x-kom hosting

Rootkit

czarnysmok
utworzono
utworzono

Siema, mam wielki problem z komputerem.
Wczoraj w nocy skanowałem Avastem kompa i znalazł mi jakiegoś rootkita:
C:\Windows\Prefetch\AgAppLaunch.db
poziom zagrożenia wysoki
Ściągnąłem więc Malwarebytes' antimalware
lecz podczas skanowania wszystkie programy przestały mi chodzić
Uruchamiając Google Chrome, wyskakuje mi okienko i pisze MediaInfo i właściwości pliku.
Tak się dzieje z większością programów, bo przy niektórych wyskakuje okienko Instalator Windows, a następnie pisze że nastąpił jakiś tam problem ze skrótem.
Avast naipsał że może usunąć tego rootkita ale musze najpierw zresetować komputer.
Boję się jednak że po zresetowaniu i Avast nie będzie działać. Co mam zrobić?
Mam windows Vista Home Premium
Proszębardzo o pomoc

Gość
komentarz
komentarz

Wykonaj logi z OTL i GMER. Inaczej nic nie mozna doradzić.[b] [url="http://www.forumpc.pl/index.php?showtopic=104338"]KLIK[/url][/b] i [b][url="http://www.forumpc.pl/index.php?showtopic=116175"]KLIK[/url][/b]

czarnysmok
komentarz
komentarz

Żaden nie chce się otworzyć :/
Wyskakuje to okienko MediaInfo
Dodam że zanim przeskanowałem komputer wszystko było OK, dopiero podczas skanowania zaczęły się robić takie cuda

Gość
komentarz
komentarz

W trybie awaryjnym spróbuj uruchomić OTL i Gmera.

czarnysmok
komentarz
komentarz (edytowane)

Nie wiem jak to się stało, ale znowu wszystko działa poprawnie (wszystkie programy itd.)
Teraz spróbuje uruchomić je i dam logi.
Ale czyżbym miał doczynienia z wirusem atakującym o określonej godzinie? (takim jak Friday 13th?)
Logi z OTL
OTL
[log]OTL logfile created on: 2011-08-29 09:28:49 - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\mirek\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 49,21% Memory free
4,23 Gb Paging File | 2,94 Gb Available in Paging File | 69,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,20 Gb Total Space | 18,94 Gb Free Space | 16,16% Space Free | Partition Type: NTFS
Drive D: | 348,56 Gb Total Space | 150,75 Gb Free Space | 43,25% Space Free | Partition Type: NTFS
Drive H: | 7,39 Gb Total Space | 6,00 Gb Free Space | 81,13% Space Free | Partition Type: FAT32

Computer Name: MIREK-PC | User Name: mirek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Processes (All) ==========[/color]

PRC - [2011-08-29 09:26:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\mirek\Documents\Downloads\OTL.exe
PRC - [2011-08-28 20:14:17 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe
PRC - [2011-08-04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011-08-04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011-07-23 20:57:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011-07-23 20:57:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011-07-23 20:57:00 | 000,599,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2011-07-23 20:57:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011-07-04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011-06-07 17:51:12 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2011-06-07 17:51:02 | 000,820,520 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2011-04-08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2011-04-06 16:20:16 | 000,349,472 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
PRC - [2011-02-18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010-12-05 10:21:04 | 000,075,136 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
PRC - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
PRC - [2010-10-05 20:56:48 | 009,742,952 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2010-08-17 16:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spoolsv.exe
PRC - [2009-11-26 23:03:01 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
PRC - [2009-11-26 19:23:35 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
PRC - [2009-08-27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009-04-11 08:28:15 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winlogon.exe
PRC - [2009-04-11 08:28:07 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\servicing\TrustedInstaller.exe
PRC - [2009-04-11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\smss.exe
PRC - [2009-04-11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
PRC - [2009-04-11 08:27:59 | 000,441,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe
PRC - [2009-04-11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\services.exe
PRC - [2009-04-11 08:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLsvc.exe
PRC - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
PRC - [2008-07-14 14:45:16 | 000,336,384 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
PRC - [2008-07-14 14:43:04 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008-07-14 14:42:56 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2008-06-03 23:44:42 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008-05-20 11:57:52 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008-05-20 11:55:58 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008-01-19 00:33:42 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008-01-19 00:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008-01-19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008-01-19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininit.exe
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\svchost.exe [comLaunch]
PRC - [2008-01-19 00:33:16 | 000,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lsm.exe
PRC - [2008-01-19 00:33:10 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
PRC - [2008-01-19 00:33:10 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
PRC - [2008-01-19 00:33:06 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrss.exe
PRC - [2007-03-06 20:20:00 | 000,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007-02-20 12:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
PRC - [2007-02-09 13:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007-02-09 13:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2006-12-28 05:18:16 | 000,122,512 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2006-11-02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006-07-23 17:55:10 | 001,585,152 | ---- | M] () -- C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe


[color=#E56717]========== Modules (All) ==========[/color]

MOD - [2011-08-29 09:26:58 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\mirek\Documents\Downloads\OTL.exe
MOD - [2011-08-28 20:14:17 | 000,809,624 | ---- | M] (Google Inc.) -- C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\goopdate.dll
MOD - [2011-08-28 20:14:17 | 000,140,952 | ---- | M] (Google Inc.) -- C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe
MOD - [2011-08-28 13:19:59 | 006,277,280 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011-08-04 14:34:50 | 001,955,208 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
MOD - [2011-07-23 20:57:00 | 012,636,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
MOD - [2011-07-23 20:57:00 | 001,754,728 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvUpdate\NvUpdt.dll
MOD - [2011-07-23 20:57:00 | 001,614,952 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvui.dll
MOD - [2011-07-23 20:57:00 | 000,941,568 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NvUpdate\NvUpdtr.dll
MOD - [2011-07-23 20:57:00 | 000,600,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\easyupdatusapiu.dll
MOD - [2011-07-23 20:57:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
MOD - [2011-07-22 04:54:43 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
MOD - [2011-07-22 04:54:04 | 012,273,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
MOD - [2011-07-22 04:51:14 | 009,704,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
MOD - [2011-07-22 04:49:01 | 001,102,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
MOD - [2011-07-22 04:48:26 | 001,126,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
MOD - [2011-07-22 04:44:54 | 001,791,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
MOD - [2011-07-12 08:42:56 | 003,781,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
MOD - [2011-07-12 08:42:40 | 000,653,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
MOD - [2011-07-12 08:42:40 | 000,569,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll
MOD - [2011-07-12 08:34:28 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2011-07-12 08:34:28 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcp80.dll
MOD - [2011-07-04 13:44:01 | 000,193,624 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\1045\uiLangRes.dll
MOD - [2011-07-04 13:44:01 | 000,091,624 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\1045\Base.dll
MOD - [2011-07-04 13:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AvastUI.exe
MOD - [2011-07-04 13:43:51 | 001,762,296 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\CommonRes.dll
MOD - [2011-07-04 13:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2011-07-04 13:43:48 | 000,682,344 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\aswAux.dll
MOD - [2011-07-04 13:43:48 | 000,398,576 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\aswSqLt.dll
MOD - [2011-07-04 13:43:48 | 000,313,080 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MOD - [2011-07-04 13:43:48 | 000,201,864 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\aswLog.dll
MOD - [2011-07-04 13:43:48 | 000,201,352 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2011-07-04 13:43:48 | 000,163,200 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\aswData.dll
MOD - [2011-07-04 13:43:48 | 000,162,712 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MOD - [2011-07-04 13:43:48 | 000,046,328 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MOD - [2011-07-04 13:43:48 | 000,025,728 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\aswUtil.dll
MOD - [2011-07-04 13:43:47 | 000,095,232 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MOD - [2011-07-04 13:43:46 | 000,122,512 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\ashShell.dll
MOD - [2011-07-04 13:43:45 | 000,182,776 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\ashBase.dll
MOD - [2011-07-04 13:43:45 | 000,150,352 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\ashTask.dll
MOD - [2011-07-04 13:43:45 | 000,061,760 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MOD - [2011-07-04 13:43:44 | 000,105,520 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AhAScr.dll
MOD - [2011-07-04 13:43:42 | 000,311,544 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\Aavm4h.dll
MOD - [2011-07-04 13:43:42 | 000,070,024 | ---- | M] (AVAST Software) -- D:\Program Files\AVAST Software\Avast\AavmRpch.dll
MOD - [2011-06-15 18:12:11 | 000,182,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xmllite.dll
MOD - [2011-06-07 17:51:52 | 000,049,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.Resources\pl.lproj\iTunesHelperLocalized.dll
MOD - [2011-06-07 17:51:12 | 000,421,160 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
MOD - [2011-06-07 17:51:12 | 000,165,152 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.dll
MOD - [2011-06-07 17:51:12 | 000,047,904 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
MOD - [2011-04-29 17:59:36 | 000,276,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
MOD - [2011-04-14 19:23:07 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
MOD - [2011-04-14 19:23:06 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
MOD - [2011-04-14 19:23:06 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
MOD - [2011-04-14 19:23:05 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
MOD - [2011-04-14 19:09:52 | 001,075,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shdocvw.dll
MOD - [2011-04-14 19:09:52 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\stobject.dll
MOD - [2011-04-14 19:09:50 | 001,172,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
MOD - [2011-04-14 19:09:50 | 001,029,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
MOD - [2011-04-14 19:09:50 | 000,683,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
MOD - [2011-04-14 19:09:50 | 000,219,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
MOD - [2011-04-14 19:09:50 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
MOD - [2011-04-14 19:09:50 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
MOD - [2011-04-14 19:09:49 | 000,478,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
MOD - [2011-04-14 19:09:49 | 000,258,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winspool.drv
MOD - [2011-04-14 19:08:58 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2011-04-12 18:07:38 | 000,892,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\kernel32.dll
MOD - [2011-04-08 12:59:52 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
MOD - [2011-04-06 16:20:16 | 000,152,864 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mdnsNSP.dll
MOD - [2011-04-06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\Windows\System32\dnssd.dll
MOD - [2011-03-21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.exe
MOD - [2011-03-21 20:10:04 | 007,755,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Safari.dll
MOD - [2011-03-21 19:43:58 | 000,541,984 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\PubSubDLL.dll
MOD - [2011-03-21 17:30:10 | 007,003,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll
MOD - [2011-03-21 17:30:02 | 014,021,920 | ---- | M] (IBM Corporation and others) -- C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
MOD - [2011-03-21 17:30:02 | 001,041,696 | ---- | M] (IBM Corporation and others) -- C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
MOD - [2011-03-21 17:30:02 | 000,922,912 | ---- | M] (IBM Corporation and others) -- C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
MOD - [2011-03-10 19:03:51 | 001,136,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
MOD - [2011-03-02 17:44:26 | 000,168,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dnsapi.dll
MOD - [2011-02-22 15:33:12 | 001,068,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
MOD - [2011-02-18 16:37:48 | 001,307,936 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MOD - [2011-02-06 11:32:00 | 000,124,192 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MOD - [2011-02-06 11:31:58 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011-02-06 11:31:58 | 000,042,784 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MOD - [2011-02-06 11:31:56 | 001,379,104 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\JavaScriptCore.dll
MOD - [2011-02-06 11:31:52 | 003,818,784 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\CoreGraphics.dll
MOD - [2011-02-06 11:31:50 | 000,828,704 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MOD - [2011-02-06 11:31:46 | 000,628,000 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.dll
MOD - [2011-01-21 18:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shell32.dll
MOD - [2011-01-21 18:35:22 | 000,353,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shlwapi.dll
MOD - [2010-12-28 17:55:03 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
MOD - [2010-12-20 18:35:04 | 000,563,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleaut32.dll
MOD - [2010-11-29 17:38:12 | 012,115,968 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MOD - [2010-11-29 17:38:08 | 000,180,224 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTSystem\QTCF.dll
MOD - [2010-11-17 13:16:38 | 001,320,224 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\QuartzCore.dll
MOD - [2010-11-17 13:16:34 | 000,324,896 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libtidy.dll
MOD - [2010-11-17 13:16:26 | 001,295,648 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\CoreVideo.dll
MOD - [2010-11-17 13:16:14 | 000,075,040 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MOD - [2010-11-04 20:55:38 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
MOD - [2010-11-04 20:51:35 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\GdiPlus.dll
MOD - [2010-11-04 18:34:06 | 000,171,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskeng.exe
MOD - [2010-10-15 15:48:59 | 001,205,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdll.dll
MOD - [2010-10-05 20:56:48 | 009,742,952 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MOD - [2010-08-31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010-08-31 17:43:52 | 000,531,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\comctl32.dll
MOD - [2010-08-26 18:33:04 | 000,542,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\AppPatch\AcLayers.dll
MOD - [2010-07-23 05:15:48 | 000,470,816 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\SpellChecker.dll
MOD - [2010-07-23 05:15:46 | 000,343,840 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\Search.dll
MOD - [2010-07-23 04:37:50 | 000,291,616 | ---- | M] (Apple Inc.) -- C:\Program Files\Safari\SafariTheme.dll
MOD - [2010-06-28 19:00:21 | 001,316,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ole32.dll
MOD - [2010-06-18 19:31:29 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
MOD - [2010-06-11 18:15:06 | 001,248,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msxml3.dll
MOD - [2010-06-03 13:45:34 | 000,016,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\AppleVersions.dll
MOD - [2010-05-04 21:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2010-04-16 18:46:48 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\usp10.dll
MOD - [2009-12-23 13:33:29 | 000,172,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wintrust.dll
MOD - [2009-11-28 08:56:11 | 001,523,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NlsData0000.dll
MOD - [2009-11-26 23:05:20 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
MOD - [2009-11-26 23:03:44 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\lpk.dll
MOD - [2009-11-26 23:03:44 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
MOD - [2009-11-26 23:03:01 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
MOD - [2009-11-26 22:56:19 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
MOD - [2009-11-26 22:49:08 | 000,714,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
MOD - [2009-11-26 22:30:38 | 000,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
MOD - [2009-11-26 22:29:27 | 000,784,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
MOD - [2009-11-26 19:23:35 | 002,421,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
MOD - [2009-11-26 19:23:35 | 000,053,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
MOD - [2009-11-26 19:23:35 | 000,044,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
MOD - [2009-11-03 16:51:42 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009-11-03 16:51:34 | 000,406,816 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\SQLite3.dll
MOD - [2009-11-03 16:51:34 | 000,053,024 | ---- | M] (Open Source Software community project) -- C:\Program Files\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MOD - [2009-10-08 23:08:01 | 000,234,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oleacc.dll
MOD - [2009-10-01 03:02:04 | 000,334,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2009-10-01 03:02:02 | 000,087,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WPDShServiceObj.dll
MOD - [2009-10-01 03:01:59 | 000,160,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
MOD - [2009-10-01 03:01:47 | 000,134,144 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Portable Devices\sqmapi.dll
MOD - [2009-07-18 05:12:12 | 003,979,680 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\Flash10c.ocx
MOD - [2009-04-11 08:28:26 | 000,223,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscntfy.dll
MOD - [2009-04-11 08:28:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll
MOD - [2009-04-11 08:28:25 | 001,077,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vssapi.dll
MOD - [2009-04-11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\user32.dll
MOD - [2009-04-11 08:28:25 | 000,287,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\Wldap32.dll
MOD - [2009-04-11 08:28:25 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wevtapi.dll
MOD - [2009-04-11 08:28:25 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winmm.dll
MOD - [2009-04-11 08:28:25 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WinSCard.dll
MOD - [2009-04-11 08:28:25 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\userenv.dll
MOD - [2009-04-11 08:28:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\version.dll
MOD - [2009-04-11 08:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winrnr.dll
MOD - [2009-04-11 08:28:24 | 002,205,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SyncCenter.dll
MOD - [2009-04-11 08:28:24 | 001,591,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\setupapi.dll
MOD - [2009-04-11 08:28:24 | 000,466,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\riched20.dll
MOD - [2009-04-11 08:28:24 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srchadmin.dll
MOD - [2009-04-11 08:28:24 | 000,203,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uDWM.dll
MOD - [2009-04-11 08:28:24 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spp.dll
MOD - [2009-04-11 08:28:24 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samlib.dll
MOD - [2009-04-11 08:28:23 | 003,174,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netshell.dll
MOD - [2009-04-11 08:28:23 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009-04-11 08:28:23 | 001,823,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnidui.dll
MOD - [2009-04-11 08:28:23 | 001,541,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\onex.dll
MOD - [2009-04-11 08:28:23 | 000,754,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\propsys.dll
MOD - [2009-04-11 08:28:23 | 000,467,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netapi32.dll
MOD - [2009-04-11 08:28:23 | 000,286,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasapi32.dll
MOD - [2009-04-11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009-04-11 08:28:23 | 000,121,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntmarta.dll
MOD - [2009-04-11 08:28:23 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\powrprof.dll
MOD - [2009-04-11 08:28:23 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\olepro32.dll
MOD - [2009-04-11 08:28:22 | 000,805,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NaturalLanguage6.dll
MOD - [2009-04-11 08:28:22 | 000,679,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcrt.dll
MOD - [2009-04-11 08:28:22 | 000,406,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp60.dll
MOD - [2009-04-11 08:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mswsock.dll
MOD - [2009-04-11 08:28:22 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
MOD - [2009-04-11 08:28:22 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msutb.dll
MOD - [2009-04-11 08:28:22 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
MOD - [2009-04-11 08:28:21 | 002,241,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2009-04-11 08:28:21 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimtf.dll
MOD - [2009-04-11 08:28:20 | 002,012,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\milcore.dll
MOD - [2009-04-11 08:28:20 | 000,807,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msctf.dll
MOD - [2009-04-11 08:28:20 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mscms.dll
MOD - [2009-04-11 08:28:20 | 000,378,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imapi2.dll
MOD - [2009-04-11 08:28:20 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MMDevAPI.dll
MOD - [2009-04-11 08:28:20 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imm32.dll
MOD - [2009-04-11 08:28:20 | 000,091,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IPHLPAPI.DLL
MOD - [2009-04-11 08:28:20 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpr.dll
MOD - [2009-04-11 08:28:20 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsCtfMonitor.dll
MOD - [2009-04-11 08:28:20 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\midimap.dll
MOD - [2009-04-11 08:28:19 | 000,595,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FWPUCLNT.DLL
MOD - [2009-04-11 08:28:19 | 000,444,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dsound.dll
MOD - [2009-04-11 08:28:19 | 000,297,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdi32.dll
MOD - [2009-04-11 08:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\es.dll
MOD - [2009-04-11 08:28:19 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fundisc.dll
MOD - [2009-04-11 08:28:19 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappcfg.dll
MOD - [2009-04-11 08:28:19 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
MOD - [2009-04-11 08:28:19 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehSSO.dll
MOD - [2009-04-11 08:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009-04-11 08:28:19 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gpapi.dll
MOD - [2009-04-11 08:28:19 | 000,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\fdProxy.dll
MOD - [2009-04-11 08:28:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame.dll
MOD - [2009-04-11 08:28:18 | 001,985,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
MOD - [2009-04-11 08:28:18 | 001,788,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d9.dll
MOD - [2009-04-11 08:28:18 | 001,324,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\browseui.dll
MOD - [2009-04-11 08:28:18 | 001,112,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
MOD - [2009-04-11 08:28:18 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\crypt32.dll
MOD - [2009-04-11 08:28:18 | 000,971,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptui.dll
MOD - [2009-04-11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.dll
MOD - [2009-04-11 08:28:18 | 000,323,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\certcli.dll
MOD - [2009-04-11 08:28:18 | 000,274,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bcrypt.dll
MOD - [2009-04-11 08:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc.dll
MOD - [2009-04-11 08:28:18 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
MOD - [2009-04-11 08:28:18 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
MOD - [2009-04-11 08:28:18 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\authz.dll
MOD - [2009-04-11 08:28:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2009-04-11 08:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009-04-11 08:28:17 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\advapi32.dll
MOD - [2009-04-11 08:28:17 | 000,171,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\apphelp.dll
MOD - [2009-04-11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Sidebar\sidebar.exe
MOD - [2009-04-11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009-04-11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
MOD - [2009-04-11 08:27:33 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwm.exe
MOD - [2009-04-11 08:27:12 | 000,640,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\bthprops.cpl
MOD - [2009-04-11 08:27:12 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wdmaud.drv
MOD - [2009-04-11 08:27:12 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.drv
MOD - [2008-08-13 11:22:42 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc70.dll
MOD - [2008-08-13 11:22:42 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp70.dll
MOD - [2008-08-13 11:22:42 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr70.dll
MOD - [2008-07-14 14:45:16 | 000,336,384 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Portrait Displays\HP My Display\dthtml.exe
MOD - [2008-07-14 14:43:12 | 000,151,552 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2008-07-14 14:43:08 | 000,118,784 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\colorcal.dll
MOD - [2008-07-14 14:43:06 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2008-07-14 14:42:56 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
MOD - [2008-07-14 14:42:50 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2008-06-03 23:44:42 | 000,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
MOD - [2008-05-20 11:57:40 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Windows\temp\logishrd\LVPrcInj01.dll
MOD - [2008-05-20 11:56:20 | 000,068,120 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll
MOD - [2008-05-20 11:56:08 | 000,453,144 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVCSCli.dll
MOD - [2008-05-20 11:55:58 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
MOD - [2008-01-19 00:38:16 | 000,090,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpOAV.dll
MOD - [2008-01-19 00:38:04 | 000,155,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dssenh.dll
MOD - [2008-01-19 00:37:12 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wtsapi32.dll
MOD - [2008-01-19 00:37:12 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wsock32.dll
MOD - [2008-01-19 00:37:12 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WSHTCPIP.DLL
MOD - [2008-01-19 00:37:12 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wship6.dll
MOD - [2008-01-19 00:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ws2_32.dll
MOD - [2008-01-19 00:37:06 | 000,195,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnssci.dll
MOD - [2008-01-19 00:36:58 | 000,140,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2008-01-19 00:36:56 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winnsi.dll
MOD - [2008-01-19 00:36:50 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vsstrace.dll
MOD - [2008-01-19 00:36:48 | 000,240,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll
MOD - [2008-01-19 00:36:42 | 001,298,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TMM.dll
MOD - [2008-01-19 00:36:38 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sxs.dll
MOD - [2008-01-19 00:36:36 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srclient.dll
MOD - [2008-01-19 00:36:26 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shacct.dll
MOD - [2008-01-19 00:36:26 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll
MOD - [2008-01-19 00:36:16 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rapistub.dll
MOD - [2008-01-19 00:36:16 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QUTIL.DLL
MOD - [2008-01-19 00:36:16 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasman.dll
MOD - [2008-01-19 00:36:14 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\QAGENT.DLL
MOD - [2008-01-19 00:36:08 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pnrpnsp.dll
MOD - [2008-01-19 00:36:08 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PlaySndSrv.dll
MOD - [2008-01-19 00:36:02 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\oledlg.dll
MOD - [2008-01-19 00:36:00 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntshrui.dll
MOD - [2008-01-19 00:36:00 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntdsapi.dll
MOD - [2008-01-19 00:36:00 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2008-01-19 00:35:58 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nsi.dll
MOD - [2008-01-19 00:35:40 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\nlaapi.dll
MOD - [2008-01-19 00:35:36 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\NapiNSP.dll
MOD - [2008-01-19 00:34:56 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msacm32.dll
MOD - [2008-01-19 00:34:56 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdmo.dll
MOD - [2008-01-19 00:34:50 | 000,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mlang.dll
MOD - [2008-01-19 00:34:34 | 000,153,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imagehlp.dll
MOD - [2008-01-19 00:34:30 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\icm32.dll
MOD - [2008-01-19 00:34:28 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\HotStartUserAgent.dll
MOD - [2008-01-19 00:34:22 | 000,403,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\FirewallAPI.dll
MOD - [2008-01-19 00:34:10 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxva2.dll
MOD - [2008-01-19 00:34:10 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\eappprxy.dll
MOD - [2008-01-19 00:34:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008-01-19 00:34:08 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmredir.dll
MOD - [2008-01-19 00:34:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2008-01-19 00:34:04 | 000,798,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dbghelp.dll
MOD - [2008-01-19 00:34:04 | 000,522,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddraw.dll
MOD - [2008-01-19 00:34:04 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devenum.dll
MOD - [2008-01-19 00:34:04 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dimsjob.dll
MOD - [2008-01-19 00:34:02 | 000,816,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3dim700.dll
MOD - [2008-01-19 00:34:02 | 000,097,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptnet.dll
MOD - [2008-01-19 00:34:02 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptdll.dll
MOD - [2008-01-19 00:34:00 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll
MOD - [2008-01-19 00:33:54 | 000,523,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\clbcatq.dll
MOD - [2008-01-19 00:33:54 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ceutil.dll
MOD - [2008-01-19 00:33:54 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2008-01-19 00:33:50 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cabinet.dll
MOD - [2008-01-19 00:33:48 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\avrt.dll
MOD - [2008-01-19 00:33:46 | 000,397,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
MOD - [2008-01-19 00:33:44 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008-01-19 00:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
MOD - [2008-01-19 00:33:10 | 000,125,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehtray.exe
MOD - [2008-01-19 00:33:10 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehmsas.exe
MOD - [2008-01-19 00:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2007-10-04 14:37:40 | 000,200,704 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\wrapi2c.dll
MOD - [2007-10-04 14:36:40 | 000,065,536 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Drivers\vista.dll
MOD - [2007-04-10 18:43:58 | 000,172,032 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\brccFCtl.dll
MOD - [2007-04-10 07:46:42 | 000,081,920 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrDbgOut.dll
MOD - [2007-04-05 17:31:20 | 000,598,016 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\brccDCtl.dll
MOD - [2007-03-28 11:42:46 | 005,365,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\brccimg.dll
MOD - [2007-03-06 20:20:00 | 000,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
MOD - [2007-02-27 10:56:40 | 000,110,592 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\brccpol.dll
MOD - [2007-02-20 12:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
MOD - [2007-02-18 09:29:16 | 000,058,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Virtual PC\VPCShExH.dll
MOD - [2007-02-09 13:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007-02-09 13:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007-02-09 13:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2007-02-09 13:15:42 | 000,372,736 | ---- | M] (Intel Corporation) -- C:\Program Files\Portrait Displays\Pivot Software\ijl15.dll
MOD - [2007-01-11 14:07:16 | 000,061,440 | ---- | M] (Brother Industries,LTD.) -- C:\Program Files\Brother\ControlCenter3\BrImgPDF.dll
MOD - [2006-11-02 14:35:33 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehProxy.dll
MOD - [2006-11-02 14:34:50 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\AltTab.dll
MOD - [2006-11-02 14:34:48 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\linkinfo.dll
MOD - [2006-11-02 14:34:41 | 000,198,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sti.dll
MOD - [2006-11-02 14:34:41 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wiatrace.dll
MOD - [2006-11-02 14:34:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
MOD - [2006-11-02 11:46:14 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wlanutil.dll
MOD - [2006-11-02 11:46:13 | 000,869,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winbrand.dll
MOD - [2006-11-02 11:46:13 | 000,191,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tapi32.dll
MOD - [2006-11-02 11:46:13 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SndVolSSO.dll
MOD - [2006-11-02 11:46:13 | 000,111,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shimeng.dll
MOD - [2006-11-02 11:46:13 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSChannel.dll
MOD - [2006-11-02 11:46:13 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wcescommproxy.dll
MOD - [2006-11-02 11:46:13 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\shfolder.dll
MOD - [2006-11-02 11:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll
MOD - [2006-11-02 11:46:12 | 000,091,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rapi.dll
MOD - [2006-11-02 11:46:12 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pautoenr.dll
MOD - [2006-11-02 11:46:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\npmproxy.dll
MOD - [2006-11-02 11:46:12 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rapiproxystub.dll
MOD - [2006-11-02 11:46:12 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\psapi.dll
MOD - [2006-11-02 11:46:12 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rasadhlp.dll
MOD - [2006-11-02 11:46:12 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SensApi.dll
MOD - [2006-11-02 11:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll
MOD - [2006-11-02 11:46:07 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msimg32.dll
MOD - [2006-11-02 11:46:05 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\hid.dll
MOD - [2006-11-02 11:46:05 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ksuser.dll
MOD - [2006-11-02 11:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2006-11-02 11:46:03 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ddrawex.dll
MOD - [2006-11-02 11:46:03 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d8thk.dll
MOD - [2006-11-02 11:46:02 | 000,737,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\batmeter.dll
MOD - [2006-11-02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
MOD - [2006-11-02 11:42:17 | 000,229,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbcint.dll
MOD - [2006-11-02 10:33:06 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\normaliz.dll
MOD - [2006-10-09 16:07:22 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\msvcr71.dll
MOD - [2006-10-09 16:07:20 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\MFC71.dll
MOD - [2006-07-23 17:55:10 | 001,585,152 | ---- | M] () -- C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe
MOD - [2006-03-14 09:46:40 | 000,041,078 | ---- | M] () -- C:\Program Files\Multimedia Keyboard Driver\keydll.dll
MOD - [2005-07-05 01:00:00 | 000,131,584 | ---- | M] (LEAD Technologies, Inc.) -- C:\Program Files\Brother\ControlCenter3\ltfil12n.DLL
MOD - [2004-04-25 10:27:46 | 000,429,568 | ---- | M] () -- C:\Program Files\Multimedia Keyboard Driver\Dllmkkbd.dll
MOD - [2003-11-03 14:17:44 | 000,054,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
MOD - [2003-06-30 01:00:02 | 000,406,016 | ---- | M] (LEAD Technologies, Inc.) -- C:\Program Files\Brother\ControlCenter3\ltkrn12n.dll
MOD - [2003-06-30 01:00:02 | 000,259,584 | ---- | M] (LEAD Technologies, Inc.) -- C:\Program Files\Brother\ControlCenter3\LTDIS12n.dll
MOD - [2002-01-05 04:40:18 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Portrait Displays\Pivot Software\msvcp70.dll
MOD - [2002-01-05 04:37:26 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Portrait Displays\Pivot Software\msvcr70.dll
MOD - [2001-06-01 10:26:00 | 000,372,736 | ---- | M] (Intel Corporation) -- C:\Windows\ijl15.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (PCLEPCI)
SRV - [2011-08-04 14:34:46 | 001,361,288 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011-07-23 20:57:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011-07-04 13:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009-08-27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008-08-07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2008-07-14 14:43:04 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008-05-20 11:57:52 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008-05-20 11:55:58 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008-01-19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008-01-19 00:36:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008-01-19 00:36:16 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006-12-28 05:18:16 | 000,122,512 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011-07-23 20:57:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011-07-12 08:34:48 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VMM.sys -- (vmm)
DRV - [2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011-07-04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011-05-10 08:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2011-03-10 13:48:53 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011-03-10 13:48:53 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010-11-10 03:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam 3000(UVC)
DRV - [2010-11-10 03:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010-01-27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009-12-01 13:19:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009-11-26 19:18:57 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009-03-25 17:48:00 | 000,114,728 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdm.sys -- (s1018mdm)
DRV - [2009-03-25 17:48:00 | 000,109,864 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018unic.sys -- (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM)
DRV - [2009-03-25 17:48:00 | 000,106,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mgmt.sys -- (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM)
DRV - [2009-03-25 17:48:00 | 000,104,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018obex.sys -- (s1018obex)
DRV - [2009-03-25 17:48:00 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018bus.sys -- (s1018bus) Sony Ericsson Device 1018 driver (WDM)
DRV - [2009-03-25 17:48:00 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018nd5.sys -- (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS)
DRV - [2009-03-25 17:48:00 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s1018mdfl.sys -- (s1018mdfl)
DRV - [2009-03-18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-02-03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008-11-11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008-11-11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008-11-11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008-05-20 20:58:46 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008-05-20 11:57:16 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008-01-25 10:46:40 | 000,106,496 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008-01-09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007-01-29 07:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2007-01-04 11:07:00 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2006-11-16 18:20:48 | 000,015,920 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2006-07-10 18:19:58 | 000,027,032 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2006-06-14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2006-02-20 03:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3642724041-775497293-4254375494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.onet.pl/
IE - HKU\S-1-5-21-3642724041-775497293-4254375494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3642724041-775497293-4254375494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3642724041-775497293-4254375494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: D:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: D:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mirek\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mirek\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\RelevantKnowledge
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2010-05-07 15:31:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-03-25 20:46:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{F2DDDB92-1605-4260-9B25-45A4DAE87B50}
[2008-06-30 14:44:08 | 000,324,976 | ---- | M] (Symantec Corporation) -- C:\Program Files\mozilla firefox\components\coFFPlgn.dll

O1 HOSTS File: ([2011-01-03 23:22:37 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\S-1-5-21-3642724041-775497293-4254375494-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DT HPW] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WireLessKeyboard] File not found
O4 - HKU\S-1-5-21-3642724041-775497293-4254375494-1000..\Run: [Wisdom-soft ScreenHunter 5.1 Free] File not found
O4 - HKU\S-1-5-21-3642724041-775497293-4254375494-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3642724041-775497293-4254375494-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3642724041-775497293-4254375494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3642724041-775497293-4254375494-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {68282C51-9459-467B-95BF-3C0E89627E55} http://www.mks.com.pl/skaner/SkanerOnline.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.53.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_15-windows-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\mirek\Pictures\Tapety\aston-martin-w-zabytkowej-okolicy.jpg
O24 - Desktop BackupWallPaper: C:\Users\mirek\Pictures\Tapety\aston-martin-w-zabytkowej-okolicy.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-12-23 19:01:02 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3642724041-775497293-4254375494-1000\...com [@ = ComFile] -- Reg Error: Key error. File not found
O37 - HKU\S-1-5-21-3642724041-775497293-4254375494-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^Users^mirek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Tworzenie wycinków ekranu i uruchamianie programu OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: [b]BrMfcWnd[/b] - hkey= - key= - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
MsConfig - StartUpReg: [b]RGSC[/b] - hkey= - key= - File not found
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

[color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color]

[2011-08-29 08:01:02 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011-08-29 07:42:44 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-08-29 07:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011-08-29 07:42:36 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-08-29 07:42:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011-08-28 20:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011-08-28 20:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011-08-28 20:49:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2011-08-28 20:49:30 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011-08-21 10:30:19 | 000,000,000 | ---D | C] -- C:\Users\mirek\AppData\Roaming\Mozilla
[2011-08-11 21:02:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WAV MP3 Converter
[2011-08-11 21:02:26 | 000,000,000 | ---D | C] -- C:\Program Files\WAV MP3 Converter 4
[2011-08-10 12:38:42 | 000,000,000 | ---D | C] -- C:\Users\mirek\Desktop\eee
[2011-08-09 09:27:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2011-08-09 09:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\LogMeIn Hamachi
[2011-08-08 09:51:20 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011-08-08 09:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster
[2011-08-08 09:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2011-07-29 15:19:52 | 000,000,000 | ---D | C] -- C:\Program Files\Steinberg
[2011-07-29 15:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar FX BOX 3
[2011-07-29 13:13:56 | 000,000,000 | ---D | C] -- C:\Users\mirek\AppData\Roaming\GARMIN
[2011-07-29 13:13:19 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin GPS Plugin
[2011-07-29 13:13:12 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011-07-29 13:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2011-07-28 10:53:20 | 000,000,000 | ---D | C] -- C:\Users\mirek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011-07-28 10:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2011-07-28 10:53:18 | 000,000,000 | ---D | C] -- C:\Users\mirek\AppData\Roaming\Notepad++
[2011-07-26 10:30:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011-07-24 18:30:46 | 000,000,000 | ---D | C] -- C:\Users\mirek\Documents\RPGXP
[2011-07-24 18:29:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Enterbrain
[2011-07-24 18:23:09 | 000,000,000 | ---D | C] -- C:\Program Files\Enterbrain
[2011-07-24 18:05:03 | 000,000,000 | ---D | C] -- C:\Users\mirek\Documents\RPGVX
[2011-07-24 18:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\RPG Maker
[2011-07-20 13:13:02 | 000,000,000 | ---D | C] -- C:\Program Files\Disney Interactive Studios
[2011-07-15 08:03:55 | 000,000,000 | ---D | C] -- C:\Users\mirek\Documents\Rockstar Games
[2011-07-12 21:03:39 | 000,107,888 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011-07-12 15:08:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2011-07-12 15:08:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games for Windows - LIVE
[2011-07-12 09:01:41 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011-07-10 11:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011-07-10 11:53:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011-07-10 11:52:14 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011-07-10 11:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011-07-09 14:49:11 | 000,000,000 | ---D | C] -- C:\Users\mirek\.MinecraftStructurePlanner
[2011-07-08 09:56:08 | 000,000,000 | ---D | C] -- C:\Users\mirek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MCEdit
[2011-07-06 09:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter
[2011-04-16 18:23:10 | 000,122,368 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 60 Days ==========[/color]

[2011-08-29 09:34:32 | 006,029,312 | -HS- | M] () -- C:\Users\mirek\NTUSER.DAT
[2011-08-29 09:26:39 | 001,522,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2011-08-29 09:26:39 | 000,682,804 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2011-08-29 09:26:39 | 000,604,800 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-08-29 09:26:39 | 000,136,182 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2011-08-29 09:26:39 | 000,108,236 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-08-29 09:21:50 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011-08-29 09:21:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2011-08-29 09:21:40 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011-08-29 09:21:39 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011-08-29 09:21:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-08-29 09:21:30 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2011-08-29 09:20:09 | 006,291,456 | -H-- | M] () -- C:\Users\mirek\AppData\Local\IconCache.db
[2011-08-29 09:20:09 | 000,524,288 | -HS- | M] () -- C:\Users\mirek\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2011-08-29 09:20:09 | 000,065,536 | -HS- | M] () -- C:\Users\mirek\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011-08-29 09:19:00 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3642724041-775497293-4254375494-1000UA.job
[2011-08-29 08:49:01 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011-08-28 20:19:00 | 000,001,006 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3642724041-775497293-4254375494-1000Core.job
[2011-08-28 13:18:10 | 002,354,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-08-28 12:29:03 | 000,156,672 | ---- | M] () -- C:\Users\mirek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-08-28 11:49:57 | 000,003,844 | ---- | M] () -- C:\Users\mirek\Documents\cc_20110828_114945.reg
[2011-08-27 09:23:10 | 000,002,042 | ---- | M] () -- C:\Users\mirek\Desktop\Google Chrome.lnk
[2011-08-21 12:10:15 | 000,205,846 | ---- | M] () -- C:\Users\mirek\Desktop\idziejesien.jpg
[2011-08-13 05:30:23 | 000,023,432 | ---- | M] () -- C:\Users\mirek\Desktop\81fac78fb822c02d4aa939f749b8648b.jpg
[2011-08-11 21:30:54 | 000,002,906 | ---- | M] () -- C:\Users\mirek\Documents\cc_20110811_213052.reg
[2011-08-11 21:10:22 | 001,374,417 | ---- | M] () -- C:\Users\mirek\Documents\13. Dyplomata.mp3
[2011-08-11 21:10:15 | 001,748,917 | ---- | M] () -- C:\Users\mirek\Documents\12. Bal kreslarzy.mp3
[2011-08-11 21:10:05 | 002,479,101 | ---- | M] () -- C:\Users\mirek\Documents\11. Kurwy wedrowniczki.mp3
[2011-08-11 21:09:52 | 002,871,963 | ---- | M] () -- C:\Users\mirek\Documents\10. Marianna.mp3
[2011-08-11 21:09:37 | 003,279,501 | ---- | M] () -- C:\Users\mirek\Documents\09. Wroci wiosna, baronowo.mp3
[2011-08-11 21:09:19 | 002,610,335 | ---- | M] () -- C:\Users\mirek\Documents\08. W czarnej urnie.mp3
[2011-08-11 21:09:05 | 002,737,396 | ---- | M] () -- C:\Users\mirek\Documents\07. Knajpa mordercow.mp3
[2011-08-11 21:08:50 | 001,557,935 | ---- | M] () -- C:\Users\mirek\Documents\06. Inzynierowie z Petrobudowy.mp3
[2011-08-11 21:08:42 | 002,862,360 | ---- | M] () -- C:\Users\mirek\Documents\05. Krolowa zycia.mp3
[2011-08-11 21:08:26 | 001,756,456 | ---- | M] () -- C:\Users\mirek\Documents\04. Notoryczna narzeczona.mp3
[2011-08-11 21:08:17 | 002,504,575 | ---- | M] () -- C:\Users\mirek\Documents\03. Baranek.mp3
[2011-08-11 21:08:03 | 002,587,793 | ---- | M] () -- C:\Users\mirek\Documents\02. Dziewczyna sie bala pogrzebow.mp3
[2011-08-11 21:07:49 | 003,854,581 | ---- | M] () -- C:\Users\mirek\Documents\01. Celina.mp3
[2011-08-11 21:07:00 | 002,198,691 | ---- | M] () -- C:\Users\mirek\Documents\16. Kochaj mnie, a będę twoją (wersja bez V.V.).mp3
[2011-08-11 21:06:49 | 002,113,813 | ---- | M] () -- C:\Users\mirek\Documents\15. Marianna (inaczej niż na 1).mp3
[2011-08-11 21:06:38 | 001,509,820 | ---- | M] () -- C:\Users\mirek\Documents\14. Dolina.mp3
[2011-08-11 21:06:30 | 001,457,165 | ---- | M] () -- C:\Users\mirek\Documents\13. Prowokator.mp3
[2011-08-11 21:06:22 | 004,329,815 | ---- | M] () -- C:\Users\mirek\Documents\12. A gdy będę umierał.mp3
[2011-08-11 21:05:59 | 003,430,365 | ---- | M] () -- C:\Users\mirek\Documents\11. Latający Holender.mp3
[2011-08-11 21:05:41 | 001,775,672 | ---- | M] () -- C:\Users\mirek\Documents\10. Kołysanka stalinowska.mp3
[2011-08-11 21:05:32 | 002,831,863 | ---- | M] () -- C:\Users\mirek\Documents\09. Ballada o dwóch siostrach.mp3
[2011-08-11 21:05:17 | 002,392,150 | ---- | M] () -- C:\Users\mirek\Documents\08. Gwiazda szeryfa.mp3
[2011-08-11 21:05:05 | 002,965,182 | ---- | M] () -- C:\Users\mirek\Documents\07. Zastanówcie się sami.mp3
[2011-08-11 21:04:49 | 004,782,039 | ---- | M] () -- C:\Users\mirek\Documents\06. Samotni ludzie.mp3
[2011-08-11 21:04:26 | 001,610,144 | ---- | M] () -- C:\Users\mirek\Documents\05. Ty albo żadna.mp3
[2011-08-11 21:04:17 | 003,239,373 | ---- | M] () -- C:\Users\mirek\Documents\04. Nie dorosłem do swych lat.mp3
[2011-08-11 21:04:00 | 003,240,183 | ---- | M] () -- C:\Users\mirek\Documents\03. Śmierć poety.mp3
[2011-08-11 21:03:44 | 002,186,116 | ---- | M] () -- C:\Users\mirek\Documents\02. Kochaj mnie, a będę twoją.mp3
[2011-08-11 21:03:33 | 002,151,017 | ---- | M] () -- C:\Users\mirek\Documents\01. Jeśli zechcesz odejść - odejdź.mp3
[2011-08-11 13:44:50 | 000,245,403 | ---- | M] () -- C:\Users\mirek\Documents\BackDropTheVision.jpg
[2011-08-11 12:42:33 | 000,831,390 | ---- | M] () -- C:\Users\mirek\Documents\walla_rus_mountain_conv010.wav
[2011-08-08 09:45:14 | 000,001,356 | ---- | M] () -- C:\Users\mirek\AppData\Local\d3d9caps.dat
[2011-08-08 09:41:10 | 000,001,260 | ---- | M] () -- C:\Users\mirek\Documents\cc_20110808_094054.reg
[2011-08-04 18:05:51 | 011,314,265 | ---- | M] () -- C:\Users\mirek\Desktop\umowa i podatek.rar
[2011-07-29 16:56:41 | 000,021,400 | ---- | M] () -- C:\Users\mirek\Documents\cc_20110729_165638.reg
[2011-07-27 08:09:31 | 000,001,890 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2011-07-24 18:46:27 | 000,000,056 | RHS- | M] () -- C:\Windows\System32\3A85C07040.sys
[2011-07-23 20:57:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011-07-23 20:57:00 | 000,004,358 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011-07-12 21:03:39 | 000,107,888 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\System32\CmdLineExt.dll
[2011-07-12 09:08:45 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011-07-12 09:01:08 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011-07-12 09:00:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011-07-12 08:26:49 | 000,006,504 | ---- | M] () -- C:\Users\mirek\Documents\cc_20110712_082646.reg
[2011-07-10 11:44:24 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011-07-10 10:52:52 | 000,005,336 | ---- | M] () -- C:\Users\mirek\Documents\cc_20110710_105250.reg
[2011-07-06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011-07-06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011-07-04 13:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011-07-04 13:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011-07-04 13:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011-07-04 13:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011-07-04 13:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011-07-04 13:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011-07-04 13:32:20 | 000,054,104 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011-07-04 13:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011-08-28 20:58:36 | 000,000,764 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2011-08-28 11:49:47 | 000,003,844 | ---- | C] () -- C:\Users\mirek\Documents\cc_20110828_114945.reg
[2011-08-21 12:10:25 | 000,205,846 | ---- | C] () -- C:\Users\mirek\Desktop\idziejesien.jpg
[2011-08-13 05:30:51 | 000,023,432 | ---- | C] () -- C:\Users\mirek\Desktop\81fac78fb822c02d4aa939f749b8648b.jpg
[2011-08-11 21:30:53 | 000,002,906 | ---- | C] () -- C:\Users\mirek\Documents\cc_20110811_213052.reg
[2011-08-11 21:10:15 | 001,374,417 | ---- | C] () -- C:\Users\mirek\Documents\13. Dyplomata.mp3
[2011-08-11 21:10:05 | 001,748,917 | ---- | C] () -- C:\Users\mirek\Documents\12. Bal kreslarzy.mp3
[2011-08-11 21:09:52 | 002,479,101 | ---- | C] () -- C:\Users\mirek\Documents\11. Kurwy wedrowniczki.mp3
[2011-08-11 21:09:37 | 002,871,963 | ---- | C] () -- C:\Users\mirek\Documents\10. Marianna.mp3
[2011-08-11 21:09:19 | 003,279,501 | ---- | C] () -- C:\Users\mirek\Documents\09. Wroci wiosna, baronowo.mp3
[2011-08-11 21:09:05 | 002,610,335 | ---- | C] () -- C:\Users\mirek\Documents\08. W czarnej urnie.mp3
[2011-08-11 21:08:50 | 002,737,396 | ---- | C] () -- C:\Users\mirek\Documents\07. Knajpa mordercow.mp3
[2011-08-11 21:08:42 | 001,557,935 | ---- | C] () -- C:\Users\mirek\Documents\06. Inzynierowie z Petrobudowy.mp3
[2011-08-11 21:08:26 | 002,862,360 | ---- | C] () -- C:\Users\mirek\Documents\05. Krolowa zycia.mp3
[2011-08-11 21:08:17 | 001,756,456 | ---- | C] () -- C:\Users\mirek\Documents\04. Notoryczna narzeczona.mp3
[2011-08-11 21:08:03 | 002,504,575 | ---- | C] () -- C:\Users\mirek\Documents\03. Baranek.mp3
[2011-08-11 21:07:49 | 002,587,793 | ---- | C] () -- C:\Users\mirek\Documents\02. Dziewczyna sie bala pogrzebow.mp3
[2011-08-11 21:07:28 | 003,854,581 | ---- | C] () -- C:\Users\mirek\Documents\01. Celina.mp3
[2011-08-11 21:06:49 | 002,198,691 | ---- | C] () -- C:\Users\mirek\Documents\16. Kochaj mnie, a będę twoją (wersja bez V.V.).mp3
[2011-08-11 21:06:38 | 002,113,813 | ---- | C] () -- C:\Users\mirek\Documents\15. Marianna (inaczej niż na 1).mp3
[2011-08-11 21:06:30 | 001,509,820 | ---- | C] () -- C:\Users\mirek\Documents\14. Dolina.mp3
[2011-08-11 21:06:22 | 001,457,165 | ---- | C] () -- C:\Users\mirek\Documents\13. Prowokator.mp3
[2011-08-11 21:05:59 | 004,329,815 | ---- | C] () -- C:\Users\mirek\Documents\12. A gdy będę umierał.mp3
[2011-08-11 21:05:41 | 003,430,365 | ---- | C] () -- C:\Users\mirek\Documents\11. Latający Holender.mp3
[2011-08-11 21:05:32 | 001,775,672 | ---- | C] () -- C:\Users\mirek\Documents\10. Kołysanka stalinowska.mp3
[2011-08-11 21:05:17 | 002,831,863 | ---- | C] () -- C:\Users\mirek\Documents\09. Ballada o dwóch siostrach.mp3
[2011-08-11 21:05:05 | 002,392,150 | ---- | C] () -- C:\Users\mirek\Documents\08. Gwiazda szeryfa.mp3
[2011-08-11 21:04:49 | 002,965,182 | ---- | C] () -- C:\Users\mirek\Documents\07. Zastanówcie się sami.mp3
[2011-08-11 21:04:26 | 004,782,039 | ---- | C] () -- C:\Users\mirek\Documents\06. Samotni ludzie.mp3
[2011-08-11 21:04:17 | 001,610,144 | ---- | C] () -- C:\Users\mirek\Documents\05. Ty albo żadna.mp3
[2011-08-11 21:04:00 | 003,239,373 | ---- | C] () -- C:\Users\mirek\Documents\04. Nie dorosłem do swych lat.mp3
[2011-08-11 21:03:44 | 003,240,183 | ---- | C] () -- C:\Users\mirek\Documents\03. Śmierć poety.mp3
[2011-08-11 21:03:33 | 002,186,116 | ---- | C] () -- C:\Users\mirek\Documents\02. Kochaj mnie, a będę twoją.mp3
[2011-08-11 21:03:22 | 002,151,017 | ---- | C] () -- C:\Users\mirek\Documents\01. Jeśli zechcesz odejść - odejdź.mp3
[2011-08-11 13:44:27 | 000,245,403 | ---- | C] () -- C:\Users\mirek\Documents\BackDropTheVision.jpg
[2011-08-11 12:37:24 | 000,831,390 | ---- | C] () -- C:\Users\mirek\Documents\walla_rus_mountain_conv010.wav
[2011-08-08 09:40:57 | 000,001,260 | ---- | C] () -- C:\Users\mirek\Documents\cc_20110808_094054.reg
[2011-08-04 18:05:47 | 011,314,265 | ---- | C] () -- C:\Users\mirek\Desktop\umowa i podatek.rar
[2011-07-29 16:56:40 | 000,021,400 | ---- | C] () -- C:\Users\mirek\Documents\cc_20110729_165638.reg
[2011-07-24 18:30:14 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\3A85C07040.sys
[2011-07-24 18:30:10 | 000,001,890 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2011-07-24 18:23:10 | 000,002,495 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RPG Maker XP.lnk
[2011-07-12 09:01:08 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011-07-12 09:00:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011-07-12 08:26:48 | 000,006,504 | ---- | C] () -- C:\Users\mirek\Documents\cc_20110712_082646.reg
[2011-07-10 10:52:51 | 000,005,336 | ---- | C] () -- C:\Users\mirek\Documents\cc_20110710_105250.reg
[2011-04-16 18:23:17 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011-04-16 18:23:16 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011-04-16 18:23:10 | 000,631,808 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011-04-16 18:23:10 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011-04-16 18:23:10 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011-04-16 18:23:10 | 000,000,590 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2011-03-15 21:49:19 | 006,291,456 | -H-- | C] () -- C:\Users\mirek\AppData\Local\IconCache.db
[2011-03-15 18:46:31 | 000,164,683 | ---- | C] () -- C:\Windows\FPSF Pro HUD Pack #3 Uninstaller.exe
[2011-03-10 13:48:53 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011-03-10 13:48:53 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011-03-08 19:17:53 | 000,000,625 | ---- | C] () -- C:\Windows\ODBC.INI
[2011-03-08 14:55:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011-03-08 08:32:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011-03-08 08:32:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011-03-08 08:32:26 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2011-03-07 17:11:13 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2011-02-08 19:05:46 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2011-02-07 10:28:47 | 000,412,965 | ---- | C] () -- C:\Users\mirek\AppData\Local\Tempbg.jpg
[2011-02-07 10:28:47 | 000,003,072 | ---- | C] () -- C:\Users\mirek\AppData\Local\Tempset.ini
[2011-01-31 17:02:02 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011-01-31 17:02:02 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2011-01-31 17:02:02 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011-01-29 20:24:42 | 000,000,024 | ---- | C] () -- C:\Windows\System32\sysogg.dll
[2010-12-24 06:39:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-12-24 06:39:35 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010-12-24 06:39:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-12-24 06:39:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-12-22 17:10:02 | 000,005,632 | ---- | C] () -- C:\Windows\System32\spdg.dll
[2010-12-20 18:23:10 | 000,000,016 | RH-- | C] () -- C:\ProgramData\47DACFCD.ini
[2010-12-20 17:59:24 | 000,000,016 | RH-- | C] () -- C:\Users\mirek\AppData\Local\A3ED67E6.ini
[2010-12-19 15:25:16 | 000,000,058 | ---- | C] () -- C:\Users\mirek\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2010-11-11 15:44:29 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini
[2010-11-11 15:44:02 | 000,000,551 | ---- | C] () -- C:\Windows\Qiii.INI
[2010-11-10 03:45:32 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2010-11-10 03:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010-11-10 03:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010-11-10 03:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010-10-21 14:27:47 | 000,000,092 | ---- | C] () -- C:\Windows\mp3wavcon.ini
[2010-10-21 14:24:45 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySmp3con.dat
[2010-10-13 14:02:36 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010-10-06 09:54:30 | 000,000,597 | ---- | C] () -- C:\Windows\eReg.dat
[2010-09-14 11:53:31 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2010-08-30 13:08:35 | 000,000,193 | ---- | C] () -- C:\Windows\dvdtoaviconverter.ini
[2010-08-30 13:05:41 | 000,000,001 | ---- | C] () -- C:\Windows\System32\SysDVDtoavi.dat
[2010-08-30 12:20:00 | 000,000,567 | ---- | C] () -- C:\Users\mirek\AppData\Roaming\AutoGK.ini
[2010-05-31 16:06:32 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010-05-14 15:10:47 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010-05-14 15:10:30 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2010-04-27 13:58:54 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-04-27 13:57:10 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010-04-24 18:04:02 | 000,022,328 | ---- | C] () -- C:\Users\mirek\AppData\Roaming\PnkBstrK.sys
[2010-04-06 18:43:51 | 000,008,704 | ---- | C] () -- C:\Windows\System32\BHARegister.dll
[2010-03-12 10:32:02 | 000,000,093 | ---- | C] () -- C:\Users\mirek\AppData\Local\fusioncache.dat
[2010-01-27 04:09:02 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009-12-10 15:47:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009-12-01 13:19:35 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009-11-26 21:20:06 | 000,000,444 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009-11-26 21:20:06 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009-11-26 21:19:05 | 000,000,226 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009-11-26 21:19:05 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009-11-26 21:19:05 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf07a.dat
[2009-11-26 21:13:59 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009-11-26 21:13:59 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2009-11-26 21:13:58 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009-11-26 20:29:25 | 000,002,304 | ---- | C] () -- C:\Windows\System32\Machnm32.sys
[2009-11-26 19:11:52 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2009-11-26 19:11:52 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009-11-25 20:06:49 | 000,156,672 | ---- | C] () -- C:\Users\mirek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009-11-25 19:49:04 | 000,134,960 | ---- | C] () -- C:\Users\mirek\AppData\Local\GDIPFONTCACHEV1.DAT
[2009-11-25 19:48:32 | 000,001,356 | ---- | C] () -- C:\Users\mirek\AppData\Local\d3d9caps.dat
[2008-10-22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008-05-20 11:57:16 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2007-04-27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2006-12-05 07:22:07 | 000,332,832 | ---- | C] () -- C:\Windows\System32\perfi015.dat
[2006-12-05 07:22:06 | 000,682,804 | ---- | C] () -- C:\Windows\System32\perfh015.dat
[2006-12-05 07:22:06 | 000,136,182 | ---- | C] () -- C:\Windows\System32\perfc015.dat
[2006-12-05 07:22:06 | 000,037,468 | ---- | C] () -- C:\Windows\System32\perfd015.dat
[2006-11-02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006-11-02 14:47:37 | 002,354,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006-11-02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 12:33:01 | 001,522,406 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2006-11-02 12:33:01 | 000,604,800 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006-11-02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006-11-02 12:33:01 | 000,108,236 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006-11-02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006-11-02 12:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006-11-02 12:23:31 | 000,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006-11-02 12:23:31 | 000,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006-11-02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006-11-02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006-11-02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006-11-02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006-11-02 09:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2006-11-02 09:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2006-11-02 09:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2006-11-02 09:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2006-11-02 09:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2006-11-02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2006-11-02 09:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2006-11-02 09:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2006-11-02 09:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2006-11-02 09:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2006-11-02 09:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2006-11-02 09:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2006-11-02 09:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2006-11-02 09:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2006-11-02 09:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2006-11-02 09:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2006-11-02 09:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2006-11-02 09:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006-11-02 09:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006-11-02 09:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006-11-02 09:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006-11-02 09:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006-11-02 09:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006-11-02 09:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006-11-02 09:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006-11-02 09:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006-11-02 09:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006-11-02 09:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006-11-02 09:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006-11-02 09:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006-11-02 09:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006-11-02 09:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006-11-02 08:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2005-08-30 00:00:00 | 000,781,312 | ---- | C] () -- C:\Windows\System32\RGSS102J.dll
[2005-08-30 00:00:00 | 000,778,752 | ---- | C] () -- C:\Windows\System32\RGSS102E.dll
[2005-08-30 00:00:00 | 000,771,584 | ---- | C] () -- C:\Windows\System32\RGSS100J.dll
[2004-03-17 19:15:00 | 000,000,117 | ---- | C] () -- C:\Windows\smp32.dll

[color=#E56717]========== LOP Check ==========[/color]

[2011-08-29 09:34:19 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\.minecraft
[2011-08-11 21:09:28 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\AIMP
[2010-10-02 14:23:29 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Artisteer
[2010-08-30 12:59:06 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Ashampoo
[2011-08-29 09:13:43 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\BESTplayer
[2010-01-02 21:38:16 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Blender Foundation
[2011-04-11 08:11:29 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Broad Intelligence
[2010-03-07 17:30:44 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Command & Conquer 3 Wojny o tyberium
[2009-12-04 14:58:10 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Command and Conquer 4 Beta
[2010-09-29 15:12:49 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Cream Software
[2009-12-01 13:27:51 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\DAEMON Tools Lite
[2009-12-08 14:12:11 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Dev-Cpp
[2010-08-30 13:15:44 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Digiarty
[2009-11-26 20:32:57 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\DisplayTune
[2010-12-19 15:25:16 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\DonationCoder
[2010-12-23 17:21:41 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\ESET
[2011-03-01 14:55:30 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\FaceGen
[2010-08-29 17:18:01 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\FFSJ
[2011-08-28 21:27:46 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\foobar2000
[2009-11-26 21:36:50 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Foxit
[2009-12-10 20:03:41 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Foxit Software
[2011-04-03 14:16:57 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Free MP3 WMA OGG Converter
[2010-12-27 12:13:56 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Gadu-Gadu 10
[2011-07-29 13:24:32 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\GARMIN
[2010-12-23 21:07:37 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\GHISLER
[2010-03-05 17:07:41 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Groove Games
[2011-04-24 07:37:58 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\gtk-2.0
[2010-09-28 15:30:16 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\iZ3D Driver
[2010-10-05 14:40:50 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Leadertech
[2010-04-13 20:27:30 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\LEGO Company
[2011-01-28 19:58:46 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\MAGIX
[2010-12-20 18:46:54 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\MilkShape 3D 1.x.x
[2011-06-15 07:03:44 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\MP3toiPodAudioBookConverter
[2011-05-06 19:17:46 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Need for Speed World
[2011-05-31 17:44:27 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\New Folder
[2011-07-28 11:05:52 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Notepad++
[2009-12-09 14:33:34 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Opera
[2010-06-02 16:29:15 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\PACE Anti-Piracy
[2009-12-20 20:55:41 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\pl-soft
[2011-02-07 12:17:22 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Red Alert 3
[2010-12-19 23:43:45 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Sony
[2010-10-23 14:24:22 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\TGCStore
[2011-01-02 19:31:32 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Ubisoft
[2010-12-22 21:16:29 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Unity
[2011-07-24 18:36:53 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\uTorrent
[2011-04-02 09:30:14 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\WallpaperSS
[2011-03-01 15:41:58 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\Wings3D
[2011-01-27 09:42:45 | 000,000,000 | ---D | M] -- C:\Users\mirek\AppData\Roaming\XnView
[2011-08-29 09:20:11 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %systemdrive%\*.* >[/color]
[2009-12-23 19:01:02 | 000,000,121 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009-04-11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2009-11-25 19:29:50 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011-01-27 19:16:15 | 000,012,936 | ---- | M] () -- C:\ComboFix.txt
[2006-09-18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009-11-26 19:19:45 | 000,000,183 | ---- | M] () -- C:\csb.log
[2011-08-29 09:21:30 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2009-07-13 10:00:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-12-23 23:47:10 | 000,007,570 | ---- | M] () -- C:\mksbasel.cpp.log
[2009-07-13 10:00:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011-08-29 09:21:29 | 2459,713,536 | -HS- | M] () -- C:\pagefile.sys
[2009-11-26 20:27:00 | 000,000,173 | ---- | M] () -- C:\pdisdk.log
[2009-11-26 20:29:34 | 000,000,184 | ---- | M] () -- C:\pivot.log
[2009-11-26 19:16:48 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008-01-19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008-01-19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008-01-19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008-01-19 00:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006-11-02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009-04-11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008-01-19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2008-01-19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008-01-19 00:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2006-11-02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009-03-12 08:48:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009-03-12 08:48:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009-11-26 22:42:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\ERDNT\cache\atapi.sys
[2009-11-26 22:42:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009-11-26 22:42:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009-03-12 08:48:17 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
[2009-11-26 22:42:52 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

[color=#A23BEC]< MD5 for: BEEP.SYS >[/color]
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows.old\Windows\System32\drivers\beep.sys
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2008-01-19 07:49:10 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2008-01-18 22:49:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008-01-18 22:49:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys
[2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\ERDNT\cache\beep.sys
[2006-11-02 10:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

[color=#A23BEC]< MD5 for: CDROM.SYS >[/color]
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows.old\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2008-01-19 07:49:51 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2008-01-18 22:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008-01-18 22:49:52 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows.old\Windows\System32\drivers\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows.old\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009-04-11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys
[2006-11-02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

[color=#A23BEC]< MD5 for: NDIS.SYS >[/color]
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows.old\Windows\System32\drivers\ndis.sys
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009-04-11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\ERDNT\cache\ndis.sys
[2006-11-02 11:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[2008-01-19 09:43:31 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys
[2008-01-19 00:43:32 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\System32\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009-04-11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\ERDNT\cache\winlogon.exe
[2006-11-02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008-01-19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\2b4e48d0ede6112a59b10e3704a22eee\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008-01-19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 1259 bytes -> C:\Users\mirek\AppData\Local\1BFSfHy5oT:v4wPBdwvn97jPIulOVm0n1u0
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:CB0AACC9
@Alternate Data Stream - 1167 bytes -> C:\Users\mirek\AppData\Local\VHbQUyUOSw1sPK6:jYIivsmaufImCBjxqywBSavU

< End of report >
[/log]
Extra OTL
[log]OTL Extras logfile created on: 2011-08-29 09:28:49 - Run 1
OTL by OldTimer - Version 3.2.26.6 Folder = C:\Users\mirek\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 49,21% Memory free
4,23 Gb Paging File | 2,94 Gb Available in Paging File | 69,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 117,20 Gb Total Space | 18,94 Gb Free Space | 16,16% Space Free | Partition Type: NTFS
Drive D: | 348,56 Gb Total Space | 150,75 Gb Free Space | 43,25% Space Free | Partition Type: NTFS
Drive H: | 7,39 Gb Total Space | 6,00 Gb Free Space | 81,13% Space Free | Partition Type: FAT32

Computer Name: MIREK-PC | User Name: mirek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: Off | File Age = 60 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3642724041-775497293-4254375494-1000\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"d:\Program Files\DDD\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe" = d:\Program Files\DDD\TriDef\TriDefMediaPlayer\TriDefMediaPlayer.exe:*:Enabled:TriDef Media Player -- (DDD Group Plc.)


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F434E46-B3A1-4510-8255-792E5B953197}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{27066B75-8450-4DB6-8CFC-99CA86644C4E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2C834F13-ADBD-44C7-8A33-32F7FEBA5AC9}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{683F3BD5-3856-4476-A3BC-F47F844A6E4C}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{803F818A-B876-4F5F-BB02-0D343EAF3DDF}" = lport=58858 | protocol=6 | dir=in | name=akamai netsession interface |
"{856C3CE9-65E4-4462-A9F1-BBF5EA3A7D69}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9C3AFEB1-8EC6-4248-ACB0-D2B059ED58CE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C5E40EF6-3E89-438F-9834-F99ECFD9B1B6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DCFE76FC-F946-4746-B5A6-97EB3377B226}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{F50F1DBD-2A5B-445F-BFA6-3D4ADB477260}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02522C13-109A-472F-9485-D6FBF7F09FA0}" = protocol=17 | dir=in | app=d:\program files\utorrent\utorrent.exe |
"{03E78324-CC88-4146-AB7F-70D2307B9887}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{043CC9CA-6669-4A7F-80DB-B89DCC59CD3A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{04AFFECF-6A71-4911-AD8B-24A1EBB99576}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~os2be1.tmp\rlvknlg.exe |
"{051EBE35-88B5-4C40-AAB3-BF0973318C38}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~os25f7.tmp\rlvknlg.exe |
"{13BE9F25-F8E7-485B-82CE-F7484650A741}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{14B4D7E0-96CC-4E8F-9E45-5EBB63C7FA83}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~ose6e5.tmp\rlvknlg.exe |
"{17CAAF48-0811-4B6F-BEC6-732702B13306}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1835D9E9-592F-4B1A-B264-561259C8104B}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 11\programs\rm.exe |
"{1D117BB5-B434-40DD-81F0-55452C40527C}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 11\programs\rm.exe |
"{1F00E779-1FD1-4402-98B7-5C90524EFA03}" = protocol=17 | dir=in | app=d:\gry\mass effect\masseffectlauncher.exe |
"{2205499E-4BE2-4328-82BA-A15473BEEF40}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~oseb87.tmp\rlvknlg.exe |
"{26A8E667-3056-4914-A4C9-46AC8684465B}" = protocol=6 | dir=in | app=d:\program files\utorrent\utorrent.exe |
"{31CFC786-5228-4393-83DE-C520F2EE998F}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~osbaf6.tmp\rlvknlg.exe |
"{327F0205-950B-42C1-A934-9D903A29D3C9}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 11\programs\studio.exe |
"{348AE1BB-78DB-4E89-90A9-79CC1DCD8959}" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{35087F6E-993C-4D6B-B787-2C7396FFD786}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 11\programs\umi.exe |
"{38BE8D96-563D-40DB-80C1-5F7C10450261}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~ose33d.tmp\rlvknlg.exe |
"{3C7C1BBC-1B46-45C3-ACFA-DCB913384205}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3F8CB59E-1063-48DA-A85F-93776B9FCBF6}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{4141035C-94CC-43A1-A47F-F5C5D464821C}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{442A8D0D-0EC3-4768-9DAD-9E6C9F74898B}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~osf122.tmp\rlvknlg.exe |
"{4867B6A1-F617-47EB-A965-DEB8C53824AD}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5744AA17-6771-4C6F-BFAF-96C8C9710F84}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{57941F4B-51A8-4AB8-9C5F-A1AE5233FDB0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{58897EA6-D155-4A37-B0FC-D247D0EC8F2D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{5C2AD5FC-A44D-476C-BF4C-EB5E15DB2D5D}" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{61FC4027-5A0E-4EE9-B9DF-538481E2C751}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{63E856B3-3EF6-4D32-9199-7A21F33CD19C}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~osde5.tmp\rlvknlg.exe |
"{66DF7830-3EBF-420E-BD19-6B6496A60905}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\rm.exe |
"{6B6E1475-201D-4142-90F7-CED77EE035F0}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~os2971.tmp\rlvknlg.exe |
"{6D8DFC8A-D711-4418-91BD-7C047A1E7E33}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{713F7953-1886-4D44-8145-C31BE15D15B5}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{7256C583-5D2A-4A98-8841-9EA6DB4D0526}" = protocol=6 | dir=in | app=d:\gry\ac ii\assassinscreediigame.exe |
"{72FFBFD5-E6EF-4928-8D30-9E71D3CA0042}" = protocol=6 | dir=in | app=d:\gry\ac ii\assassinscreedii.exe |
"{765E9610-F354-4968-B99F-F02F34FE41BF}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~osbe02.tmp\rlvknlg.exe |
"{79EF0D8C-34EE-49BB-BD11-41807D6020BD}" = protocol=6 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{7B601E52-AEF0-4067-A5A0-EF86D96969EB}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{7E4BD9A8-4314-44D0-8BBE-9A91EE404033}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~osb7ea.tmp\rlvknlg.exe |
"{86F7EBB3-30A5-4E75-9980-781F4E1ED891}" = protocol=6 | dir=in | app=d:\gry\ac ii\uplaybrowser.exe |
"{8AA5DCB0-AAC2-4D3F-8C90-EAE82CF19297}" = protocol=17 | dir=in | app=d:\gry\ac ii\assassinscreediigame.exe |
"{8DA83A79-6741-43B7-B620-994892507B5D}" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{8E3BC1F8-D26D-4C5B-8662-B84A4C95F1AA}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 11\programs\umi.exe |
"{8FC91B04-BFC5-427C-91CE-6AD2DFE8F285}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~os27fa.tmp\rlvknlg.exe |
"{94D4B7C3-C982-46F6-B278-93B0F619EAC9}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~os7021.tmp\rlvknlg.exe |
"{9BAC8AEC-CC3D-45C4-A55D-A6A915243821}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~osa630.tmp\rlvknlg.exe |
"{A0C95DA2-8BEF-4BF2-9A5F-12D37A9A2E16}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\umi.exe |
"{A1EFEDF1-34D9-4609-A26D-0248688422A3}" = protocol=17 | dir=in | app=c:\program files\relevantknowledge\rlvknlg.exe |
"{A561127C-A5AB-4B8B-B547-190AAB22CE0F}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~os1757.tmp\rlvknlg.exe |
"{A69E82BC-0A63-4032-BD38-BA24C980E399}" = protocol=17 | dir=in | app=d:\program files\pinnacle\studio 11\programs\pmsregisterfile.exe |
"{A8FF79F7-A541-4DFF-B787-DEF06BE59B1D}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~os35cf.tmp\rlvknlg.exe |
"{AFA5EEE5-8AB8-47B1-B2CB-3F87CDECDEBF}" = protocol=17 | dir=in | app=d:\gry\ac ii\assassinscreedii.exe |
"{AFAE355A-418E-4E34-8DFF-0C010E65841F}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{B16800FA-8290-4193-A52F-C12BC6681165}" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"{B8383069-3583-47AC-BCF1-FAA8D205ECE9}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\sony ericsson media manager\mediamanager.exe |
"{C518E875-544E-457F-BF35-395A3B50E43D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CD2E873E-EDEE-4930-AA18-70636D94264E}" = protocol=6 | dir=in | app=d:\gry\mass effect\binaries\masseffect.exe |
"{D2E2E287-C070-48B6-B382-A7F8E5A01E18}" = protocol=17 | dir=in | app=d:\gry\ac ii\uplaybrowser.exe |
"{DCC35752-292C-4A25-A7CF-A238E5F0EC1A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD822588-E27D-4725-B6E2-DBE2F02D4CF2}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~os62b9.tmp\rlvknlg.exe |
"{DE69483B-77A9-4547-9637-7C1501865863}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~osf7f5.tmp\rlvknlg.exe |
"{DF7CF46F-738C-4241-980E-A3205F2667AE}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~ose8d9.tmp\rlvknlg.exe |
"{DF883DE7-306A-4448-8AED-686491A24103}" = protocol=6 | dir=in | app=d:\program files\pinnacle\studio 11\programs\studio.exe |
"{EC6AD9DC-72D3-4C58-86EE-795C9532D03D}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~os6039.tmp\rlvknlg.exe |
"{ED05AE91-A4F2-443F-83CF-1EA2EE1B692A}" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\temp\~os686.tmp\rlvknlg.exe |
"{F2154543-A837-4E15-B862-6B94AE71FF73}" = protocol=17 | dir=in | app=d:\gry\mass effect\binaries\masseffect.exe |
"{F9D4DE44-EDBD-4DB0-8B1E-933CDF6A45AC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FA77E0F9-0A06-4BA7-A450-8CCBD776FEB9}" = protocol=6 | dir=in | app=d:\gry\mass effect\masseffectlauncher.exe |
"{FBD952D7-99A3-4CEB-9CA8-435C638E3CB4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"TCP Query User{00A136AD-6050-4FE4-B148-6EBC44A778BA}C:\users\mirek\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\mirek\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{01EE7DD9-1A98-49E9-8DA2-755FDCD97934}D:\gry\wiedźmin 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\gry\wiedźmin 2\bin\witcher2.exe |
"TCP Query User{09B47971-9B90-4507-B2EE-42704E9641D7}D:\gry\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\gry\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{0E0FAF58-4A31-4E22-9B76-022726710DA9}D:\gry\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\gry\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"TCP Query User{1603B552-EBA2-44BD-BE44-4A6E7671B8D8}D:\program files\the game creators\fps creator\fpscreator.exe" = protocol=6 | dir=in | app=d:\program files\the game creators\fps creator\fpscreator.exe |
"TCP Query User{2013CDFC-F3B4-49D1-8728-89B4CC2273FD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{349A2C9B-D000-463F-BB2B-0B10C17E587D}D:\program files\jasiek busz studios\programy\udk\binaries\swarmagent.exe" = protocol=6 | dir=in | app=d:\program files\jasiek busz studios\programy\udk\binaries\swarmagent.exe |
"TCP Query User{3C319653-F68B-4DC5-B729-BC9E93B0F585}D:\program files\jasiek busz studios\programy\udk\binaries\win32\udkmobile.exe" = protocol=6 | dir=in | app=d:\program files\jasiek busz studios\programy\udk\binaries\win32\udkmobile.exe |
"TCP Query User{61954F8E-3F7C-4236-9263-44A14D829C17}D:\program files\jasiek busz studios\programy\udk\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\program files\jasiek busz studios\programy\udk\binaries\win32\udk.exe |
"TCP Query User{6613F0A4-3AB0-40ED-A295-329988915E35}D:\program files\the game creators\fps creator\fpscreator.exe" = protocol=6 | dir=in | app=d:\program files\the game creators\fps creator\fpscreator.exe |
"TCP Query User{6BD54D92-1E58-438B-B227-F1F832A46FCC}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{71D2441C-2C3D-4537-8418-6A2CDABD5110}D:\udk\udk-2011-07\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\udk\udk-2011-07\binaries\win32\udk.exe |
"TCP Query User{73EA388A-883C-4FB9-8455-F0B834E7B21D}C:\program files\pinnacle\studio 14\programs\studio.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"TCP Query User{7E46500E-D1B8-42B3-AB37-E82452F370D6}D:\program files\jasiek busz studios\programy\udk\binaries\win32\udkmobile.exe" = protocol=6 | dir=in | app=d:\program files\jasiek busz studios\programy\udk\binaries\win32\udkmobile.exe |
"TCP Query User{7FB7B9B6-6823-4CD0-B6EC-EA58E89EAB71}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{850D51EF-817A-4A3F-99A9-6BFA87C787DD}C:\users\mirek\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\mirek\downloads\utorrent.exe |
"TCP Query User{AB0FBCA7-4ABB-4260-ACFD-FA8B6729009B}C:\users\mirek\downloads\utorrent.exe" = protocol=6 | dir=in | app=c:\users\mirek\downloads\utorrent.exe |
"TCP Query User{B8A37A9E-4D50-49A2-81AC-7E0B4CBB999B}D:\gry\stronghold 2 deluxe\game.dat" = protocol=6 | dir=in | app=d:\gry\stronghold 2 deluxe\game.dat |
"TCP Query User{C5CBEF44-51C5-4DF7-A9DC-7E87322F1E41}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"TCP Query User{CABE5AFF-55BD-47F5-9A68-AF49492CB0EC}D:\gry\wiedźmin 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\gry\wiedźmin 2\bin\witcher2.exe |
"TCP Query User{CEA6AA8A-24B7-4949-A8C9-025D982DECF5}D:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{E54D2457-7C37-4E86-A6AF-39C98C449A67}D:\udk\udk-2011-07\binaries\swarmagent.exe" = protocol=6 | dir=in | app=d:\udk\udk-2011-07\binaries\swarmagent.exe |
"TCP Query User{F164A3B8-F67E-4833-BCEA-D5E8DE4A1995}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{F7B5D717-D777-4BB9-9C71-834506659695}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{FBC20A80-93AD-4C8A-9ED9-E0113113F549}D:\program files\jasiek busz studios\programy\udk\binaries\win32\udk.exe" = protocol=6 | dir=in | app=d:\program files\jasiek busz studios\programy\udk\binaries\win32\udk.exe |
"TCP Query User{FBD8A5E1-A79A-46B5-99B6-5E6A925497DB}D:\program files\jasiek busz studios\programy\udk\binaries\swarmagent.exe" = protocol=6 | dir=in | app=d:\program files\jasiek busz studios\programy\udk\binaries\swarmagent.exe |
"UDP Query User{0B64C93E-4388-4C75-AF06-3F0AA8F4BD21}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{0CAAEF43-BA56-401C-9629-7123951E6ED6}D:\udk\udk-2011-07\binaries\swarmagent.exe" = protocol=17 | dir=in | app=d:\udk\udk-2011-07\binaries\swarmagent.exe |
"UDP Query User{103FA747-8B82-467F-98A2-BE4CF28375AC}C:\users\mirek\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\mirek\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{19B78012-29A6-4D40-A9C5-88CD580544E6}D:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{1F215613-ABA1-4DB2-90EC-B2B21F728EA1}C:\users\mirek\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\mirek\downloads\utorrent.exe |
"UDP Query User{23DC65AE-7347-4A1D-BD61-F3A6329EA85A}D:\program files\jasiek busz studios\programy\udk\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\program files\jasiek busz studios\programy\udk\binaries\win32\udk.exe |
"UDP Query User{308D96E1-E5D4-4100-A70A-2EFE8DA3C64E}D:\gry\stronghold 2 deluxe\game.dat" = protocol=17 | dir=in | app=d:\gry\stronghold 2 deluxe\game.dat |
"UDP Query User{3AA3BA4E-F780-4F08-BB6E-2DE6A7E74F63}D:\gry\wiedźmin 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\gry\wiedźmin 2\bin\witcher2.exe |
"UDP Query User{402AB670-E11A-4B7D-AA4D-D2045EF261E5}D:\program files\jasiek busz studios\programy\udk\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\program files\jasiek busz studios\programy\udk\binaries\win32\udk.exe |
"UDP Query User{45645A31-81D3-4C8C-9F63-987309DBD383}D:\gry\wiedźmin 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\gry\wiedźmin 2\bin\witcher2.exe |
"UDP Query User{5F30DF11-4FB7-41C5-B7B6-EDB1656ED413}D:\gry\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\gry\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{6849F514-1758-479D-BF38-BDC971AF29A0}D:\program files\the game creators\fps creator\fpscreator.exe" = protocol=17 | dir=in | app=d:\program files\the game creators\fps creator\fpscreator.exe |
"UDP Query User{6C5AF86E-B841-46AC-9DE3-DF6D3C4421F2}C:\users\mirek\downloads\utorrent.exe" = protocol=17 | dir=in | app=c:\users\mirek\downloads\utorrent.exe |
"UDP Query User{91E3886F-C681-4747-BB86-D372102476E2}D:\program files\jasiek busz studios\programy\udk\binaries\win32\udkmobile.exe" = protocol=17 | dir=in | app=d:\program files\jasiek busz studios\programy\udk\binaries\win32\udkmobile.exe |
"UDP Query User{96A6F9DB-7A26-41E4-8980-C584AB65F2E7}D:\program files\jasiek busz studios\programy\udk\binaries\win32\udkmobile.exe" = protocol=17 | dir=in | app=d:\program files\jasiek busz studios\programy\udk\binaries\win32\udkmobile.exe |
"UDP Query User{A3720349-BD74-46AD-94C5-D7F22531679F}C:\program files\pinnacle\studio 14\programs\studio.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\studio 14\programs\studio.exe |
"UDP Query User{ABD11B19-C117-41CF-87FD-40A11CF1A9FD}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe |
"UDP Query User{AEA7D285-2AB4-48D8-A5DB-50F0A01094AC}D:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=d:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{B43649EF-7D61-438E-830F-973864CAA7B3}D:\program files\jasiek busz studios\programy\udk\binaries\swarmagent.exe" = protocol=17 | dir=in | app=d:\program files\jasiek busz studios\programy\udk\binaries\swarmagent.exe |
"UDP Query User{BADC10D9-EA16-46F1-AAE2-CC13DE8FCB18}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{BAE7FE57-0759-45D2-B166-8279C3BB042D}D:\gry\electronic arts\crytek\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\gry\electronic arts\crytek\crysis 2\bin32\crysis2.exe |
"UDP Query User{CE380935-C7F1-494A-B70B-F6074AAD0855}D:\program files\jasiek busz studios\programy\udk\binaries\swarmagent.exe" = protocol=17 | dir=in | app=d:\program files\jasiek busz studios\programy\udk\binaries\swarmagent.exe |
"UDP Query User{E931106D-E9B3-41D4-A71A-4D9143FD228D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{F0034CF7-DC2E-4CDD-9DCF-E5E885008EA1}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{F98D37AC-3B7C-4112-B129-062DDB18925E}D:\udk\udk-2011-07\binaries\win32\udk.exe" = protocol=17 | dir=in | app=d:\udk\udk-2011-07\binaries\win32\udk.exe |
"UDP Query User{FCF830CF-CD09-4131-B927-613D2DD4DAEC}D:\program files\the game creators\fps creator\fpscreator.exe" = protocol=17 | dir=in | app=d:\program files\the game creators\fps creator\fpscreator.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{0217E1D1-BCEF-4A61-AF6D-F7740F65A066}" = Pivot Software
"{0DEA342C-15CB-4F52-97B6-06A9C4B9C06F}" = SDK
"{15733AD1-1CEF-459A-9245-0924FC63BDD5}" = HP My Display
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{31C63A8A-D9AB-4300-828B-86B41F59FAE1}" = Multimedia Keyboard Driver
"{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15
"{32A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{47E16407-05D3-4D2A-B2B9-C30700B7C2AD}" = LogMeIn Hamachi
"{4809DDAE-110C-4CF8-B383-706BB5B3D5B6}_is1" = OGG to MP3 Converter 1.2
"{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = Hama Black Force Pad
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BCD581A-404A-483A-869D-109853007C32}" = HD Writer 2.0E for SX/SD
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5C8B7F59-5082-4701-A2CF-0F8B569F355B}" = FPS Creator Model Pack - 31
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6059C682-4C5F-4106-8487-943E98225D3B}" = LG MC USB Modem driver
"{65173BC2-60E7-4DE8-A61D-A81FCB96EE93}" = Pinnacle Studio Ultimate Plugins
"{6533FE4C-87AA-492E-B314-E24C079993AB}" = FPS Creator Model Pack - 38
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Sterownik wideo firmy Pinnacle
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{885A63EA-382B-4DD4-A755-14809B8557D6}" = Macromedia Flash Player 8
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}" = Macromedia Flash 8 Video Encoder
"{8CD0B297-122D-4718-9CE1-B72E796F7B21}" = Sony Ericsson Media Manager 1.2
"{90120000-0016-0415-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Polish) 2007
"{90120000-0016-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0415-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Polish) 2007
"{90120000-0018-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0415-0000-0000000FF1CE}" = Microsoft Office Word MUI (Polish) 2007
"{90120000-001B-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0415-0000-0000000FF1CE}" = Microsoft Office Proof (Polish) 2007
"{90120000-001F-0415-0000-0000000FF1CE}_HOMESTUDENTR_{E9EA2604-8AC9-47D2-8F4B-6BF60787A357}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0415-0000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2007
"{90120000-006E-0415-0000-0000000FF1CE}_HOMESTUDENTR_{D45F91DE-F0FC-4D5F-9A0C-FDE5B251AAC6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0415-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Polish) 2007
"{90120000-00A1-0415-0000-0000000FF1CE}_HOMESTUDENTR_{79EB535E-76E4-4356-8146-A24EE55AB69D}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A4A14B15-F25D-44F8-8483-291C1DF7C548}_is1" = WAV MP3 Converter v4.4 build 1429
"{A69626F0-D359-47F4-847B-F881A8A7D134}" = Logitech QuickCam for Enterprise
"{A89DEBCA-F743-3412-97F6-B2E489194551}" = Google Talk Plugin
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AADD1C8F-D59F-4D55-A726-768C71A205A8}" = Pinnacle Studio 14
"{AAF80000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 8.0 Professional Edition
"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B1EE1CC5-6CED-4801-BFFF-8454F21A245A}" = Garmin Communicator Plugin
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.4.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B76BB8C6-EE9B-49CC-9141-862856BC5EE5}" = FPS Creator Model Pack 53
"{B91E4360-298A-4306-9E95-9AD91A0952A1}" = FPS Creator
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BDF150C3-F1B3-423C-95EB-F28B18BEE973}" = HD Writer
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = Wiedźmin 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F75260DA-D2E8-4B19-9090-A2F0E6D7A871}" = FPS Creator Model Pack - 24
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIMP2" = AIMP2
"Audacity_is1" = Audacity 1.2.6
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"foobar2000" = foobar2000 v1.1.6
"Foxit Reader" = Foxit Reader
"FPSF Pro HUD Pack #3" = FPSF Pro HUD Pack #3
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Gadu-Gadu 10" = Gadu-Gadu 10
"Game Booster_is1" = Game Booster
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{31C63A8A-D9AB-4300-828B-86B41F59FAE1}" = Multimedia Keyboard Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"lvdrivers_11.72" = Logitech QuickCam for Enterprise Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware wersja 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
"NapiProjekt_is1" = NapiProjekt 1.0.6.9
"Notepad++" = Notepad++
"OFERT_9_09" = Konkurs Ofert 2010-2011 (Podkarpacki OW NFZ)
"Picasa 3" = Picasa 3
"PunkBusterSvc" = PunkBuster Services
"RealAlt_is1" = Real Alternative 2.0.2
"SystemRequirementsLab" = System Requirements Lab
"UDK-3f7055a5-cf06-467d-bd09-6fb57546f04b" = Unreal Development Kit: 2011-07
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.10
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR 4.00 (32-bitowy)

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3642724041-775497293-4254375494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Duplex's FPSC Urban Model Pack" = Duplex's FPSC Urban Model Pack
"FPSC Core Model Pack #1" = FPSC Core Model Pack #1
"Google Chrome" = Google Chrome

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-3642724041-775497293-4254375494-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2011-08-29 02:54:31 | Computer Name = mirek-PC | Source = Windows Search Service | ID = 3011
Description =

Error - 2011-08-29 02:54:31 | Computer Name = mirek-PC | Source = Windows Search Service | ID = 3011
Description =

Error - 2011-08-29 02:54:31 | Computer Name = mirek-PC | Source = Windows Search Service | ID = 3011
Description =

Error - 2011-08-29 02:54:31 | Computer Name = mirek-PC | Source = Windows Search Service | ID = 3011
Description =

Error - 2011-08-29 02:54:31 | Computer Name = mirek-PC | Source = Windows Search Service | ID = 3011
Description =

Error - 2011-08-29 03:09:48 | Computer Name = mirek-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mobsync.exe, wersja 6.0.6001.18000, sygnatura
czasowa 0x47918e41, moduł powodujący błąd ntdll.dll, wersja 6.0.6002.18327, sygnatura
czasowa 0x4cb73436, kod wyjątku 0xc000009a, przesunięcie błędu 0x00009f7d, identyfikator
procesu 0x13dc, godzina rozpoczęcia aplikacji 0x01cc661a9f073154.

Error - 2011-08-29 03:10:14 | Computer Name = mirek-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 2011-08-29 03:12:14 | Computer Name = mirek-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 2011-08-29 03:14:13 | Computer Name = mirek-PC | Source = Windows Search Service | ID = 3100
Description =

Error - 2011-08-29 03:15:08 | Computer Name = mirek-PC | Source = Application Error | ID = 1000
Description = Aplikacja powodująca błąd mbam.exe, wersja 1.51.1.1076, sygnatura
czasowa 0x4e0a6f10, moduł powodujący błąd USP10.dll, wersja 1.626.6002.18244, sygnatura
czasowa 0x4bc89484, kod wyjątku 0xc0000005, przesunięcie błędu 0x0000a0b0, identyfikator
procesu 0x2190, godzina rozpoczęcia aplikacji 0x01cc660e87e26194.

[ OSession Events ]
Error - 2010-11-21 04:44:04 | Computer Name = mirek-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 13, Application Name: Microsoft Office OneNote, Application Version:
12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2011-08-23 03:18:24 | Computer Name = mirek-PC | Source = Dhcp | ID = 1002
Description = Serwer DHCP 192.168.1.254 odmówił dzierżawy adresu IP 192.168.1.2
dla karty sieciowej o adresie 001FD007E157. (Serwer DHCP wysłał komunikat DHCPNACK).

Error - 2011-08-27 03:58:29 | Computer Name = mirek-PC | Source = disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\DR0 wystąpił zły blok.

Error - 2011-08-27 04:03:19 | Computer Name = mirek-PC | Source = disk | ID = 262151
Description = W urządzeniu \Device\Harddisk0\DR0 wystąpił zły blok.

Error - 2011-08-28 05:44:20 | Computer Name = mirek-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2011-08-28 06:30:09 | Computer Name = mirek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 2011-08-28 07:14:22 | Computer Name = mirek-PC | Source = DCOM | ID = 10010
Description =

Error - 2011-08-28 14:07:22 | Computer Name = mirek-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 2011-08-29 01:49:10 | Computer Name = mirek-PC | Source = DCOM | ID = 10010
Description =

Error - 2011-08-29 01:57:47 | Computer Name = mirek-PC | Source = DCOM | ID = 10000
Description =

Error - 2011-08-29 02:04:03 | Computer Name = mirek-PC | Source = DCOM | ID = 10010
Description =


< End of report >
[/log]

Gmera

[log]GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-29 11:03:31
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 Hitachi_HDP725050GLA360 rev.GM4OA52A
Running: esgr76pj.exe; Driver: C:\Users\mirek\AppData\Local\Temp\ugloypow.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E582202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E5847F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E584848]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E58495E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E584746]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E584898]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E58479A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E58490C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E582226]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E581FF0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E58224A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E584D56]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E582CDA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E584820]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E584870]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E584988]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E584772]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E5848D8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E5847C8]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E584936]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E582BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E58226E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E582292]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E58204A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E582186]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E582162]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E5821AA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E5822B6]

INT 0x52 ? 86C57F00
INT 0x62 ? 86C57F00
INT 0x72 ? 85AFCBF8
INT 0x82 ? 85AFCBF8
INT 0x92 ? 85AFCBF8
INT 0x92 ? 85AFCBF8
INT 0x92 ? 86C57F00
INT 0x92 ? 85AFCBF8
INT 0xB2 ? 86C57F00

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8EEC4398]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 10D 82CE4890 4 Bytes [02, 22, 58, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1D1 82CE4954 8 Bytes [F0, 47, 58, 8E, 48, 48, 58, ...]
.text ntkrnlpa.exe!KeSetEvent + 1DD 82CE4960 1 Byte [5E]
.text ntkrnlpa.exe!KeSetEvent + 1DD 82CE4960 4 Bytes [5E, 49, 58, 8E]
.text ntkrnlpa.exe!KeSetEvent + 1F5 82CE4978 4 Bytes [46, 47, 58, 8E]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E0F62F 5 Bytes JMP 8EEBFD4C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ObInsertObject 82E68543 5 Bytes JMP 8EEC17F2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 110 82E71E68 4 Bytes CALL 8E58334B \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 121 82E75ADC 4 Bytes CALL 8E583361 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EC9DCA 7 Bytes JMP 8EEC439C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? System32\Drivers\spkq.sys System nie może odnaleźć określonej ścieżki. !
.text USBPORT.SYS!DllUnload 889A641B 5 Bytes JMP 86C574E0
.text a653njpq.SYS 8DA21000 22 Bytes [82, C3, C0, 82, 6C, C2, C0, ...]
.text a653njpq.SYS 8DA21017 137 Bytes [00, 32, E7, 77, 80, 3D, E5, ...]
.text a653njpq.SYS 8DA210A1 43 Bytes [10, CE, 82, 74, 06, C8, 82, ...]
.text a653njpq.SYS 8DA210CE 10 Bytes [00, 00, 00, 00, 00, 00, C9, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; LEAVE ; HLT ; POP ESP; DEC EDX}
.text a653njpq.SYS 8DA210DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA92F2300, 0x3AE88, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA9335300, 0x1B7E, 0xE8000020]
.text ntdll.dll!LdrLoadDll 76F893A8 5 Bytes [E9, 4B, 6E, 1C, 89] {JMP 0xffffffff891c6e50}
.text ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes [E9, B7, 4C, 1B, 89] {JMP 0xffffffff891b4cbc}

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00180600
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00180804
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00180A08
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001801F8
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001803FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001903FC
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00190600
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00191014
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00190804
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00190A08
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00190C0C
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00190E10
.text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[212] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001901F8
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00170600
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00170804
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00170A08
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00180600
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00181014
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00180804
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00180A08
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00180C0C
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00180E10
.text C:\Program Files\Brother\ControlCenter3\brccMCtl.exe[288] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001801F8
.text C:\Windows\ehome\ehmsas.exe[340] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000401F8
.text C:\Windows\ehome\ehmsas.exe[340] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000403FC
.text C:\Windows\ehome\ehmsas.exe[340] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\ehome\ehmsas.exe[340] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000603FC
.text C:\Windows\ehome\ehmsas.exe[340] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00060600
.text C:\Windows\ehome\ehmsas.exe[340] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00061014
.text C:\Windows\ehome\ehmsas.exe[340] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00060804
.text C:\Windows\ehome\ehmsas.exe[340] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00060A08
.text C:\Windows\ehome\ehmsas.exe[340] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00060C0C
.text C:\Windows\ehome\ehmsas.exe[340] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00060E10
.text C:\Windows\ehome\ehmsas.exe[340] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000601F8
.text C:\Windows\ehome\ehmsas.exe[340] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehmsas.exe[340] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehmsas.exe[340] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehmsas.exe[340] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehmsas.exe[340] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001401F8
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001403FC
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00160600
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00161014
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00160804
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00160A08
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00160C0C
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00160E10
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001601F8
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00170600
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00170804
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00170A08
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe[536] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00170600
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00170804
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00170A08
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00180600
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00181014
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00180804
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00180A08
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00180C0C
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00180E10
.text C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe[564] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001801F8
.text C:\Windows\ehome\ehtray.exe[572] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\ehome\ehtray.exe[572] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\ehome\ehtray.exe[572] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\ehome\ehtray.exe[572] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\ehome\ehtray.exe[572] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\ehome\ehtray.exe[572] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\ehome\ehtray.exe[572] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\ehome\ehtray.exe[572] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\ehome\ehtray.exe[572] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\ehome\ehtray.exe[572] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\ehome\ehtray.exe[572] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\ehome\ehtray.exe[572] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Windows\ehome\ehtray.exe[572] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Windows\ehome\ehtray.exe[572] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Windows\ehome\ehtray.exe[572] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Windows\ehome\ehtray.exe[572] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001401F8
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001403FC
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00160600
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00161014
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00160804
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00160A08
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00160C0C
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00160E10
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001601F8
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00170600
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00170804
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00170A08
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Portrait Displays\Pivot Software\floater.exe[576] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001703FC
.text C:\Windows\WindowsMobile\wmdSync.exe[580] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000901F8
.text C:\Windows\WindowsMobile\wmdSync.exe[580] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000903FC
.text C:\Windows\WindowsMobile\wmdSync.exe[580] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\WindowsMobile\wmdSync.exe[580] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000B03FC
.text C:\Windows\WindowsMobile\wmdSync.exe[580] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 000B0600
.text C:\Windows\WindowsMobile\wmdSync.exe[580] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 000B1014
.text C:\Windows\WindowsMobile\wmdSync.exe[580] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 000B0804
.text C:\Windows\WindowsMobile\wmdSync.exe[580] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 000B0A08
.text C:\Windows\WindowsMobile\wmdSync.exe[580] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 000B0C0C
.text C:\Windows\WindowsMobile\wmdSync.exe[580] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 000B0E10
.text C:\Windows\WindowsMobile\wmdSync.exe[580] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000B01F8
.text C:\Windows\WindowsMobile\wmdSync.exe[580] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 008C0600
.text C:\Windows\WindowsMobile\wmdSync.exe[580] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 008C0804
.text C:\Windows\WindowsMobile\wmdSync.exe[580] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 008C0A08
.text C:\Windows\WindowsMobile\wmdSync.exe[580] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 008C01F8
.text C:\Windows\WindowsMobile\wmdSync.exe[580] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 008C03FC
.text C:\Windows\system32\csrss.exe[612] KERNEL32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00180600
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00180804
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00180A08
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[664] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[672] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[672] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\wininit.exe[672] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00060600
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00060804
.text C:\Windows\system32\wininit.exe[672] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\wininit.exe[672] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\wininit.exe[672] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\csrss.exe[684] KERNEL32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\services.exe[716] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\services.exe[716] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\services.exe[716] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\services.exe[716] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\services.exe[716] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Windows\system32\services.exe[716] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\services.exe[716] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\services.exe[716] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\services.exe[716] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsass.exe[728] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsass.exe[728] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsass.exe[728] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsass.exe[728] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\lsass.exe[728] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Windows\system32\lsass.exe[728] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\lsass.exe[728] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\lsass.exe[728] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\lsass.exe[728] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\lsm.exe[740] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\lsm.exe[740] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\lsm.exe[740] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001401F8
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001403FC
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00160600
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00160804
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00160A08
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10
.text C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe[756] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\winlogon.exe[848] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[848] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[848] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000503FC
.text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00050600
.text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00051014
.text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00050804
.text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00050A08
.text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00050C0C
.text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00050E10
.text C:\Windows\system32\winlogon.exe[848] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000501F8
.text C:\Windows\system32\winlogon.exe[848] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00060600
.text C:\Windows\system32\winlogon.exe[848] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00060804
.text C:\Windows\system32\winlogon.exe[848] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00060A08
.text C:\Windows\system32\winlogon.exe[848] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000601F8
.text C:\Windows\system32\winlogon.exe[848] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[940] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[940] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\nvvsvc.exe[1000] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[1000] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[1000] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1000] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\nvvsvc.exe[1000] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\nvvsvc.exe[1000] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\nvvsvc.exe[1000] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\nvvsvc.exe[1000] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\nvvsvc.exe[1000] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\nvvsvc.exe[1000] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\nvvsvc.exe[1000] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\nvvsvc.exe[1000] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00180600
.text C:\Windows\system32\nvvsvc.exe[1000] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00180804
.text C:\Windows\system32\nvvsvc.exe[1000] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\nvvsvc.exe[1000] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\nvvsvc.exe[1000] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1032] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00130600
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00130804
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00130A08
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001301F8
.text C:\Windows\system32\svchost.exe[1032] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001303FC
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 001C0600
.text C:\Windows\System32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 001C0804
.text C:\Windows\System32\svchost.exe[1096] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 001C0A08
.text C:\Windows\System32\svchost.exe[1096] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001C01F8
.text C:\Windows\System32\svchost.exe[1096] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001C03FC
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1168] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1168] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1168] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 001B0600
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 001B0804
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 001B0A08
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001B01F8
.text C:\Windows\System32\svchost.exe[1168] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001B03FC
.text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[1192] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[1192] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[1192] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00DF0600
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00DF0804
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00DF0A08
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 00DF01F8
.text C:\Windows\System32\svchost.exe[1192] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 00DF03FC
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1212] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1212] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1212] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 000D0600
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 000D0804
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 000D0A08
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000D01F8
.text C:\Windows\system32\svchost.exe[1212] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000D03FC
.text C:\Windows\system32\AUDIODG.EXE[1332] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1356] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1356] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1356] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\notepad.exe[1388] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000901F8
.text C:\Windows\notepad.exe[1388] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000903FC
.text C:\Windows\notepad.exe[1388] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\notepad.exe[1388] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000C03FC
.text C:\Windows\notepad.exe[1388] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 000C0600
.text C:\Windows\notepad.exe[1388] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 000C1014
.text C:\Windows\notepad.exe[1388] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 000C0804
.text C:\Windows\notepad.exe[1388] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 000C0A08
.text C:\Windows\notepad.exe[1388] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 000C0C0C
.text C:\Windows\notepad.exe[1388] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 000C0E10
.text C:\Windows\notepad.exe[1388] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000C01F8
.text C:\Windows\notepad.exe[1388] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 000D0600
.text C:\Windows\notepad.exe[1388] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 000D0804
.text C:\Windows\notepad.exe[1388] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 000D0A08
.text C:\Windows\notepad.exe[1388] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000D01F8
.text C:\Windows\notepad.exe[1388] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000D03FC
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\svchost.exe[1432] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\svchost.exe[1432] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[1432] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00CA0600
.text C:\Windows\system32\svchost.exe[1432] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00CA0804
.text C:\Windows\system32\svchost.exe[1432] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00CA0A08
.text C:\Windows\system32\svchost.exe[1432] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 00CA01F8
.text C:\Windows\system32\svchost.exe[1432] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 00CA03FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1508] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001803FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00180600
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00180804
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00180A08
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001801F8
.text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1532] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001803FC
.text C:\Windows\system32\nvvsvc.exe[1548] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\nvvsvc.exe[1548] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\nvvsvc.exe[1548] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\nvvsvc.exe[1548] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\nvvsvc.exe[1548] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\nvvsvc.exe[1548] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\nvvsvc.exe[1548] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\nvvsvc.exe[1548] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\nvvsvc.exe[1548] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\nvvsvc.exe[1548] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\nvvsvc.exe[1548] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00180600
.text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00180804
.text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00180A08
.text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001801F8
.text C:\Windows\system32\nvvsvc.exe[1548] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00080600
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00081014
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00080804
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00080C0C
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00080E10
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00090600
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00090804
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00090A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[1568] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000903FC
.text C:\Program Files\iPod\bin\iPodService.exe[1600] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Program Files\iPod\bin\iPodService.exe[1600] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Program Files\iPod\bin\iPodService.exe[1600] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[1600] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Program Files\iPod\bin\iPodService.exe[1600] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Program Files\iPod\bin\iPodService.exe[1600] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Program Files\iPod\bin\iPodService.exe[1600] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Program Files\iPod\bin\iPodService.exe[1600] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Program Files\iPod\bin\iPodService.exe[1600] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Program Files\iPod\bin\iPodService.exe[1600] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Program Files\iPod\bin\iPodService.exe[1600] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Program Files\iPod\bin\iPodService.exe[1600] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Program Files\iPod\bin\iPodService.exe[1600] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Program Files\iPod\bin\iPodService.exe[1600] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Program Files\iPod\bin\iPodService.exe[1600] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iPod\bin\iPodService.exe[1600] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1648] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1648] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 002B0600
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 002B0804
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 002B0A08
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 002B01F8
.text C:\Windows\system32\svchost.exe[1648] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 002B03FC
.text D:\Program Files\AVAST Software\Avast\AvastUI.exe[1656] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe[1660] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Program Files\iTunes\iTunesHelper.exe[1692] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[1736] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[1736] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[1736] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[1736] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001903FC
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00191014
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00190804
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00190A08
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00190C0C
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00190E10
.text C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe[1824] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001901F8
.text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1860] kernel32.dll!SetUnhandledExceptionFilter 756CA8C5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text D:\Program Files\AVAST Software\Avast\AvastSvc.exe[1860] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] user32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 001D0600
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] user32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 001D0804
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] user32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 001D0A08
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] user32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001D01F8
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] user32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001D03FC
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001E03FC
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 001E0600
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 001E1014
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 001E0804
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 001E0A08
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 001E0C0C
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 001E0E10
.text C:\Program Files\Multimedia Keyboard Driver\PS2USBKbdDrv.exe[1908] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001E01F8
.text C:\Windows\notepad.exe[1920] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000901F8
.text C:\Windows\notepad.exe[1920] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000903FC
.text C:\Windows\notepad.exe[1920] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\notepad.exe[1920] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001C03FC
.text C:\Windows\notepad.exe[1920] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 001C0600
.text C:\Windows\notepad.exe[1920] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 001C1014
.text C:\Windows\notepad.exe[1920] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 001C0804
.text C:\Windows\notepad.exe[1920] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 001C0A08
.text C:\Windows\notepad.exe[1920] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 001C0C0C
.text C:\Windows\notepad.exe[1920] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 001C0E10
.text C:\Windows\notepad.exe[1920] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001C01F8
.text C:\Windows\notepad.exe[1920] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 001E0600
.text C:\Windows\notepad.exe[1920] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 001E0804
.text C:\Windows\notepad.exe[1920] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 001E0A08
.text C:\Windows\notepad.exe[1920] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001E01F8
.text C:\Windows\notepad.exe[1920] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001E03FC
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001B03FC
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 001B0600
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 001B1014
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 001B0804
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 001B0A08
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 001B0C0C
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 001B0E10
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001B01F8
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00170600
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00170804
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00170A08
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001701F8
.text C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000901F8
.text C:\Windows\system32\Dwm.exe[2000] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000903FC
.text C:\Windows\system32\Dwm.exe[2000] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\Dwm.exe[2000] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 000C0600
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 000C0804
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 000C0A08
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000C01F8
.text C:\Windows\system32\Dwm.exe[2000] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000C03FC
.text C:\Windows\Explorer.EXE[2032] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\Explorer.EXE[2032] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\Explorer.EXE[2032] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001803FC
.text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00180600
.text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00181014
.text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00180804
.text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00180A08
.text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00180C0C
.text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00180E10
.text C:\Windows\Explorer.EXE[2032] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001801F8
.text C:\Windows\Explorer.EXE[2032] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00550600
.text C:\Windows\Explorer.EXE[2032] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00550804
.text C:\Windows\Explorer.EXE[2032] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00550A08
.text C:\Windows\Explorer.EXE[2032] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 005501F8
.text C:\Windows\Explorer.EXE[2032] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 005503FC
.text C:\Windows\System32\spoolsv.exe[2440] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000801F8
.text C:\Windows\System32\spoolsv.exe[2440] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000803FC
.text C:\Windows\System32\spoolsv.exe[2440] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[2440] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000A03FC
.text C:\Windows\System32\spoolsv.exe[2440] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 000A0600
.text C:\Windows\System32\spoolsv.exe[2440] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 000A1014
.text C:\Windows\System32\spoolsv.exe[2440] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 000A0804
.text C:\Windows\System32\spoolsv.exe[2440] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 000A0A08
.text C:\Windows\System32\spoolsv.exe[2440] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 000A0C0C
.text C:\Windows\System32\spoolsv.exe[2440] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 000A0E10
.text C:\Windows\System32\spoolsv.exe[2440] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000A01F8
.text C:\Windows\System32\spoolsv.exe[2440] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00150600
.text C:\Windows\System32\spoolsv.exe[2440] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00150804
.text C:\Windows\System32\spoolsv.exe[2440] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00150A08
.text C:\Windows\System32\spoolsv.exe[2440] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001501F8
.text C:\Windows\System32\spoolsv.exe[2440] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001503FC
.text C:\Windows\system32\svchost.exe[2464] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2464] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2464] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2464] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[2464] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[2464] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[2464] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[2464] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[2464] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[2464] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[2464] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[2464] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 002D0600
.text C:\Windows\system32\svchost.exe[2464] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 002D0804
.text C:\Windows\system32\svchost.exe[2464] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 002D0A08
.text C:\Windows\system32\svchost.exe[2464] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 002D01F8
.text C:\Windows\system32\svchost.exe[2464] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 002D03FC
.text C:\Windows\system32\taskeng.exe[2476] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2476] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2476] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2476] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2476] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2476] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2476] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2476] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2476] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2476] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2476] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2476] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2476] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2476] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2476] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2476] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\taskeng.exe[2552] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskeng.exe[2552] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskeng.exe[2552] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\taskeng.exe[2552] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\taskeng.exe[2552] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\taskeng.exe[2552] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\taskeng.exe[2552] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\taskeng.exe[2552] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\taskeng.exe[2552] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\taskeng.exe[2552] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\taskeng.exe[2552] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\taskeng.exe[2552] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Windows\system32\taskeng.exe[2552] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\taskeng.exe[2552] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\taskeng.exe[2552] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\taskeng.exe[2552] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\svchost.exe[2628] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[2628] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[2628] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000B03FC
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 000B0600
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 000B1014
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 000B0804
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 000B0A08
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 000B0C0C
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 000B0E10
.text C:\Windows\system32\svchost.exe[2628] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000B01F8
.text C:\Windows\system32\svchost.exe[2628] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00C20600
.text C:\Windows\system32\svchost.exe[2628] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00C20804
.text C:\Windows\system32\svchost.exe[2628] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00C20A08
.text C:\Windows\system32\svchost.exe[2628] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 00C201F8
.text C:\Windows\system32\svchost.exe[2628] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 00C203FC
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000601F8
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000603FC
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Users\mirek\AppData\Local\Google\Update\1.3.21.68\GoogleCrashHandler.exe[3068] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3164] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\bgsvcgen.exe[3184] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Windows\system32\bgsvcgen.exe[3184] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Windows\system32\bgsvcgen.exe[3184] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\bgsvcgen.exe[3184] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00170600
.text C:\Windows\system32\bgsvcgen.exe[3184] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00170804
.text C:\Windows\system32\bgsvcgen.exe[3184] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00170A08
.text C:\Windows\system32\bgsvcgen.exe[3184] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001701F8
.text C:\Windows\system32\bgsvcgen.exe[3184] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001703FC
.text C:\Windows\system32\bgsvcgen.exe[3184] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001803FC
.text C:\Windows\system32\bgsvcgen.exe[3184] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00180600
.text C:\Windows\system32\bgsvcgen.exe[3184] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00181014
.text C:\Windows\system32\bgsvcgen.exe[3184] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00180804
.text C:\Windows\system32\bgsvcgen.exe[3184] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00180A08
.text C:\Windows\system32\bgsvcgen.exe[3184] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00180C0C
.text C:\Windows\system32\bgsvcgen.exe[3184] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00180E10
.text C:\Windows\system32\bgsvcgen.exe[3184] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[3220] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[3240] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[3240] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[3240] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[3240] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[3240] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00160600
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[3240] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00161014
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[3240] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00160804
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[3240] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00160A08
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[3240] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00160C0C
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[3240] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00160E10
.text C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe[3240] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00181014
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00180C0C
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00180E10
.text C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe[3344] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001801F8
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00180600
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00180804
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00180A08
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001801F8
.text C:\Program Files\LogMeIn Hamachi\hamachi-2.exe[3372] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3428] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[3456] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001501F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001503FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00180600
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00180804
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00180A08
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001801F8
.text C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe[3472] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001803FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000401F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000403FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000603FC
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00060600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00061014
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00060804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00060A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00060C0C
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00060E10
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000601F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3520] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000703FC
.text C:\Windows\system32\PnkBstrA.exe[3532] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001401F8
.text C:\Windows\system32\PnkBstrA.exe[3532] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001403FC
.text C:\Windows\system32\PnkBstrA.exe[3532] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\PnkBstrA.exe[3532] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00160600
.text C:\Windows\system32\PnkBstrA.exe[3532] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00160804
.text C:\Windows\system32\PnkBstrA.exe[3532] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00160A08
.text C:\Windows\system32\PnkBstrA.exe[3532] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001601F8
.text C:\Windows\system32\PnkBstrA.exe[3532] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001603FC
.text C:\Windows\system32\PnkBstrA.exe[3532] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001703FC
.text C:\Windows\system32\PnkBstrA.exe[3532] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00170600
.text C:\Windows\system32\PnkBstrA.exe[3532] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00171014
.text C:\Windows\system32\PnkBstrA.exe[3532] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00170804
.text C:\Windows\system32\PnkBstrA.exe[3532] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00170A08
.text C:\Windows\system32\PnkBstrA.exe[3532] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00170C0C
.text C:\Windows\system32\PnkBstrA.exe[3532] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00170E10
.text C:\Windows\system32\PnkBstrA.exe[3532] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001701F8
.text C:\Windows\system32\svchost.exe[3564] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3564] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3564] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3564] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3564] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3564] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3564] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3564] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3564] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3564] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3564] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\svchost.exe[3564] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00110600
.text C:\Windows\system32\svchost.exe[3564] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00110804
.text C:\Windows\system32\svchost.exe[3564] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00110A08
.text C:\Windows\system32\svchost.exe[3564] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001101F8
.text C:\Windows\system32\svchost.exe[3564] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001103FC
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\svchost.exe[3588] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\svchost.exe[3588] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\svchost.exe[3588] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3608] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Windows\System32\svchost.exe[3660] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\System32\svchost.exe[3660] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\System32\svchost.exe[3660] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\System32\svchost.exe[3660] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3688] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\SearchIndexer.exe[3688] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\SearchIndexer.exe[3688] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3688] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\SearchIndexer.exe[3688] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\SearchIndexer.exe[3688] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\SearchIndexer.exe[3688] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\SearchIndexer.exe[3688] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\SearchIndexer.exe[3688] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\SearchIndexer.exe[3688] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\SearchIndexer.exe[3688] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\SearchIndexer.exe[3688] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Windows\system32\SearchIndexer.exe[3688] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\SearchIndexer.exe[3688] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\SearchIndexer.exe[3688] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\SearchIndexer.exe[3688] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Windows\system32\WUDFHost.exe[4244] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Windows\system32\WUDFHost.exe[4244] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Windows\system32\WUDFHost.exe[4244] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\WUDFHost.exe[4244] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000703FC
.text C:\Windows\system32\WUDFHost.exe[4244] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00070600
.text C:\Windows\system32\WUDFHost.exe[4244] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00071014
.text C:\Windows\system32\WUDFHost.exe[4244] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00070804
.text C:\Windows\system32\WUDFHost.exe[4244] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00070A08
.text C:\Windows\system32\WUDFHost.exe[4244] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00070C0C
.text C:\Windows\system32\WUDFHost.exe[4244] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00070E10
.text C:\Windows\system32\WUDFHost.exe[4244] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000701F8
.text C:\Windows\system32\WUDFHost.exe[4244] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00080600
.text C:\Windows\system32\WUDFHost.exe[4244] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00080804
.text C:\Windows\system32\WUDFHost.exe[4244] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00080A08
.text C:\Windows\system32\WUDFHost.exe[4244] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000801F8
.text C:\Windows\system32\WUDFHost.exe[4244] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000803FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 001601F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 001603FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00180600
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00180804
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00180A08
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 001801F8
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 001803FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 001903FC
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00190600
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00191014
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00190804
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00190A08
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00190C0C
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00190E10
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5776] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 001901F8
.text C:\Windows\system32\wuauclt.exe[5840] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000A01F8
.text C:\Windows\system32\wuauclt.exe[5840] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000A03FC
.text C:\Windows\system32\wuauclt.exe[5840] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[5840] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 008C0600
.text C:\Windows\system32\wuauclt.exe[5840] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 008C0804
.text C:\Windows\system32\wuauclt.exe[5840] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 008C0A08
.text C:\Windows\system32\wuauclt.exe[5840] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 008C01F8
.text C:\Windows\system32\wuauclt.exe[5840] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 008C03FC
.text C:\Windows\system32\wuauclt.exe[5840] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 008D03FC
.text C:\Windows\system32\wuauclt.exe[5840] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 008D0600
.text C:\Windows\system32\wuauclt.exe[5840] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 3 Bytes JMP 008D1014
.text C:\Windows\system32\wuauclt.exe[5840] ADVAPI32.dll!SetServiceObjectSecurity + 4 76D46CDD 1 Byte [89]
.text C:\Windows\system32\wuauclt.exe[5840] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 008D0804
.text C:\Windows\system32\wuauclt.exe[5840] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 008D0A08
.text C:\Windows\system32\wuauclt.exe[5840] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 008D0C0C
.text C:\Windows\system32\wuauclt.exe[5840] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 008D0E10
.text C:\Windows\system32\wuauclt.exe[5840] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 008D01F8
.text C:\Program Files\Safari\Safari.exe[5980] ntdll.dll!LdrLoadDll 76F893A8 5 Bytes JMP 000501F8
.text C:\Program Files\Safari\Safari.exe[5980] ntdll.dll!LdrUnloadDll 76F9B740 5 Bytes JMP 000503FC
.text C:\Program Files\Safari\Safari.exe[5980] kernel32.dll!GetBinaryTypeW + 70 756F2467 1 Byte [62]
.text C:\Program Files\Safari\Safari.exe[5980] USER32.dll!SetWindowsHookExA 75946322 5 Bytes JMP 00070600
.text C:\Program Files\Safari\Safari.exe[5980] USER32.dll!SetWindowsHookExW 759487AD 5 Bytes JMP 00070804
.text C:\Program Files\Safari\Safari.exe[5980] USER32.dll!UnhookWindowsHookEx 759498DB 5 Bytes JMP 00070A08
.text C:\Program Files\Safari\Safari.exe[5980] USER32.dll!SetWinEventHook 75949F3A 5 Bytes JMP 000701F8
.text C:\Program Files\Safari\Safari.exe[5980] USER32.dll!UnhookWinEvent 7594C06F 5 Bytes JMP 000703FC
.text C:\Program Files\Safari\Safari.exe[5980] USER32.dll!EndPaint 7595A28F 5 Bytes JMP 64212E30 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll (WebKit Dynamic Link Library/Apple Inc.)
.text C:\Program Files\Safari\Safari.exe[5980] USER32.dll!BeginPaint 7595A2A3 5 Bytes JMP 64212DC0 C:\Program Files\Common Files\Apple\Apple Application Support\WebKit.dll (WebKit Dynamic Link Library/Apple Inc.)
.text C:\Program Files\Safari\Safari.exe[5980] ADVAPI32.dll!CreateServiceW 76D09EB4 5 Bytes JMP 000803FC
.text C:\Program Files\Safari\Safari.exe[5980] ADVAPI32.dll!DeleteService 76D0A07E 5 Bytes JMP 00080600
.text C:\Program Files\Safari\Safari.exe[5980] ADVAPI32.dll!SetServiceObjectSecurity 76D46CD9 5 Bytes JMP 00081014
.text C:\Program Files\Safari\Safari.exe[5980] ADVAPI32.dll!ChangeServiceConfigA 76D46DD9 5 Bytes JMP 00080804
.text C:\Program Files\Safari\Safari.exe[5980] ADVAPI32.dll!ChangeServiceConfigW 76D46F81 5 Bytes JMP 00080A08
.text C:\Program Files\Safari\Safari.exe[5980] ADVAPI32.dll!ChangeServiceConfig2A 76D47099 5 Bytes JMP 00080C0C
.text C:\Program Files\Safari\Safari.exe[5980] ADVAPI32.dll!ChangeServiceConfig2W 76D471E1 5 Bytes JMP 00080E10
.text C:\Program Files\Safari\Safari.exe[5980] ADVAPI32.dll!CreateServiceA 76D472A1 5 Bytes JMP 000801F8

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [806826D6] \SystemRoot\System32\Drivers\spkq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [80682042] \SystemRoot\System32\Drivers\spkq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [80682800] \SystemRoot\System32\Drivers\spkq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [806820C0] \SystemRoot\System32\Drivers\spkq.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068213E] \SystemRoot\System32\Drivers\spkq.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [80691B90] \SystemRoot\System32\Drivers\spkq.sys
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortWritePortUchar] 838DA47F
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] [100D8BA5] \Program Files\DAEMON Tools Lite\Engine.dll (Helper library/DT Soft Ltd)
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F8DA450
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortRequestCallback] 8B55CC00
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\a653njpq.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\system32\services.exe[716] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00190002
IAT C:\Windows\system32\services.exe[716] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00190000
IAT C:\Windows\notepad.exe[1388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00262F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\notepad.exe[1388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00262D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\notepad.exe[1388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00262CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\notepad.exe[1388] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00262CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\notepad.exe[1920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01812F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\notepad.exe[1920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01812D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\notepad.exe[1920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01812CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\notepad.exe[1920] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01812CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\mirek\Documents\Downloads\esgr76pj.exe[1972] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E07817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73E5A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E0BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73DFF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E075E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73DFE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73E38395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E0DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73DFFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73DFFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73DF71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73E8CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E2C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73DFD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73DF6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73DF687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E02AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [038D2F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [038D2D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [038D2CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[2032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [038D2CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[5840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AD2F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[5840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00AD2D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[5840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AD2CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[5840] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AD2CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Safari\Safari.exe[5980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00572F30] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Safari\Safari.exe[5980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00572D00] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Safari\Safari.exe[5980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00572CA0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Safari\Safari.exe[5980] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00572CD0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 85B011F8
Device \FileSystem\fastfat \FatCdrom aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \FatCdrom 882701F8
Device \Driver\volmgr \Device\VolMgrControl 85AFE1F8
Device \Driver\usbuhci \Device\USBPDO-0 86AF11F8
Device \Driver\usbuhci \Device\USBPDO-1 86AF11F8
Device \Driver\usbuhci \Device\USBPDO-2 86AF11F8
Device \Driver\usbuhci \Device\USBPDO-3 86AF11F8
Device \Driver\usbehci \Device\USBPDO-4 86AEF1F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\netbt \Device\NetBT_Tcpip_{6829272B-8364-4C67-B249-4707BAFBCADA} 87D251F8
Device \Driver\volmgr \Device\HarddiskVolume1 85AFE1F8
Device \Driver\volmgr \Device\HarddiskVolume2 85AFE1F8
Device \Driver\cdrom \Device\CdRom0 86C7D1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 85B001F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 85B001F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort0 85B001F8
Device \Driver\atapi \Device\Ide\IdePort0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort1 85B001F8
Device \Driver\atapi \Device\Ide\IdePort1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort2 85B001F8
Device \Driver\atapi \Device\Ide\IdePort2 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\atapi \Device\Ide\IdePort3 85B001F8
Device \Driver\atapi \Device\Ide\IdePort3 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\volmgr \Device\HarddiskVolume3 85AFE1F8
Device \Driver\cdrom \Device\CdRom1 86C7D1F8
Device \Driver\volmgr \Device\HarddiskVolume4 85AFE1F8
Device \Driver\cdrom \Device\CdRom2 86C7D1F8
Device \Driver\volmgr \Device\HarddiskVolume5 85AFE1F8
Device \Driver\volmgr \Device\HarddiskVolume6 85AFE1F8
Device \Driver\netbt \Device\NetBt_Wins_Export 87D251F8
Device \Driver\USBSTOR \Device\00000077 87C611F8
Device \Driver\USBSTOR \Device\00000077 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000078 87C611F8
Device \Driver\USBSTOR \Device\00000078 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\USBSTOR \Device\00000079 87C611F8
Device \Driver\USBSTOR \Device\00000079 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\Smb \Device\NetbiosSmb 87D8C1F8
Device \Driver\sptd \Device\858393027 spkq.sys
Device \Driver\netbt \Device\NetBT_Tcpip_{6E5C67F2-4801-4C8E-8E05-7FD502B2E42B} 87D251F8
Device \Driver\iScsiPrt \Device\RaidPort0 86E601F8

AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\PCI_PNP7016 \Device\0000005e spkq.sys
Device \Driver\usbuhci \Device\USBFDO-0 86AF11F8
Device \Driver\USBSTOR \Device\0000007a 87C611F8
Device \Driver\USBSTOR \Device\0000007a sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbuhci \Device\USBFDO-1 86AF11F8
Device \Driver\USBSTOR \Device\0000007b 87C611F8
Device \Driver\USBSTOR \Device\0000007b sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\usbuhci \Device\USBFDO-2 86AF11F8
Device \Driver\usbuhci \Device\USBFDO-3 86AF11F8
Device \Driver\usbehci \Device\USBFDO-4 86AEF1F8
Device \Driver\a653njpq \Device\Scsi\a653njpq1Port5Path0Target1Lun0 86DEA1F8
Device \Driver\a653njpq \Device\Scsi\a653njpq1Port5Path0Target1Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a653njpq \Device\Scsi\a653njpq1 86DEA1F8
Device \Driver\a653njpq \Device\Scsi\a653njpq1 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \Driver\a653njpq \Device\Scsi\a653njpq1Port5Path0Target0Lun0 86DEA1F8
Device \Driver\a653njpq \Device\Scsi\a653njpq1Port5Path0Target0Lun0 sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)
Device \FileSystem\fastfat \Fat aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\fastfat \Fat 882701F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Menedżer filtrów systemu plików firmy Microsoft/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs A6C511F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x46 0xB7 0xCF 0xB1 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xC7 0xF5 0x28 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xFC 0xE6 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9D 0xAA 0x27 0x08 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB0 0xEF 0xB0 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x46 0xB7 0xCF 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xC7 0xF5 0x28 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xFC 0xE6 0x3E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0xDB 0x8B 0x56 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB0 0xEF 0xB0 0x56 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x46 0xB7 0xCF 0xB1 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xC7 0xF5 0x28 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xFC 0xE6 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x10 0xDB 0x8B 0x56 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB0 0xEF 0xB0 0x56 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x46 0xB7 0xCF 0xB1 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xC7 0xF5 0x28 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xFC 0xE6 0x3E ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x46 0xA4 0x9F 0xC3 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB0 0xEF 0xB0 0x56 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x46 0xB7 0xCF 0xB1 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xC7 0xF5 0x28 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xFC 0xE6 0x3E ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x46 0xA4 0x9F 0xC3 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB0 0xEF 0xB0 0x56 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x46 0xB7 0xCF 0xB1 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xC7 0xF5 0x28 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xFC 0xE6 0x3E ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9D 0xAA 0x27 0x08 ...
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB0 0xEF 0xB0 0x56 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x46 0xB7 0xCF 0xB1 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xC7 0xF5 0x28 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xFC 0xE6 0x3E ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9D 0xAA 0x27 0x08 ...
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB0 0xEF 0xB0 0x56 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x46 0xB7 0xCF 0xB1 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x65 0xC7 0xF5 0x28 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD1 0xFC 0xE6 0x3E ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x9D 0xAA 0x27 0x08 ...
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB0 0xEF 0xB0 0x56 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls@C:\Users\Public\Documents\Pinnacle\Content\MotionTitles\-Looks\Standard\01 \x2013 Soft Shadow Looks.ixLook 1
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x3E 0x1E 0x9E 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xDF 0x20 0x58 0x62 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xB2 0x46 0x9A 0xE2 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@D:\Gry\PC \xbb CALL OF DUTY 7 - BLACK OPS directplay by globe@\Call of Duty - Black Ops\Call of Duty - Black Ops\BlackOps.exe 8

---- EOF - GMER 1.0.15 ----
[/log]

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.