8eda114
Thread C:\Windows\system32\WLANExt.exe [1772:1860] 000007fef8eda0dc
Thread C:\Windows\system32\WLANExt.exe [1772:1864] 000007fef8ef6fc8
Thread C:\Windows\system32\WLANExt.exe [1772:1868] 000007fef8d82f9c
Thread C:\Windows\System32\spoolsv.exe [1928:2680] 000007fef73d10c8
Thread C:\Windows\System32\spoolsv.exe [1928:2896] 000007fef7396144
Thread C:\Windows\System32\spoolsv.exe [1928:2900] 000007fef6b85fd0
Thread C:\Windows\System32\spoolsv.exe [1928:2904] 000007fef6b73438
Thread C:\Windows\System32\spoolsv.exe [1928:2908] 000007fef6b863ec
Thread C:\Windows\system32\svchost.exe [1956:2084] 000007fef87035c0
Thread C:\Windows\system32\svchost.exe [1956:2100] 000007fef8705600
Thread C:\Windows\system32\svchost.exe [1956:6276] 000007fef4e02940
Thread C:\Windows\system32\svchost.exe [1956:6288] 000007fef1eb2888
Thread C:\Windows\system32\svchost.exe [1956:956] 000007fef1eb2a40
Thread C:\Windows\system32\svchost.exe [5828:3324] 000007fef05b8470
Thread C:\Windows\system32\svchost.exe [5828:2392] 000007fef05c2418
Thread C:\Windows\system32\svchost.exe [5828:4256] 000007fef6b85fd0
Thread C:\Windows\system32\svchost.exe [5828:3896] 000007fef6b863ec
Thread C:\Windows\system32\svchost.exe [5828:1264] 000007feee9ef130
Thread C:\Windows\system32\svchost.exe [5828:1532] 000007feee9e4734
Thread C:\Windows\system32\svchost.exe [5828:6328] 000007feee9e4734
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6656:5816] 000007fefa252ae8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6656:2816] 000007feedac5648
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [6656:2052] 000007fef7e65124
Thread C:\Windows\SysWOW64\ctfmon.exe [6304:5628] 00000000777ec557
Thread C:\Windows\SysWOW64\ctfmon.exe [6304:6368] 00000000759d8cfa

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dbcec5f
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0x17 0xCE 0x95 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD3 0x63 0xBC 0xC0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1A 0x4E 0xE0 0xCA ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dbcec5f (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xEC 0x17 0xCE 0x95 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD3 0x63 0xBC 0xC0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1A 0x4E 0xE0 0xCA ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\GWX\Usage@UsageTime 0x22 0x4A 0xE5 0x08 ...

---- EOF - GMER 2.1 ----

I jeszcze dds, gdyż otl o dziwo wygenerował tylko jeden plik w notatniku. Brak pliku extras. Robiłem 3 razy i za każdym razem to samo.

Z góry dziękuję za ewentualną pomoc. Pozdrawiam

**Posty:** 4765 · przez **ordynat** 02 Gru 2015, 00:06

W tych logach nie widzę niczego podejrzanego.

Na wszelki wypadek:
1) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego

2) Zrób logi z FRST > http://forum.programosy.pl/frst-otl-zoek-vt139692.html
Przed skanem zaznacz "Addition.txt"
.

Autor postu otrzymał pochwałę

**Posty:** 75 · przez **jknw** 02 Gru 2015, 18:42

Tak zrobiłem. Logi w załączniku. Reklamy nadal hasają po przeglądarce.

**Posty:** 4765 · przez **ordynat** 02 Gru 2015, 20:40

Tylko kosmetyka:
Otwórz Notatnik i wklej w nim:

AlternateDataStreams: C:\Windows\SysWOW64\CN1BC141NZ05NR:NW
HKU\S-1-5-21-4239445760-2519253434-279290759-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={D4C8D3AE-5FB9-43C0-997C-91EAA73F7B9A}&mid=666322bef8c047d0a2c1252442ad4f38-6bcf879531cec4d655bada52ba3d6b3e4b59263f&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0415tb&pr=fr&d=2014-11-12 21:13:57&v=4.1.0.411&pid=wtu&sg=&sap=hp
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://binkiland.com/results.php?f=4&q={searchTerms}&a=bnk_ir_15_11&cd=2XzuyEtN2Y1L1Qzu0FyEyC0DtDyEyEzy0AyC0C0ByD0Azy0DtN0D0Tzu0StCtCyCyDtN1L2XzutAtFzztFtAtFyEtN1L1CzutCyEtBzytDyD1V1PtN1L1G1B1V1N2Y1L1Qzu2StC0CtB0FyBzzyB0BtGyE0D0DtCtG0F0CyCyCtG0AyB0DtDtGtBtAtAtAtBzy0DtC0DzztAyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDtBtA0AtCtA0DtBtGyDyB0FzztGyE0E0ByDtGzzyBzztCtGtByBtDtCyDzz0EtAzzyBtD0E2QtN1B2Z1V1T1S1NzuyDzztA&cr=818282070&ir=
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Brak pliku
FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [Brak pliku]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-16] ()
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll [Brak pliku]
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [Brak pliku]
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll [Brak pliku]
FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [Brak pliku]
FF Extension: Real Summer Sale - C:\Users\cysio\AppData\Roaming\Mozilla\Firefox\Profiles\ir8ot3f8.default-1374799818177\extensions\realsummersale1@realsummersale.com [2013-08-09] [Brak podpisu cyfrowego]
FF Extension: Shopping App by Ask - C:\Users\cysio\AppData\Roaming\Mozilla\Firefox\Profiles\ir8ot3f8.default-1374799818177\Extensions\toolbar_ORJ-ST-SPE@apn.ask.com.xpi [2015-11-26]
S3 AmUStor; system32\drivers\AmUStor.SYS [X]
S3 ASUSProcObsrv; \??\E:\I386\AsPrOb64.sys [X]
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).

Z logów wynika, że nie masz żadnego "reklamiarza".
Przeinstaluj przeglądarkę, na której widzisz te reklamy.

.

Autor postu otrzymał pochwałę

**Posty:** 75 · przez **jknw** 04 Gru 2015, 20:16

Kosmetyka, nie kosmetyka. Reklamy znikły. Dziękuję!! :lol: