Dzani1125 utworzono 1 czerwca 2012 utworzono 1 czerwca 2012 Witam wszystkich, mam pewien problem. Na pulpicie mam ustawione foldery po swojemu, natomiast gdy wcisne PPM i klikne odśwież wszystkie foldery, pliki zmieniają swoją pozycje, też mam tak jak uruchomie komputer, co mam zrobić żeby ikony nie pzeskakiwały gdy nacisne odśwież natomiast drugi problem polega : jak wchodze w mój komputer w dysk np E i mam zaznaczoną opcje "Widoki", "ikony" następnie z niej wychodze i wchodze ponownie to po chwili samoczynnie zmienia się na inny widok tak samo mam z odświeżaniem gdy odświeże rozstawione ikony foldery po mojemu automatycznie przeskakują na lewą strone. Proszę bardzo o pomoc.
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 PPM na Pulpit > Rozmieść ikony według > Wyrównaj do siatki odznacz Autorozmieszczanie
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 Co to za system? Jaka architektura 32bit czy 64? Sprawdź na nowym profilu (nowe konto)
Dzani1125 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 System to Microsoft Windows XP Professional Wersja 2002 dodatek Service Pack 3 jak nowe konto nie rozumiem ?
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 [quote]jak nowe konto nie rozumiem ? [/quote] A co tu jest do rozumienia. Założ nowe konto na prawach admina i sprawdź. Moze profil jest uszkodzony. A swoja drogą, nie wykluczam infekcji rootkitem. Daj logi z [b]OTL i Gmera[/b]. Bedzie jakis podglad systuacji. http://www.forumpc.pl/index.php?showtopic=116175 http://www.forumpc.pl/index.php?showtopic=104338
Dzani1125 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 (edytowane) Tutaj z OTL: [spoiler]3,50 Gb Total Physical Memory | 2,89 Gb Available Physical Memory | 82,49% Memory free 5,34 Gb Paging File | 4,64 Gb Available in Paging File | 86,94% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 390,63 Gb Total Space | 310,29 Gb Free Space | 79,43% Space Free | Partition Type: NTFS Drive E: | 540,88 Gb Total Space | 298,03 Gb Free Space | 55,10% Space Free | Partition Type: NTFS Drive G: | 660,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: KUCHARSKI | User Name: DZIECIAKI_PSUJE | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012-06-01 14:11:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\Zając\OTL.exe PRC - [2012-06-01 14:07:55 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe PRC - [2012-05-11 21:18:36 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe PRC - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012-03-07 01:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2011-10-08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-04-08 18:23:44 | 002,240,512 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe PRC - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe PRC - [2009-10-15 14:11:48 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2009-10-15 14:11:44 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2008-12-04 09:38:50 | 000,430,080 | ---- | M] () -- C:\Program Files\Icon7\iConfig\capturesound.exe PRC - [2004-08-04 00:44:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2012-06-01 14:07:55 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe MOD - [2012-05-31 20:10:11 | 001,764,352 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12053101\algo.dll MOD - [2011-10-08 06:50:00 | 001,564,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll MOD - [2011-10-08 06:50:00 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll MOD - [2011-04-08 18:23:44 | 002,240,512 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe MOD - [2010-07-04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll MOD - [2009-10-28 05:40:14 | 003,885,984 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MOD - [2009-08-21 14:45:30 | 000,503,202 | ---- | M] () -- C:\Program Files\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2008-12-04 09:38:50 | 000,430,080 | ---- | M] () -- C:\Program Files\Icon7\iConfig\capturesound.exe MOD - [2007-01-31 11:33:24 | 000,032,768 | ---- | M] () -- C:\Program Files\Vtune\TBPanelExt.dll MOD - [2002-04-18 19:16:38 | 000,094,636 | ---- | M] () -- C:\WINDOWS\dropcpyr.dll MOD - [1998-10-31 04:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV - [2012-05-03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012-04-21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012-04-04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012-03-07 01:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011-12-30 14:36:17 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Disabled | Stopped] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011-10-08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2011-06-13 22:09:22 | 000,267,568 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2009-12-23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE) SRV - [2009-10-15 14:11:48 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2008-07-29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2004-08-04 00:44:28 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\tlntsvr.exe -- (TlntSvr) SRV - [2004-08-04 00:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDEdsdm) SRV - [2004-08-04 00:44:26 | 000,114,688 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\netdde.exe -- (NetDDE) SRV - [2004-08-04 00:44:18 | 000,033,280 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\clipsrv.exe -- (ClipSrv) SRV - [2004-08-04 00:44:06 | 000,033,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\msgsvc.dll -- (Messenger) SRV - [2004-08-04 00:43:54 | 000,017,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\alrsvc.dll -- (Alerter) SRV - [2001-10-26 19:29:36 | 000,049,152 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\mprdim.dll -- (RemoteAccess) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\DZIECI~1\USTAWI~1\Temp\uxroqpow.sys -- (uxroqpow) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- D:\CDriver.sys -- (MSICDSetup) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ag8k2j22) DRV - [2012-06-01 11:29:55 | 000,139,448 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2012-04-21 14:47:05 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd) DRV - [2012-04-19 05:57:38 | 000,113,072 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012-03-07 01:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012-03-07 01:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012-03-07 01:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012-03-07 01:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012-03-07 01:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2) DRV - [2012-03-07 01:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012-03-07 00:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4) DRV - [2011-07-08 01:21:30 | 000,119,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2011-03-18 18:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2010-08-04 15:16:54 | 002,127,728 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2010-07-04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2010-01-29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2009-11-30 08:31:42 | 000,050,176 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1c51x86.sys -- (L1c) DRV - [2008-12-26 12:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM) DRV - [2008-08-27 18:10:36 | 000,031,360 | ---- | M] (Dritek System Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HMuFtI7S300.sys -- (HMuFtI7S300) Dritek HID Mouse Filter for Icon7 S300 (Windows XP) DRV - [2007-05-02 12:11:18 | 000,109,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdm.sys -- (ss_mdm) DRV - [2007-05-02 12:11:18 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_mdfl.sys -- (ss_mdfl) DRV - [2007-05-02 12:11:16 | 000,083,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2007-03-16 10:11:38 | 000,012,256 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex) DRV - [2007-01-29 07:40:22 | 000,449,408 | ---- | M] (MSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSILiveVirtualCamera.sys -- (MSILiveVirtualCamera) DRV - [2006-11-04 06:45:48 | 000,178,913 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0260Vid.sys -- (V0260VID) DRV - [2006-07-24 17:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2004-08-04 00:38:14 | 000,800,000 | ---- | M] (Microsoft Corp., Veritas Software) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\dmboot.sys -- (dmboot) DRV - [2004-08-04 00:34:16 | 000,120,064 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\pcmcia.sys -- (Pcmcia) DRV - [2004-08-03 23:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\fastfat.sys -- (Fastfat) DRV - [2004-08-03 23:00:32 | 000,066,176 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\udfs.sys -- (Udfs) DRV - [2001-10-26 18:46:18 | 000,012,032 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\acpiec.sys -- (ACPIEC) DRV - [2001-10-26 16:50:46 | 000,097,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2001-08-17 23:52:06 | 000,013,952 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\cbidf2k.sys -- (cbidf2k) DRV - [1996-04-03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}"]http://search.live.c...ferrer:source?}[/url] IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = [url="http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={6A21868D-685C-11E1-A67C-D98804255F2A}"]http://search.sweeti...C-D98804255F2A}[/url] IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = [url="http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111026121105062&tb_oid=26-10-2011&tb_mrud=26-10-2011"]http://slirsredirect...mrud=26-10-2011[/url] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.google.pl/"]http://www.google.pl/[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\URLSearchHook: {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{0067A287-7007-46F8-B742-22D129DACD96}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"]http://search.live.c...Box&Form=IE8SRC[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [url="http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC"]http://search.live.c...Box&Form=IE8SRC[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{0D4B5C97-7CC1-475D-9428-D2B0B1BF3830}: "URL" = [url="http://searchya.com/?chnl=dcom-100&s=1&cr=1582775790&cd=2XzutAtN2Y1L1QzutN0D0TzutBtDtCtBtDtAtCtD&q={searchTerms}"]http://searchya.com/...q={searchTerms}[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = [url="http://search.babylon.com/?q={searchTerms}&AF=108758&babsrc=SP_ss&mntrId=886cf86a0000000000008c89a5334d80"]http://search.babylo...0008c89a5334d80[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{6C48E2D7-D2F6-4e18-A034-01D66505089B}: "URL" = [url="http://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346"]http://www.google.co...88%3A4067623346[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{8F476EC3-0DFA-4E4B-8113-E8B1DD69A28D}: "URL" = [url="http://szukaj.gazeta.pl/portalSearch.do?s.si(navigation"]http://szukaj.gazeta...s.si(navigation[/url]).navigationEnabled=true&s.sm.query={searchTerms} IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = [url="http://isearch.avg.com/search?cid={2EC36FC7-5D0D-49B0-81FA-C1F000820D92}&mid=f195a7ec924d47d09aaa48a727736dab-175559af91860ddca380d0dee874d1a193ca3982&lang=pl&ds=st011&pr=sa&d=2012-05-12"]http://isearch.avg.c...sa&d=2012-05-12[/url] 15:30:55&v=11.0.0.9&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = [url="http://www.daemon-search.com/search?q={searchTerms}"]http://www.daemon-se...q={searchTerms}[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = [url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029"]http://search.condui...&ctid=CT2475029[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{C025FA1A-1A80-4469-AEA9-038F031B26CA}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"]http://www.bing.com/...Box&FORM=IE8SRC[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{CEC0A81D-FE91-4b53-9551-DDE46828011C}: "URL" = [url="http://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH"]http://www.bing.com/...=SPLBR2&pc=SPLH[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = [url="http://search.sweetim.com/search.asp?src=6&q={searchTerms}&barid={6A21868D-685C-11E1-A67C-D98804255F2A}"]http://search.sweeti...C-D98804255F2A}[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = [url="http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20111026121105062&tb_oid=26-10-2011&tb_mrud=26-10-2011"]http://slirsredirect...mrud=26-10-2011[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\SearchScopes\{F9B9E14A-40BE-4e88-B1E5-A80784620C5C}: "URL" = [url="http://search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM"]http://search.yahoo....cevm&type=STDVM[/url] IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-854245398-73586283-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://searchya.com" FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B6871ee60-768b-4662-a987-6f8e04af184c%7D&mid=f195a7ec924d47d09aaa48a727736dab-175559af91860ddca380d0dee874d1a193ca3982&ds=st011&v=11.0.0.9&lang=pl&pr=sa&d=2012-05-12%2015%3A30%3A55&sap=ku&q=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: E:\Programy\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: E:\Programy\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@vividas.com/npVividasPlayer: C:\Program Files\Vividas\Player\npVividasPlayer.dll ( ) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-05-31 15:10:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-05-12 15:40:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-12-22 14:09:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Mozilla\Extensions [2012-05-21 17:59:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Mozilla\Firefox\Profiles\ozcoy75u.default\extensions [2012-05-21 17:59:51 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Mozilla\Firefox\Profiles\ozcoy75u.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2012-04-29 23:06:41 | 000,000,000 | ---D | M] (free-downloads.net Community Toolbar) -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Mozilla\Firefox\Profiles\ozcoy75u.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} [2012-03-22 22:20:51 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Mozilla\Firefox\Profiles\ozcoy75u.default\extensions\DTToolbar@toolbarnet.com [2012-05-13 08:20:49 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Mozilla\Firefox\Profiles\ozcoy75u.default\extensions\engine@conduit.com [2012-03-11 01:54:42 | 000,000,000 | ---D | M] (searchya.com) -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Mozilla\Firefox\Profiles\ozcoy75u.default\extensions\ffxtlbr@searchya.com [2012-05-12 15:40:55 | 000,003,849 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Mozilla\Firefox\Profiles\ozcoy75u.default\searchplugins\avg-secure-search.xml [2012-03-11 00:48:58 | 000,001,465 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Mozilla\Firefox\Profiles\ozcoy75u.default\searchplugins\searchya.xml [2012-03-07 15:50:12 | 000,003,974 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Mozilla\Firefox\Profiles\ozcoy75u.default\searchplugins\sweetim.xml [2012-05-12 15:40:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012-05-20 22:40:16 | 000,550,833 | ---- | M] () (No name found) -- C:\DOCUMENTS AND SETTINGS\DZIECIAKI_PSUJE\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\OZCOY75U.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012-04-21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012-04-21 04:18:44 | 000,002,767 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\allegro-pl.xml [2012-04-21 04:18:44 | 000,001,406 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fbc-pl.xml [2012-04-21 04:18:44 | 000,000,917 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\merlin-pl.xml [2012-04-21 04:18:44 | 000,000,858 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pwn-pl.xml [2012-04-21 04:18:44 | 000,001,183 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-pl.xml [2012-04-21 04:18:44 | 000,001,683 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wp-pl.xml O1 HOSTS File: ([2001-10-26 17:45:16 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Programy\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - No CLSID value found. O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre0.dll (Conduit Ltd.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found. O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\Toolbar\WebBrowser: (MyAshampoo Toolbar) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.) O3 - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\prxtbfre0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [CaptureSound] C:\Program Files\Icon7\iConfig\capturesound.exe () O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [Resume copy] C:\WINDOWS\COPYFSTQ.EXE () O4 - HKU\S-1-5-21-854245398-73586283-839522115-1003..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-854245398-73586283-839522115-1003..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-854245398-73586283-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-854245398-73586283-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - E:\Programy\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O8 - Extra context menu item: Wyślij &do programu OneNote - E:\Programy\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programy\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Programy\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Programy\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Notatki połączone programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Programy\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_30) O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} [url="https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.66.2.cab"]https://battlefield....er_1.0.66.2.cab[/url] (Battlefield Play4Free Updater) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [url="http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab"]http://java.sun.com/...indows-i586.cab[/url] (Java Plug-in 1.6.0_30) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [url="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab"]http://download.macr...ash/swflash.cab[/url] (Shockwave Flash Object) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} [url="http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab"]http://content.syste...yri_4.5.1.0.cab[/url] (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE34ABA8-AC2F-4BFB-8E20-AE3701260DF0}: DhcpNameServer = 192.168.1.1 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Moja bieżąca strona główna) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\DZIECIAKI_PSUJE\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\DZIECIAKI_PSUJE\Ustawienia lokalne\Dane aplikacji\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011-10-09 00:48:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: 6to4 - File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: WmdmPmSp - File not found MsConfig - Services: "CyberLink PowerDVD 11.0 Service" MsConfig - Services: "CyberLink PowerDVD 11.0 Monitor Service" MsConfig - Services: "CLHNServiceForPowerDVD" MsConfig - Services: "Steam Client Service" MsConfig - Services: "JavaQuickStarterService" MsConfig - Services: "PnkBstrA" MsConfig - StartUpReg: [b]ALLUpdate[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]HDAudDeck[/b] - hkey= - key= - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe (VIA Technologies, Inc.) MsConfig - StartUpReg: [b]iConfig[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]NBJ[/b] - hkey= - key= - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG) MsConfig - StartUpReg: [b]NeroFilterCheck[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]NvCplDaemon[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]RemoteControl11[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]S300[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]Steam[/b] - hkey= - key= - File not found MsConfig - StartUpReg: [b]SunJavaUpdateSched[/b] - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "system.ini" - 0 MsConfig - State: "win.ini" - 0 MsConfig - State: "bootini" - 0 MsConfig - State: "services" - 2 MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: SCSI Class - Driver Group SafeBootMin: sermouse.sys - Driver SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vga.sys - Driver SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: SCSI Class - Driver Group SafeBootNet: sermouse.sys - Driver SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vga.sys - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices [color=#E56717]========== Files/Folders - Created Within 60 Days ==========[/color] [2012-05-31 17:01:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Malwarebytes' Anti-Malware [2012-05-31 17:01:52 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012-05-31 15:17:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Recent [2012-05-31 15:16:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\avast! Free Antivirus [2012-05-30 14:47:15 | 000,337,880 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys [2012-05-30 14:47:15 | 000,020,696 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys [2012-05-30 14:47:13 | 000,612,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys [2012-05-30 14:47:13 | 000,095,704 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys [2012-05-30 14:47:13 | 000,089,048 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys [2012-05-30 14:47:13 | 000,053,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys [2012-05-30 14:47:13 | 000,035,672 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys [2012-05-30 14:47:13 | 000,024,920 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys [2012-05-30 14:46:56 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr [2012-05-30 14:46:55 | 000,201,352 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe [2012-05-29 22:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\Skype Password [2012-05-29 22:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Menu Start\Programy\Skype Password [2012-05-29 22:52:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Ashampoo [2012-05-29 22:52:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Menu Start\Programy\San Andreas Multiplayer [2012-05-29 22:52:55 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo [2012-05-29 22:52:54 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012-05-29 22:06:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012-05-28 11:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Onet.pl [2012-05-28 11:19:44 | 000,000,000 | ---D | C] -- C:\Program Files\Onet [2012-05-28 11:19:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Kamerzysta [2012-05-19 18:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Moje dokumenty\GTA Vice City User Files [2012-05-15 17:21:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\PriceGong [2012-05-14 21:38:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Ustawienia lokalne\Dane aplikacji\NFS Underground 2 [2012-05-14 21:38:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DirectX [2012-05-13 21:26:43 | 000,000,000 | -HSD | C] -- C:\Boot [2012-05-13 11:51:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012-05-13 10:11:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\Do Windowsa 7 [2012-05-13 08:20:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Ashampoo [2012-05-13 08:20:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Ustawienia lokalne\Dane aplikacji\MyAshampoo [2012-05-13 08:20:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Ustawienia lokalne\Dane aplikacji\Temp [2012-05-13 08:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\MyAshampoo [2012-05-13 08:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Ustawienia lokalne\Dane aplikacji\ashampoo [2012-05-13 08:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\ashampoo [2012-05-13 07:36:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\PowerISO [2012-05-12 15:40:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012-05-12 15:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Mozilla [2012-05-12 15:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012-05-12 15:34:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\ImgBurn [2012-05-12 15:31:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\PowerISO [2012-05-12 15:30:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Common Files [2012-05-08 17:45:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Ustawienia lokalne\Dane aplikacji\MotionDSP [2012-05-08 17:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\MotionDSP [2012-05-07 15:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data [2012-05-07 15:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Codemasters [2012-05-06 18:51:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\Hi-Rez Studios [2012-05-06 10:54:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\MATS [2012-05-06 10:54:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Fix it Center [2012-05-06 10:53:31 | 000,014,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll [2012-05-06 10:53:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell [2012-05-05 21:20:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Picasa 3 [2012-05-05 19:27:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Ustawienia lokalne\Dane aplikacji\cFos [2012-05-05 19:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\cFos [2012-05-03 00:16:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Moje dokumenty\FIFA 08 [2012-05-02 02:46:28 | 004,472,832 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr [2012-05-01 07:26:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Moje dokumenty\KONAMI [2012-05-01 07:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\KONAMI [2012-05-01 07:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\KONAMI [2012-05-01 07:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\KONAMI [2012-05-01 06:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\UltraISO [2012-05-01 06:59:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EZB Systems [2012-05-01 06:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\UltraISO [2012-04-29 16:29:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Menu Start\Programy\Counter-Strike 1.6 [2012-04-24 19:56:08 | 000,000,000 | R--D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\Nowe [2012-04-19 19:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\TS3Client [2012-04-19 19:54:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\TeamSpeak 3 Client [2012-04-19 19:54:39 | 000,000,000 | ---D | C] -- C:\Program Files\TeamSpeak 3 Client [2012-04-19 19:20:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\Avnex [2012-04-19 19:19:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Application Data [2012-04-19 19:19:11 | 000,017,792 | ---- | C] (Avnex) -- C:\WINDOWS\System32\drivers\vcsvad.sys [2012-04-19 05:57:38 | 000,113,072 | ---- | C] (Power Software Ltd) -- C:\WINDOWS\System32\drivers\scdemu.sys [2012-04-14 22:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012-04-14 22:25:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Start\Programy\Skype [2012-04-09 21:17:02 | 000,032,874 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\V0260Cfg.exe [2012-04-09 21:17:02 | 000,020,564 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0260Srv.exe [2012-04-09 21:17:02 | 000,020,480 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0260Ext.crl [2012-04-09 21:17:01 | 000,178,913 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\V0260Vid.sys [2012-04-09 21:17:01 | 000,094,208 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0260Ext.ax [2012-04-09 21:17:01 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0260Pin.dll [2012-04-09 21:17:01 | 000,036,864 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CtCamMgr.dll [2012-04-09 21:17:01 | 000,028,672 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\V0260Hwx.dll [2012-04-09 21:17:01 | 000,024,872 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\V0260Cmd.sys [2012-04-09 21:17:01 | 000,024,576 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\CtCamPin.crl [2012-04-09 21:17:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\CtDrvInstall [2012-04-04 19:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\ExpressFiles [2012-04-04 19:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DZIECIAKI_PSUJE\Ustawienia lokalne\Dane aplikacji\Akamai [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files - Modified Within 60 Days ==========[/color] [2012-06-01 14:07:55 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe [2012-06-01 11:29:55 | 000,139,448 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2012-06-01 11:29:47 | 000,282,472 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr [2012-06-01 11:20:17 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\Skype.lnk [2012-06-01 11:11:03 | 000,527,712 | ---- | M] () -- C:\WINDOWS\System32\perfh015.dat [2012-06-01 11:11:03 | 000,465,916 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012-06-01 11:11:03 | 000,102,268 | ---- | M] () -- C:\WINDOWS\System32\perfc015.dat [2012-06-01 11:11:03 | 000,080,748 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012-06-01 11:06:49 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\Express Files Updater.job [2012-06-01 11:06:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012-06-01 11:06:39 | 3757,232,128 | -HS- | M] () -- C:\hiberfil.sys [2012-05-31 20:26:16 | 000,282,296 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0 [2012-05-31 17:13:07 | 000,298,048 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012-05-31 17:01:55 | 000,000,808 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk [2012-05-31 15:14:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012-05-31 15:03:01 | 000,072,748 | ---- | M] (Jordan Russell) -- C:\WINDOWS\unins000.exe [2012-05-31 15:03:01 | 000,000,668 | ---- | M] () -- C:\WINDOWS\unins000.dat [2012-05-30 14:47:13 | 000,002,657 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [2012-05-28 17:44:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Moje dokumenty\ts3_clientui-win32-1329301801-2012-05-28 17_44_30.109375.dmp [2012-05-24 18:15:23 | 000,286,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012-05-24 18:15:23 | 000,286,180 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012-05-24 18:15:23 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin [2012-05-21 16:53:21 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012-05-18 17:13:06 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI [2012-05-18 17:13:04 | 000,591,938 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Moje dokumenty\qt_temp.Vf3828.png [2012-05-18 17:10:02 | 001,042,533 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Moje dokumenty\qt_temp.GY3828.png [2012-05-13 21:26:46 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2012-05-13 21:26:44 | 000,000,355 | RHS- | M] () -- C:\boot.ini [2012-05-13 13:54:05 | 000,399,616 | RHS- | M] () -- C:\HVNTU [2012-05-12 16:06:23 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012-05-12 15:40:39 | 000,000,736 | ---- | M] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-05-08 17:45:53 | 000,001,751 | -H-- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\vReveal.settings.xml [2012-05-02 02:46:28 | 004,472,832 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr [2012-04-19 05:57:38 | 000,113,072 | ---- | M] (Power Software Ltd) -- C:\WINDOWS\System32\drivers\scdemu.sys [2012-04-10 20:17:43 | 000,000,590 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\Opera.lnk [2012-04-04 23:31:44 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\PnkBstrK.sys [2012-04-04 23:31:17 | 002,434,856 | ---- | M] () -- C:\WINDOWS\System32\pbsvc_bc2.exe [2012-04-04 23:09:58 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK [2012-04-04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012-06-01 14:07:55 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe [2012-05-31 17:01:55 | 000,000,808 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Malwarebytes Anti-Malware.lnk [2012-05-31 15:03:01 | 000,000,668 | ---- | C] () -- C:\WINDOWS\unins000.dat [2012-05-29 17:18:17 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Adobe Reader 9.lnk [2012-05-28 17:44:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Moje dokumenty\ts3_clientui-win32-1329301801-2012-05-28 17_44_30.109375.dmp [2012-05-18 17:12:46 | 000,591,938 | ---- | C] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Moje dokumenty\qt_temp.Vf3828.png [2012-05-18 17:09:40 | 001,042,533 | ---- | C] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Moje dokumenty\qt_temp.GY3828.png [2012-05-13 21:26:46 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK [2012-05-13 21:26:44 | 000,383,786 | RHS- | C] () -- C:\bootmgr [2012-05-13 21:26:44 | 000,000,211 | -H-- | C] () -- C:\Boot.BAK [2012-05-13 13:54:05 | 000,399,616 | RHS- | C] () -- C:\HVNTU [2012-05-12 15:40:39 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Start\Programy\Mozilla Firefox.lnk [2012-05-12 15:40:39 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\All Users\Pulpit\Mozilla Firefox.lnk [2012-05-08 17:45:53 | 000,001,751 | -H-- | C] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\vReveal.settings.xml [2012-04-14 22:25:30 | 000,002,267 | ---- | C] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\Skype.lnk [2012-04-10 20:17:43 | 000,000,590 | ---- | C] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\Opera.lnk [2012-04-09 21:17:02 | 000,004,352 | ---- | C] () -- C:\WINDOWS\VF0260.uns [2012-04-09 21:17:01 | 000,197,522 | ---- | C] () -- C:\WINDOWS\System32\V0260530.set [2012-04-04 19:47:09 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\Express Files Updater.job [2012-04-03 19:37:37 | 002,434,856 | ---- | C] () -- C:\WINDOWS\System32\pbsvc_bc2.exe [2012-03-10 15:41:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2012-03-06 20:59:27 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2012-02-05 20:37:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup.INI [2012-02-03 16:47:50 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Dane aplikacji\PnkBstrK.sys [2012-02-03 16:47:22 | 000,840,264 | ---- | C] () -- C:\WINDOWS\System32\pbsvc.exe [2012-02-02 12:53:10 | 000,000,575 | ---- | C] () -- C:\WINDOWS\eReg.dat [2012-01-02 15:13:01 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\LauncherAccess.dt [2011-12-21 22:37:25 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011-11-07 23:38:25 | 000,795,360 | ---- | C] () -- C:\Documents and Settings\LocalService\Ustawienia lokalne\Dane aplikacji\FontCache3.0.0.0.dat [2011-11-03 17:47:45 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\nvUnsupRes.dat [2011-10-26 19:17:14 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\libFLAC.dll [2011-10-23 21:16:25 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2011-10-23 21:16:23 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\DZIECIAKI_PSUJE\Ustawienia lokalne\Dane aplikacji\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-10-11 14:01:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\iFT33C2.dll [2011-10-11 14:01:13 | 000,026,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\Mac606.sys [2011-10-11 14:01:12 | 000,064,048 | ---- | C] () -- C:\WINDOWS\System32\Hidhlp.dll [2011-10-10 15:01:31 | 000,076,888 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe [2011-10-10 15:01:30 | 000,139,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2011-10-10 15:01:25 | 000,282,472 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe [2011-10-10 02:40:13 | 000,004,293 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011-10-10 02:39:10 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011-10-09 19:38:02 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\Audio3D.dll [2011-10-09 19:38:02 | 000,254,000 | R--- | C] ( ) -- C:\WINDOWS\System32\A3D.dll [2011-10-09 19:17:58 | 000,286,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011-10-09 19:17:58 | 000,286,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011-10-09 19:17:58 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011-10-09 19:17:37 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2011-10-09 19:05:11 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2011-10-09 19:01:33 | 000,217,088 | ---- | C] () -- C:\WINDOWS\NVGfxOgl.dll [2011-10-09 00:50:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2011-10-09 00:45:30 | 000,021,856 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %systemdrive%\*.* >[/color] [2011-10-09 00:48:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2012-04-04 23:09:58 | 000,000,211 | -H-- | M] () -- C:\Boot.BAK [2012-05-13 21:26:44 | 000,000,355 | RHS- | M] () -- C:\boot.ini [2001-07-22 00:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin [2010-11-20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr [2012-05-13 21:26:46 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2011-10-09 00:48:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2012-06-01 11:06:39 | 3757,232,128 | -HS- | M] () -- C:\hiberfil.sys [2012-05-13 13:54:05 | 000,399,616 | RHS- | M] () -- C:\HVNTU [2011-10-09 00:48:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2011-10-09 00:48:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004-08-03 22:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2004-08-03 22:59:54 | 000,250,624 | RHS- | M] () -- C:\ntldr [2012-06-01 11:06:33 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys [2012-05-29 21:40:32 | 000,080,530 | ---- | M] () -- C:\TDSSKiller.2.7.38.0_29.05.2012_21.34.45_log.txt [2012-03-11 00:49:07 | 000,000,295 | ---- | M] () -- C:\user.js [color=#A23BEC]< MD5 for: AGP440.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:agp440.sys [color=#A23BEC]< MD5 for: ATAPI.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys [2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys [2004-08-03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys [color=#A23BEC]< MD5 for: BEEP.SYS >[/color] [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\dllcache\beep.sys [2001-08-17 23:47:36 | 000,004,224 | ---- | M] (Microsoft Corporation) MD5=DA1F27D85E0D1525F6621372E7B685E9 -- C:\WINDOWS\system32\drivers\beep.sys [color=#A23BEC]< MD5 for: CDROM.SYS >[/color] [2004-08-04 00:54:52 | 018,789,127 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys [2011-02-08 03:16:22 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys [2011-02-08 03:16:22 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\drivers\cdrom.sys [2004-08-03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtUninstallKB952011$\cdrom.sys [color=#A23BEC]< MD5 for: EVENTLOG.DLL >[/color] [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\dllcache\eventlog.dll [2004-08-04 00:43:58 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=05684DE2DA55A04C8AAAB5911AFE7643 -- C:\WINDOWS\system32\eventlog.dll [color=#A23BEC]< MD5 for: NDIS.SYS >[/color] [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys [2004-08-03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\dllcache\winlogon.exe [2004-08-04 00:44:30 | 000,504,832 | ---- | M] (Microsoft Corporation) MD5=0344407089B08548D4FEBA62BB0F32D0 -- C:\WINDOWS\system32\winlogon.exe [2012-04-04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 938 bytes -> C:\Documents and Settings\All Users\Dane aplikacji\Temp:24721E3C < End of report >[/spoiler]
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 Prosze mi przedstawic log z Kasperskieo. [code]C:\TDSSKiller.2.7.38.0_29.05.2012_21.34.45_log.txt[/code]
Dzani1125 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 Prosze: 21:34:45.0843 3832 TDSS rootkit removing tool 2.7.38.0 May 25 2012 17:35:31 21:34:45.0968 3832 ============================================================ 21:34:45.0968 3832 Current date / time: 2012/05/29 21:34:45.0968 21:34:45.0968 3832 SystemInfo: 21:34:45.0968 3832 21:34:45.0968 3832 OS Version: 5.1.2600 ServicePack: 3.0 21:34:45.0968 3832 Product type: Workstation 21:34:45.0968 3832 ComputerName: KUCHARSKI 21:34:45.0968 3832 UserName: DZIECIAKI_PSUJE 21:34:45.0968 3832 Windows directory: C:\WINDOWS 21:34:45.0968 3832 System windows directory: C:\WINDOWS 21:34:45.0968 3832 Processor architecture: Intel x86 21:34:45.0968 3832 Number of processors: 2 21:34:45.0968 3832 Page size: 0x1000 21:34:45.0968 3832 Boot type: Normal boot 21:34:45.0968 3832 ============================================================ 21:34:47.0093 3832 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054 21:34:47.0093 3832 ============================================================ 21:34:47.0093 3832 \Device\Harddisk0\DR0: 21:34:47.0093 3832 MBR partitions: 21:34:47.0093 3832 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x30D409B2 21:34:47.0109 3832 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x30D40A30, BlocksNum 0x439C10D0 21:34:47.0109 3832 ============================================================ 21:34:47.0156 3832 C: <-> \Device\Harddisk0\DR0\Partition0 21:34:47.0265 3832 E: <-> \Device\Harddisk0\DR0\Partition1 21:34:47.0265 3832 ============================================================ 21:34:47.0265 3832 Initialize success 21:34:47.0265 3832 ============================================================ 21:40:06.0125 1316 ============================================================ 21:40:06.0125 1316 Scan started 21:40:06.0125 1316 Mode: Manual; 21:40:06.0125 1316 ============================================================ 21:40:07.0890 1316 Aavmker4 (473f97edc5a5312f3665ab2921196c0c) C:\WINDOWS\system32\drivers\Aavmker4.sys 21:40:07.0890 1316 Aavmker4 - ok 21:40:07.0890 1316 Abiosdsk - ok 21:40:07.0890 1316 abp480n5 - ok 21:40:07.0937 1316 ACPI (a966410ecf83b81f3b0b8e07a71957d4) C:\WINDOWS\system32\DRIVERS\ACPI.sys 21:40:07.0937 1316 ACPI - ok 21:40:07.0984 1316 ACPIEC (66a42b7db194e24b973bbcce840a0f3f) C:\WINDOWS\system32\drivers\ACPIEC.sys 21:40:07.0984 1316 ACPIEC - ok 21:40:07.0984 1316 adpu160m - ok 21:40:08.0031 1316 aec (841f385c6cfaf66b58fbd898722bb4f0) C:\WINDOWS\system32\drivers\aec.sys 21:40:08.0031 1316 aec - ok 21:40:08.0078 1316 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys 21:40:08.0078 1316 AFD - ok 21:40:08.0078 1316 Aha154x - ok 21:40:08.0093 1316 aic78u2 - ok 21:40:08.0093 1316 aic78xx - ok 21:40:08.0109 1316 Alerter (f79b5c5b0a77a134c5671992335d1409) C:\WINDOWS\system32\alrsvc.dll 21:40:08.0109 1316 Alerter - ok 21:40:08.0125 1316 ALG (9d12991bc6b6c5c0fbab4c06e7073df1) C:\WINDOWS\System32\alg.exe 21:40:08.0125 1316 ALG - ok 21:40:08.0125 1316 AliIde - ok 21:40:08.0140 1316 amsint - ok 21:40:08.0156 1316 AppMgmt (8d60b308d061da209cc271d9b480468c) C:\WINDOWS\System32\appmgmts.dll 21:40:08.0156 1316 AppMgmt - ok 21:40:08.0156 1316 asc - ok 21:40:08.0171 1316 asc3350p - ok 21:40:08.0171 1316 asc3550 - ok 21:40:08.0265 1316 aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 21:40:08.0296 1316 aspnet_state - ok 21:40:08.0312 1316 aswFsBlk (0ae43c6c411254049279c2ee55630f95) C:\WINDOWS\system32\drivers\aswFsBlk.sys 21:40:08.0312 1316 aswFsBlk - ok 21:40:08.0359 1316 aswMon2 (8c30b7ddd2f1d8d138ebe40345af2b11) C:\WINDOWS\system32\drivers\aswMon2.sys 21:40:08.0359 1316 aswMon2 - ok 21:40:08.0359 1316 aswRdr (da12626fd9a67f4e917e2f2fbe1e1764) C:\WINDOWS\system32\drivers\aswRdr.sys 21:40:08.0359 1316 aswRdr - ok 21:40:08.0390 1316 aswSnx (dcb199b967375753b5019ec15f008f53) C:\WINDOWS\system32\drivers\aswSnx.sys 21:40:08.0390 1316 aswSnx - ok 21:40:08.0421 1316 aswSP (b32873e5a1443c0a1e322266e203bf10) C:\WINDOWS\system32\drivers\aswSP.sys 21:40:08.0421 1316 aswSP - ok 21:40:08.0421 1316 aswTdi (6ff544175a9180c5d88534d3d9c9a9f7) C:\WINDOWS\system32\drivers\aswTdi.sys 21:40:08.0421 1316 aswTdi - ok 21:40:08.0437 1316 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 21:40:08.0437 1316 AsyncMac - ok 21:40:08.0453 1316 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 21:40:08.0453 1316 atapi - ok 21:40:08.0453 1316 Atdisk - ok 21:40:08.0453 1316 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 21:40:08.0453 1316 Atmarpc - ok 21:40:08.0468 1316 AudioSrv (18bff5eba35f2562c5aa03eb9c6ba29e) C:\WINDOWS\System32\audiosrv.dll 21:40:08.0468 1316 AudioSrv - ok 21:40:08.0500 1316 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 21:40:08.0515 1316 audstub - ok 21:40:08.0671 1316 avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe 21:40:08.0671 1316 avast! Antivirus - ok 21:40:08.0703 1316 b57w2k (76fae47e2e2897159f0df06679673d3c) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 21:40:08.0718 1316 b57w2k - ok 21:40:08.0765 1316 BCUService (2025c7707d8b298e0b3fd4767db72bf1) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe 21:40:08.0765 1316 BCUService - ok 21:40:08.0796 1316 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 21:40:08.0796 1316 Beep - ok 21:40:08.0843 1316 BITS (a6bfd910074b02c8794fc65f39cc6b28) C:\WINDOWS\system32\qmgr.dll 21:40:08.0953 1316 BITS - ok 21:40:08.0984 1316 Browser (210830d2497fef78694076179af8c795) C:\WINDOWS\System32\browser.dll 21:40:08.0984 1316 Browser - ok 21:40:09.0015 1316 Cardex (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPANEL.SYS 21:40:09.0015 1316 Cardex - ok 21:40:09.0031 1316 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 21:40:09.0031 1316 cbidf2k - ok 21:40:09.0046 1316 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 21:40:09.0046 1316 CCDECODE - ok 21:40:09.0046 1316 cd20xrnt - ok 21:40:09.0062 1316 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 21:40:09.0062 1316 Cdaudio - ok 21:40:09.0078 1316 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 21:40:09.0078 1316 Cdfs - ok 21:40:09.0109 1316 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys 21:40:09.0109 1316 Cdrom - ok 21:40:09.0109 1316 Changer - ok 21:40:09.0125 1316 CiSvc (b4e0a9b9064aa79ae188c0d953543520) C:\WINDOWS\system32\cisvc.exe 21:40:09.0140 1316 CiSvc - ok 21:40:09.0156 1316 ClipSrv (1b11121083c32ea9a55abe547a23ff71) C:\WINDOWS\system32\clipsrv.exe 21:40:09.0156 1316 ClipSrv - ok 21:40:09.0250 1316 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:40:09.0265 1316 clr_optimization_v2.0.50727_32 - ok 21:40:09.0265 1316 CmdIde - ok 21:40:09.0265 1316 COMSysApp - ok 21:40:09.0265 1316 Cpqarray - ok 21:40:09.0296 1316 CryptSvc (91723cd7c96c5854149f9cae820a90dd) C:\WINDOWS\System32\cryptsvc.dll 21:40:09.0296 1316 CryptSvc - ok 21:40:09.0312 1316 dac2w2k - ok 21:40:09.0312 1316 dac960nt - ok 21:40:09.0359 1316 DcomLaunch (a37311d9d628c1042a2836731787f0f3) C:\WINDOWS\system32\rpcss.dll 21:40:09.0359 1316 DcomLaunch - ok 21:40:09.0375 1316 Dhcp (94b49f2d487a7d4a79b3e96b6d5685b0) C:\WINDOWS\System32\dhcpcsvc.dll 21:40:09.0375 1316 Dhcp - ok 21:40:09.0390 1316 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 21:40:09.0390 1316 Disk - ok 21:40:09.0390 1316 dmadmin - ok 21:40:09.0421 1316 dmboot (3b809ffad55dcebdb156d5ca1bd3da65) C:\WINDOWS\system32\drivers\dmboot.sys 21:40:09.0437 1316 dmboot - ok 21:40:09.0437 1316 dmio (27725b6501201c3080ba73048bce389a) C:\WINDOWS\system32\drivers\dmio.sys 21:40:09.0437 1316 dmio - ok 21:40:09.0453 1316 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 21:40:09.0468 1316 dmload - ok 21:40:09.0468 1316 dmserver (4adbb7593ec0115f7622c335b427c3da) C:\WINDOWS\System32\dmserver.dll 21:40:09.0468 1316 dmserver - ok 21:40:09.0515 1316 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 21:40:09.0515 1316 DMusic - ok 21:40:09.0531 1316 Dnscache (082be13166a3354f25f78e0b2601012b) C:\WINDOWS\System32\dnsrslvr.dll 21:40:09.0546 1316 Dnscache - ok 21:40:09.0546 1316 dpti2o - ok 21:40:09.0546 1316 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 21:40:09.0546 1316 drmkaud - ok 21:40:09.0546 1316 ERSvc (efd32591f9e29c00a5814df3f6d46683) C:\WINDOWS\System32\ersvc.dll 21:40:09.0546 1316 ERSvc - ok 21:40:09.0578 1316 Eventlog (02a467e27af55f7064c5b251e587315f) C:\WINDOWS\system32\services.exe 21:40:09.0578 1316 Eventlog - ok 21:40:09.0609 1316 EventSystem (6aff804839c85859e0247164fbe5f5bb) C:\WINDOWS\system32\es.dll 21:40:09.0609 1316 EventSystem - ok 21:40:09.0625 1316 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 21:40:09.0625 1316 Fastfat - ok 21:40:09.0640 1316 FastUserSwitchingCompatibility (55aae86c7c2cadf6972acd1d76c24a98) C:\WINDOWS\System32\shsvcs.dll 21:40:09.0656 1316 FastUserSwitchingCompatibility - ok 21:40:09.0656 1316 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\drivers\Fdc.sys 21:40:09.0656 1316 Fdc - ok 21:40:09.0671 1316 Fips (c5fb298257c0a6514ea17835e774ea0a) C:\WINDOWS\system32\drivers\Fips.sys 21:40:09.0671 1316 Fips - ok 21:40:09.0671 1316 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\drivers\Flpydisk.sys 21:40:09.0687 1316 Flpydisk - ok 21:40:09.0718 1316 FltMgr (157754f0df355a9e0a6f54721914f9c6) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 21:40:09.0718 1316 FltMgr - ok 21:40:09.0875 1316 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 21:40:09.0875 1316 FontCache3.0.0.0 - ok 21:40:09.0875 1316 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 21:40:09.0875 1316 Fs_Rec - ok 21:40:09.0890 1316 Ftdisk (ed6d921d8ab423138fb35beee6d6a6cb) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 21:40:09.0890 1316 Ftdisk - ok 21:40:09.0906 1316 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys 21:40:09.0906 1316 giveio - ok 21:40:09.0937 1316 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 21:40:09.0937 1316 Gpc - ok 21:40:10.0046 1316 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 21:40:10.0046 1316 gusvc - ok 21:40:10.0062 1316 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 21:40:10.0078 1316 HDAudBus - ok 21:40:10.0109 1316 helpsvc (e1552a082e8c0fbb70b758f170b3aff8) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 21:40:10.0109 1316 helpsvc - ok 21:40:10.0140 1316 HidServ (7d00fec9b6de9776b3d0ead70bd71968) C:\WINDOWS\System32\hidserv.dll 21:40:10.0140 1316 HidServ - ok 21:40:10.0187 1316 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 21:40:10.0187 1316 HidUsb - ok 21:40:10.0218 1316 HMuFtI7S300 (561bd01bd7db4f8db587515af42d0849) C:\WINDOWS\system32\DRIVERS\HMuFtI7S300.sys 21:40:10.0218 1316 HMuFtI7S300 - ok 21:40:10.0234 1316 hpn - ok 21:40:10.0265 1316 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 21:40:10.0265 1316 HTTP - ok 21:40:10.0296 1316 HTTPFilter (2d303caf3c6dcfb246e74550dbed5880) C:\WINDOWS\System32\w3ssl.dll 21:40:10.0312 1316 HTTPFilter - ok 21:40:10.0312 1316 i2omgmt - ok 21:40:10.0312 1316 i2omp - ok 21:40:10.0328 1316 i8042prt (2656fdfe0a7916c3a16f374454c55dd9) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 21:40:10.0328 1316 i8042prt - ok 21:40:10.0390 1316 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 21:40:10.0406 1316 IDriverT - ok 21:40:10.0468 1316 idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:40:10.0484 1316 idsvc - ok 21:40:10.0500 1316 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 21:40:10.0500 1316 Imapi - ok 21:40:10.0531 1316 ImapiService (bc74431e59fb0badf3e9162bd8d37b00) C:\WINDOWS\system32\imapi.exe 21:40:10.0546 1316 ImapiService - ok 21:40:10.0546 1316 ini910u - ok 21:40:10.0562 1316 IntelIde - ok 21:40:10.0593 1316 intelppm (78a353438791c6d04c64013a5abec6bd) C:\WINDOWS\system32\DRIVERS\intelppm.sys 21:40:10.0593 1316 intelppm - ok 21:40:10.0687 1316 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 21:40:10.0687 1316 Ip6Fw - ok 21:40:10.0796 1316 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 21:40:10.0796 1316 IpFilterDriver - ok 21:40:10.0890 1316 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 21:40:10.0890 1316 IpInIp - ok 21:40:10.0906 1316 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys 21:40:10.0906 1316 IpNat - ok 21:40:10.0937 1316 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 21:40:10.0937 1316 IPSec - ok 21:40:11.0000 1316 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 21:40:11.0000 1316 IRENUM - ok 21:40:11.0046 1316 isapnp (01a9e68528f4f34e5702123d27c67bd4) C:\WINDOWS\system32\DRIVERS\isapnp.sys 21:40:11.0046 1316 isapnp - ok 21:40:11.0156 1316 ISODrive (2f03ceb28307983f3b36216d35ffa5aa) C:\Program Files\UltraISO\drivers\ISODrive.sys 21:40:11.0156 1316 ISODrive - ok 21:40:11.0281 1316 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe 21:40:11.0281 1316 JavaQuickStarterService - ok 21:40:11.0312 1316 Kbdclass (cc13db862f929ae33f64c3bedc01cd31) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 21:40:11.0312 1316 Kbdclass - ok 21:40:11.0328 1316 kbdhid (831be9197bdace6bdcac1bfdbe1c380f) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 21:40:11.0328 1316 kbdhid - ok 21:40:11.0359 1316 kmixer (d93cad07c5683db066b0b2d2d3790ead) C:\WINDOWS\system32\drivers\kmixer.sys 21:40:11.0359 1316 kmixer - ok 21:40:11.0390 1316 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 21:40:11.0390 1316 KSecDD - ok 21:40:11.0406 1316 L1c (62f96e23a70ce0197017ffd990513c27) C:\WINDOWS\system32\DRIVERS\l1c51x86.sys 21:40:11.0406 1316 L1c - ok 21:40:11.0468 1316 lanmanserver (061a4bb67c324ac8c176e0d77923b212) C:\WINDOWS\System32\srvsvc.dll 21:40:11.0468 1316 lanmanserver - ok 21:40:11.0500 1316 lanmanworkstation (fa17019da45c5d6464776a639a5a9abb) C:\WINDOWS\System32\wkssvc.dll 21:40:11.0531 1316 lanmanworkstation - ok 21:40:11.0531 1316 lbrtfdc - ok 21:40:11.0562 1316 LmHosts (94136b41f35666254de29006dccc30fc) C:\WINDOWS\System32\lmhsvc.dll 21:40:11.0562 1316 LmHosts - ok 21:40:11.0625 1316 MatSvc (ddf15a42e27e8efe27b18fd403151a86) C:\Program Files\Microsoft Fix it Center\Matsvc.exe 21:40:11.0640 1316 MatSvc - ok 21:40:11.0656 1316 Messenger (1d0ebf9edae8a61cbf56ed1ff8489fac) C:\WINDOWS\System32\msgsvc.dll 21:40:11.0656 1316 Messenger - ok 21:40:11.0671 1316 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 21:40:11.0671 1316 mnmdd - ok 21:40:11.0703 1316 mnmsrvc (db082aafd0859e28744e6629b64e0a91) C:\WINDOWS\system32\mnmsrvc.exe 21:40:11.0703 1316 mnmsrvc - ok 21:40:11.0812 1316 Modem (15f33d12d604d0198ce5561f102cd9c5) C:\WINDOWS\system32\drivers\Modem.sys 21:40:11.0812 1316 Modem - ok 21:40:11.0843 1316 Mouclass (69c12b99ae8b6b99ec314e9b99833728) C:\WINDOWS\system32\DRIVERS\mouclass.sys 21:40:11.0843 1316 Mouclass - ok 21:40:11.0875 1316 mouhid (ecec1e6cd558ab80f944f31326e9d3b5) C:\WINDOWS\system32\DRIVERS\mouhid.sys 21:40:11.0875 1316 mouhid - ok 21:40:11.0906 1316 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 21:40:11.0906 1316 MountMgr - ok 21:40:11.0937 1316 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 21:40:11.0937 1316 MozillaMaintenance - ok 21:40:11.0937 1316 mraid35x - ok 21:40:11.0953 1316 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 21:40:11.0953 1316 MRxDAV - ok 21:40:11.0968 1316 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 21:40:11.0984 1316 MRxSmb - ok 21:40:12.0000 1316 MSDTC (fb68f196b215782333fa1467cbafc8b0) C:\WINDOWS\system32\msdtc.exe 21:40:12.0015 1316 MSDTC - ok 21:40:12.0031 1316 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 21:40:12.0031 1316 Msfs - ok 21:40:12.0031 1316 MSICDSetup - ok 21:40:12.0078 1316 MSILiveVirtualCamera (2f51c135ac2b81f5242c20a47c307cbe) C:\WINDOWS\system32\DRIVERS\MSILiveVirtualCamera.sys 21:40:12.0078 1316 MSILiveVirtualCamera - ok 21:40:12.0093 1316 MSIServer - ok 21:40:12.0125 1316 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 21:40:12.0125 1316 MSKSSRV - ok 21:40:12.0140 1316 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 21:40:12.0140 1316 MSPCLOCK - ok 21:40:12.0187 1316 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 21:40:12.0218 1316 MSPQM - ok 21:40:12.0234 1316 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 21:40:12.0234 1316 mssmbios - ok 21:40:12.0250 1316 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 21:40:12.0250 1316 MSTEE - ok 21:40:12.0265 1316 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 21:40:12.0265 1316 Mup - ok 21:40:12.0281 1316 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 21:40:12.0281 1316 NABTSFEC - ok 21:40:12.0296 1316 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 21:40:12.0296 1316 NDIS - ok 21:40:12.0312 1316 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 21:40:12.0312 1316 NdisIP - ok 21:40:12.0343 1316 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 21:40:12.0343 1316 NdisTapi - ok 21:40:12.0359 1316 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 21:40:12.0359 1316 Ndisuio - ok 21:40:12.0359 1316 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 21:40:12.0359 1316 NdisWan - ok 21:40:12.0390 1316 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 21:40:12.0390 1316 NDProxy - ok 21:40:12.0390 1316 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 21:40:12.0390 1316 NetBIOS - ok 21:40:12.0406 1316 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 21:40:12.0406 1316 NetBT - ok 21:40:12.0453 1316 NetDDE (8de3841527161abdfae5c44ab570f8e1) C:\WINDOWS\system32\netdde.exe 21:40:12.0453 1316 NetDDE - ok 21:40:12.0453 1316 NetDDEdsdm (8de3841527161abdfae5c44ab570f8e1) C:\WINDOWS\system32\netdde.exe 21:40:12.0453 1316 NetDDEdsdm - ok 21:40:12.0468 1316 Netlogon (f485fefc8cc4fd29243d800be5d275d1) C:\WINDOWS\system32\lsass.exe 21:40:12.0468 1316 Netlogon - ok 21:40:12.0484 1316 Netman (3e7b6583269bc118720d0020b03cc71e) C:\WINDOWS\System32\netman.dll 21:40:12.0484 1316 Netman - ok 21:40:12.0656 1316 NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:40:12.0671 1316 NetTcpPortSharing - ok 21:40:12.0687 1316 Nla (9d1f13706fb5f02d0e8795fb2d03971d) C:\WINDOWS\System32\mswsock.dll 21:40:12.0703 1316 Nla - ok 21:40:12.0703 1316 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 21:40:12.0703 1316 Npfs - ok 21:40:12.0765 1316 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys 21:40:12.0781 1316 Ntfs - ok 21:40:12.0781 1316 NtLmSsp (f485fefc8cc4fd29243d800be5d275d1) C:\WINDOWS\system32\lsass.exe 21:40:12.0781 1316 NtLmSsp - ok 21:40:12.0828 1316 NtmsSvc (c8ce1566b0537c3f5f7ae1ca458a6697) C:\WINDOWS\system32\ntmssvc.dll 21:40:12.0828 1316 NtmsSvc - ok 21:40:12.0859 1316 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 21:40:12.0875 1316 Null - ok 21:40:13.0250 1316 nv (4b54dcd6adee535df80f07c59ddd8f14) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 21:40:13.0390 1316 nv - ok 21:40:14.0890 1316 NVHDA (6a839ac21ecde8945d52007152f2695e) C:\WINDOWS\system32\drivers\nvhda32.sys 21:40:14.0890 1316 NVHDA - ok 21:40:14.0921 1316 NVSvc (0573c75a2895d973ea6ef2495620ba49) C:\WINDOWS\system32\nvsvc32.exe 21:40:14.0937 1316 NVSvc - ok 21:40:15.0187 1316 nvUpdatusService (9c84945feee40ea42d3bca5c22250d47) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 21:40:15.0218 1316 nvUpdatusService - ok 21:40:16.0671 1316 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 21:40:16.0671 1316 NwlnkFlt - ok 21:40:16.0687 1316 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 21:40:16.0687 1316 NwlnkFwd - ok 21:40:16.0843 1316 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:40:16.0843 1316 ose - ok 21:40:17.0046 1316 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 21:40:17.0109 1316 osppsvc - ok 21:40:18.0640 1316 Parport (2ff48d8fdc815a8492fb2bd81e6999c2) C:\WINDOWS\system32\DRIVERS\parport.sys 21:40:18.0640 1316 Parport - ok 21:40:18.0718 1316 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 21:40:18.0718 1316 PartMgr - ok 21:40:18.0750 1316 ParVdm (453ec2c2a20a1382f564541918520eeb) C:\WINDOWS\system32\drivers\ParVdm.sys 21:40:18.0750 1316 ParVdm - ok 21:40:18.0781 1316 PCI (5fd05c92ec56f696eaa50b68cef1b84a) C:\WINDOWS\system32\DRIVERS\pci.sys 21:40:18.0781 1316 PCI - ok 21:40:18.0781 1316 PCIDump - ok 21:40:18.0781 1316 PCIIde (548cf2d6369eae441a4c6baa75bc4f0a) C:\WINDOWS\system32\DRIVERS\pciide.sys 21:40:18.0781 1316 PCIIde - ok 21:40:18.0828 1316 Pcmcia (2849812217ecec059cb45f80eb6e52d4) C:\WINDOWS\system32\drivers\Pcmcia.sys 21:40:18.0828 1316 Pcmcia - ok 21:40:18.0828 1316 PDCOMP - ok 21:40:18.0828 1316 PDFRAME - ok 21:40:18.0828 1316 PDRELI - ok 21:40:18.0828 1316 PDRFRAME - ok 21:40:18.0843 1316 perc2 - ok 21:40:18.0843 1316 perc2hib - ok 21:40:18.0859 1316 PlugPlay (02a467e27af55f7064c5b251e587315f) C:\WINDOWS\system32\services.exe 21:40:18.0859 1316 PlugPlay - ok 21:40:18.0906 1316 PnkBstrA (205e1b699fd3f2f9b036eea2ec30c620) C:\WINDOWS\system32\PnkBstrA.exe 21:40:18.0906 1316 PnkBstrA - ok 21:40:18.0937 1316 PnkBstrB (a0be870ec5c21503e67f8203cdd513ed) C:\WINDOWS\system32\PnkBstrB.exe 21:40:18.0953 1316 PnkBstrB - ok 21:40:18.0968 1316 PnkBstrK (02df407ff9a5c724be0ca0387847f7f1) C:\WINDOWS\system32\drivers\PnkBstrK.sys 21:40:18.0968 1316 PnkBstrK - ok 21:40:18.0968 1316 PolicyAgent (f485fefc8cc4fd29243d800be5d275d1) C:\WINDOWS\system32\lsass.exe 21:40:18.0984 1316 PolicyAgent - ok 21:40:18.0984 1316 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 21:40:19.0000 1316 PptpMiniport - ok 21:40:19.0000 1316 ProtectedStorage (f485fefc8cc4fd29243d800be5d275d1) C:\WINDOWS\system32\lsass.exe 21:40:19.0000 1316 ProtectedStorage - ok 21:40:19.0000 1316 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 21:40:19.0000 1316 PSched - ok 21:40:19.0000 1316 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 21:40:19.0000 1316 Ptilink - ok 21:40:19.0015 1316 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 21:40:19.0031 1316 PxHelp20 - ok 21:40:19.0031 1316 ql1080 - ok 21:40:19.0031 1316 Ql10wnt - ok 21:40:19.0031 1316 ql12160 - ok 21:40:19.0031 1316 ql1240 - ok 21:40:19.0031 1316 ql1280 - ok 21:40:19.0062 1316 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 21:40:19.0062 1316 RasAcd - ok 21:40:19.0078 1316 RasAuto (5ed5af86ee8cc13f6392b37a81af5d5b) C:\WINDOWS\System32\rasauto.dll 21:40:19.0093 1316 RasAuto - ok 21:40:19.0109 1316 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 21:40:19.0109 1316 Rasl2tp - ok 21:40:19.0125 1316 RasMan (ff59ec9427760470de7ffca75738ecb8) C:\WINDOWS\System32\rasmans.dll 21:40:19.0140 1316 RasMan - ok 21:40:19.0140 1316 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 21:40:19.0140 1316 RasPppoe - ok 21:40:19.0140 1316 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 21:40:19.0140 1316 Raspti - ok 21:40:19.0156 1316 Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys 21:40:19.0171 1316 Rdbss - ok 21:40:19.0171 1316 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 21:40:19.0171 1316 RDPCDD - ok 21:40:19.0203 1316 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 21:40:19.0203 1316 rdpdr - ok 21:40:19.0234 1316 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys 21:40:19.0234 1316 RDPWD - ok 21:40:19.0281 1316 RDSessMgr (ee93399bc7cd84624ab7890dd7d8b296) C:\WINDOWS\system32\sessmgr.exe 21:40:19.0281 1316 RDSessMgr - ok 21:40:19.0296 1316 redbook (bddcece9acdad26841c987d10376f6f7) C:\WINDOWS\system32\DRIVERS\redbook.sys 21:40:19.0296 1316 redbook - ok 21:40:19.0328 1316 RemoteAccess (6a9cb0c18b634b187b8b5a32b0fc2773) C:\WINDOWS\System32\mprdim.dll 21:40:19.0328 1316 RemoteAccess - ok 21:40:19.0390 1316 RemoteRegistry (a19bfed61736127db5b8b815afb35190) C:\WINDOWS\system32\regsvc.dll 21:40:19.0406 1316 RemoteRegistry - ok 21:40:19.0421 1316 RpcLocator (6be739f700580f23740efa1d1b57c0a5) C:\WINDOWS\system32\locator.exe 21:40:19.0421 1316 RpcLocator - ok 21:40:19.0484 1316 RpcSs (a37311d9d628c1042a2836731787f0f3) C:\WINDOWS\system32\rpcss.dll 21:40:19.0484 1316 RpcSs - ok 21:40:19.0515 1316 RSVP (9acee3313020a01235336c2a483afd1a) C:\WINDOWS\system32\rsvp.exe 21:40:19.0531 1316 RSVP - ok 21:40:19.0531 1316 SamSs (f485fefc8cc4fd29243d800be5d275d1) C:\WINDOWS\system32\lsass.exe 21:40:19.0531 1316 SamSs - ok 21:40:19.0546 1316 SCardSvr (8df7262f72c3ab75486d21ba78b9f749) C:\WINDOWS\System32\SCardSvr.exe 21:40:19.0562 1316 SCardSvr - ok 21:40:19.0593 1316 SCDEmu (bb68443901ff680c799e8f4a464ece39) C:\WINDOWS\system32\drivers\SCDEmu.sys 21:40:19.0593 1316 SCDEmu - ok 21:40:19.0609 1316 Schedule (e5f1c9ead4c6617acd40ca90882cc7d4) C:\WINDOWS\system32\schedsvc.dll 21:40:19.0609 1316 Schedule - ok 21:40:19.0640 1316 Secdrv (d26e26ea516450af9d072635c60387f4) C:\WINDOWS\system32\DRIVERS\secdrv.sys 21:40:19.0640 1316 Secdrv - ok 21:40:19.0687 1316 seclogon (60255ac385a08aaf4897ab4a42483500) C:\WINDOWS\System32\seclogon.dll 21:40:19.0703 1316 seclogon - ok 21:40:19.0703 1316 SENS (1398df553e701c7948188a7d4e347a18) C:\WINDOWS\system32\sens.dll 21:40:19.0703 1316 SENS - ok 21:40:19.0718 1316 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 21:40:19.0718 1316 serenum - ok 21:40:19.0718 1316 Serial (859bc6f8c3d58cfda9181e9926c7ddb9) C:\WINDOWS\system32\DRIVERS\serial.sys 21:40:19.0718 1316 Serial - ok 21:40:19.0734 1316 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 21:40:19.0734 1316 Sfloppy - ok 21:40:19.0765 1316 SharedAccess (ddc87adf808d192a5212cc8a1e7f8e87) C:\WINDOWS\System32\ipnathlp.dll 21:40:19.0781 1316 SharedAccess - ok 21:40:19.0796 1316 ShellHWDetection (55aae86c7c2cadf6972acd1d76c24a98) C:\WINDOWS\System32\shsvcs.dll 21:40:19.0796 1316 ShellHWDetection - ok 21:40:19.0796 1316 Simbad - ok 21:40:19.0937 1316 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe 21:40:19.0937 1316 SkypeUpdate - ok 21:40:19.0953 1316 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 21:40:19.0953 1316 SLIP - ok 21:40:19.0953 1316 Sparrow - ok 21:40:20.0000 1316 speedfan (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys 21:40:20.0015 1316 speedfan - ok 21:40:20.0031 1316 splitter (8e186b8f23295d1e42c573b82b80d548) C:\WINDOWS\system32\drivers\splitter.sys 21:40:20.0031 1316 splitter - ok 21:40:20.0062 1316 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe 21:40:20.0062 1316 Spooler - ok 21:40:20.0093 1316 sptd (0022cfff1a41e5ce3a764050a7ddf22a) C:\WINDOWS\System32\Drivers\sptd.sys 21:40:20.0109 1316 sptd - ok 21:40:20.0109 1316 sr (6145ca23bccda679a772ec0af42d6eb5) C:\WINDOWS\system32\DRIVERS\sr.sys 21:40:20.0125 1316 sr - ok 21:40:20.0125 1316 srservice (f309d9894fca821e3c2f557a8032d47a) C:\WINDOWS\system32\srsvc.dll 21:40:20.0140 1316 srservice - ok 21:40:20.0156 1316 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 21:40:20.0156 1316 Srv - ok 21:40:20.0203 1316 SSDPSRV (bb754c4be0b18f0faf01a7ebde7025c4) C:\WINDOWS\System32\ssdpsrv.dll 21:40:20.0218 1316 SSDPSRV - ok 21:40:20.0234 1316 ss_bus (5a1d0ca8a5f1e7b4ec50b9d76c001f0e) C:\WINDOWS\system32\DRIVERS\ss_bus.sys 21:40:20.0234 1316 ss_bus - ok 21:40:20.0234 1316 ss_mdfl (f0a85580e36a3a85059037d39a9cf079) C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys 21:40:20.0234 1316 ss_mdfl - ok 21:40:20.0265 1316 ss_mdm (84c3dbfd1bfa4adc0a950b3d5506cb00) C:\WINDOWS\system32\DRIVERS\ss_mdm.sys 21:40:20.0265 1316 ss_mdm - ok 21:40:20.0281 1316 StarOpen (306521935042fc0a6988d528643619b3) C:\WINDOWS\system32\drivers\StarOpen.sys 21:40:20.0281 1316 StarOpen - ok 21:40:20.0343 1316 StarWindServiceAE (e5c796b621f6fba8616511063d7f0ffe) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe 21:40:20.0343 1316 StarWindServiceAE - ok 21:40:20.0390 1316 stisvc (c6718154a50fe6c55e382cdbdedce7a7) C:\WINDOWS\system32\wiaservc.dll 21:40:20.0406 1316 stisvc - ok 21:40:20.0421 1316 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 21:40:20.0421 1316 streamip - ok 21:40:20.0437 1316 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 21:40:20.0437 1316 swenum - ok 21:40:20.0468 1316 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 21:40:20.0468 1316 swmidi - ok 21:40:20.0484 1316 SwPrv - ok 21:40:20.0484 1316 symc810 - ok 21:40:20.0484 1316 symc8xx - ok 21:40:20.0484 1316 sym_hi - ok 21:40:20.0484 1316 sym_u3 - ok 21:40:20.0500 1316 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 21:40:20.0500 1316 sysaudio - ok 21:40:20.0531 1316 SysmonLog (5893b3b5b966233cae426b2fedc34ddf) C:\WINDOWS\system32\smlogsvc.exe 21:40:20.0546 1316 SysmonLog - ok 21:40:20.0593 1316 TapiSrv (0a695b77564d8e9333e846b526f95ab2) C:\WINDOWS\System32\tapisrv.dll 21:40:20.0593 1316 TapiSrv - ok 21:40:20.0609 1316 TBPanel (04e1c782cf14b7282ebc633b0fd3ed16) C:\WINDOWS\system32\drivers\TBPanel.sys 21:40:20.0609 1316 TBPanel - ok 21:40:20.0671 1316 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 21:40:20.0671 1316 Tcpip - ok 21:40:20.0703 1316 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 21:40:20.0703 1316 TDPIPE - ok 21:40:20.0703 1316 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 21:40:20.0718 1316 TDTCP - ok 21:40:20.0718 1316 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 21:40:20.0718 1316 TermDD - ok 21:40:20.0750 1316 TermService (2c28157229925280916b3041ccc5fe4b) C:\WINDOWS\System32\termsrv.dll 21:40:20.0750 1316 TermService - ok 21:40:20.0796 1316 Themes (55aae86c7c2cadf6972acd1d76c24a98) C:\WINDOWS\System32\shsvcs.dll 21:40:20.0796 1316 Themes - ok 21:40:20.0843 1316 TlntSvr (cac717418ccdf09110f406108017bfa6) C:\WINDOWS\system32\tlntsvr.exe 21:40:20.0843 1316 TlntSvr - ok 21:40:20.0843 1316 TosIde - ok 21:40:20.0875 1316 TrkWks (facbc230aa93401d2fe88976e7cb7369) C:\WINDOWS\system32\trkwks.dll 21:40:20.0875 1316 TrkWks - ok 21:40:20.0906 1316 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 21:40:20.0906 1316 Udfs - ok 21:40:20.0906 1316 ultra - ok 21:40:21.0031 1316 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) C:\Program Files\Unlocker\UnlockerDriver5.sys 21:40:21.0046 1316 UnlockerDriver5 - ok 21:40:21.0062 1316 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys 21:40:21.0062 1316 Update - ok 21:40:21.0093 1316 upnphost (387d2a06c8e7cccea8e9a350c8fe6781) C:\WINDOWS\System32\upnphost.dll 21:40:21.0093 1316 upnphost - ok 21:40:21.0125 1316 UPS (576a2c38cf3904f2ca1107f922288435) C:\WINDOWS\System32\ups.exe 21:40:21.0125 1316 UPS - ok 21:40:21.0140 1316 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 21:40:21.0140 1316 usbccgp - ok 21:40:21.0171 1316 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 21:40:21.0187 1316 usbehci - ok 21:40:21.0187 1316 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 21:40:21.0187 1316 usbhub - ok 21:40:21.0218 1316 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 21:40:21.0218 1316 usbscan - ok 21:40:21.0265 1316 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 21:40:21.0265 1316 USBSTOR - ok 21:40:21.0281 1316 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 21:40:21.0281 1316 usbuhci - ok 21:40:21.0312 1316 V0260VID (c90055bd2bb41443462ea715e0876b8d) C:\WINDOWS\system32\DRIVERS\V0260Vid.sys 21:40:21.0312 1316 V0260VID - ok 21:40:21.0328 1316 VCSVADHWSer (b2abab4ca46bad182e27763dc19c780f) C:\WINDOWS\system32\DRIVERS\vcsvad.sys 21:40:21.0328 1316 VCSVADHWSer - ok 21:40:21.0328 1316 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 21:40:21.0328 1316 VgaSave - ok 21:40:21.0437 1316 VIAHdAudAddService (3082f6f16f90ebcc85bf2a3d9880f3c5) C:\WINDOWS\system32\drivers\viahduaa.sys 21:40:21.0468 1316 VIAHdAudAddService - ok 21:40:22.0906 1316 ViaIde - ok 21:40:22.0937 1316 VolSnap (ecd173739b8ec10a814cc18653df5a36) C:\WINDOWS\system32\drivers\VolSnap.sys 21:40:22.0937 1316 VolSnap - ok 21:40:22.0984 1316 VSS (fec1e19b91972105044960b23c442949) C:\WINDOWS\System32\vssvc.exe 21:40:22.0984 1316 VSS - ok 21:40:23.0031 1316 W32Time (000a0d516a2e20441e77aea44e46b19b) C:\WINDOWS\system32\w32time.dll 21:40:23.0031 1316 W32Time - ok 21:40:23.0078 1316 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 21:40:23.0078 1316 Wanarp - ok 21:40:23.0078 1316 WDICA - ok 21:40:23.0109 1316 wdmaud (2797f33ebf50466020c430ee4f037933) C:\WINDOWS\system32\drivers\wdmaud.sys 21:40:23.0109 1316 wdmaud - ok 21:40:23.0140 1316 WebClient (f796befe565c59a30a4c61b640557276) C:\WINDOWS\System32\webclnt.dll 21:40:23.0156 1316 WebClient - ok 21:40:23.0312 1316 winmgmt (482435b2a2de8e06c83c3b1eb3237c2c) C:\WINDOWS\system32\wbem\WMIsvc.dll 21:40:23.0312 1316 winmgmt - ok 21:40:23.0343 1316 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll 21:40:23.0343 1316 WmdmPmSN - ok 21:40:23.0390 1316 Wmi (afce55c392a9676bd24a287d5ed1c777) C:\WINDOWS\System32\advapi32.dll 21:40:23.0390 1316 Wmi - ok 21:40:23.0437 1316 WmiApSrv (45e43704611d7c2202a180ff87e63550) C:\WINDOWS\system32\wbem\wmiapsrv.exe 21:40:23.0437 1316 WmiApSrv - ok 21:40:23.0468 1316 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys 21:40:23.0468 1316 WpdUsb - ok 21:40:23.0515 1316 wscsvc (390d0951271908c46eecf89893876424) C:\WINDOWS\system32\wscsvc.dll 21:40:23.0531 1316 wscsvc - ok 21:40:23.0562 1316 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 21:40:23.0562 1316 WSTCODEC - ok 21:40:23.0593 1316 wuauserv (40c600488ff127953aa2f1835e5fd433) C:\WINDOWS\system32\wuauserv.dll 21:40:23.0640 1316 wuauserv - ok 21:40:23.0656 1316 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 21:40:23.0656 1316 WudfPf - ok 21:40:23.0671 1316 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 21:40:23.0687 1316 WudfRd - ok 21:40:23.0718 1316 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll 21:40:23.0734 1316 WudfSvc - ok 21:40:23.0781 1316 WZCSVC (98a8014dbe72349f73462262cf493574) C:\WINDOWS\System32\wzcsvc.dll 21:40:23.0796 1316 WZCSVC - ok 21:40:23.0828 1316 xmlprov (e3c9ef5bcc9eb171bd81051cd19bded7) C:\WINDOWS\System32\xmlprov.dll 21:40:23.0875 1316 xmlprov - ok 21:40:23.0890 1316 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 21:40:24.0250 1316 \Device\Harddisk0\DR0 - ok 21:40:24.0250 1316 Boot (0x1200) (c1df6a8a6d95dcf5c97888fe0c99cd1c) \Device\Harddisk0\DR0\Partition0 21:40:24.0250 1316 \Device\Harddisk0\DR0\Partition0 - ok 21:40:24.0265 1316 Boot (0x1200) (c7b43b1765ba91cf6440fd5f5e8e6b62) \Device\Harddisk0\DR0\Partition1 21:40:24.0265 1316 \Device\Harddisk0\DR0\Partition1 - ok 21:40:24.0265 1316 ============================================================ 21:40:24.0265 1316 Scan finished 21:40:24.0265 1316 ============================================================ 21:40:24.0281 2712 Detected object count: 0 21:40:24.0281 2712 Actual detected object count: 0 21:40:32.0140 3604 Deinitialize successAha i przeprowadziłem skan programem Malwarebytes Anti-Malware i znalazł mi "c:\windows\assembly\gac\desktop.ini (Trojan.0access)" usunałem to i przeprowadziłem ponowny pełny skan całego systemu avastem i nie znalazł żadnego zagrożenia i jeszcze jedno ten log z GMERA trwa dosyć długo już czekam około 1:30 godz
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 [quote]Aha i przeprowadziłem skan programem Malwarebytes Anti-Malware i znalazł mi "c:\windows\assembly\gac\desktop.ini (Trojan.0access)" usunałem to i przeprowadziłem ponowny pełny skan całego systemu avastem i nie znalazł żadnego zagrożenia i jeszcze jedno ten log z GMERA trwa dosyć długo już czekam około 1:30 godz [/quote] Miałeś zrobić log z Gmera. Widzę że był tu i pewnie jeszce jest rootkit. Czekam na log z Gmera.
Dzani1125 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 Tak tylko ten log który przeprowadzam GMEREM trwa już około 2 godzin bo mam dysk o pojemności 1000GB
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 ale c masz mniejsze. niech robi poczekam. chyba ze sie zawiesi, wtedy daj znac
Dzani1125 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 Ale już zaznaczyłem C i E także ja też moge poczekać jak już skończy to Ci podeśle, a co ci da log z tego Gmera bo ja sie zabardzo na tym nie znam Czekałem jakieś 3 godziny i sie zacieło ale zapisałem masz ten log: ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0xB41BEDF8] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0xB424BA5A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0xB41BF85E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose [0xB41EBD5D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0xB41C42E4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0xB41C4330] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0xB41C4422] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateKey [0xB41EB711] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0xB41C4252] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0xB41C4374] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0xB41C429A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0xB41C43DC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0xB41BEE44] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteKey [0xB41EC423] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteValueKey [0xB41EC6D9] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDuplicateObject [0xB41C19A8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateKey [0xB41EC28E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwEnumerateValueKey [0xB41EC0F9] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0xB424BB34] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0xB41BEAD6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0xB41BEE90] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0xB41C1D1C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0xB41BFB02] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0xB41C430E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0xB41C4352] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0xB41C4446] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey [0xB41EBA6D] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0xB41C4278] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenProcess [0xB41C1518] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0xB41C43AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0xB41C42C2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenThread [0xB41C174C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0xB41C4400] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0xB424BCA0] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey [0xB41EBF74] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0xB41BF9CE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryValueKey [0xB41EBDC6] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xB4255B68] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwRestoreKey [0xB41EAD84] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0xB41BEEDC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0xB41BEF28] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0xB41BEB46] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0xB41BECEA] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetValueKey [0xB41EC52A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0xB41BEC92] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0xB41BED5A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0xB424BD60] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0xB41BEF74] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0xB424BBE0] INT 0x62 ? 8A894CB8 INT 0x63 ? 8A67CCB8 INT 0x82 ? 8A894CB8 INT 0x83 ? 8A67CCB8 INT 0xA4 ? 8A67CCB8 INT 0xB4 ? 8A894CB8 INT 0xB4 ? 8A894CB8 INT 0xB4 ? 8A67CCB8 INT 0xB4 ? 8A894CB8 Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB4261D92] Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwCallbackReturn + 2D68 80504604 4 Bytes [D6, EA, 1B, B4] PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64A8 4 Bytes CALL B41C019F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC556 5 Bytes JMP B425EC8C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ObInsertObject 805C2FDA 5 Bytes JMP B426074C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D117A 7 Bytes JMP B4261D96 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) .sptd1 C:\WINDOWS\system32\drivers\sptd.sys entry point in ".sptd1" section [0xB7F83B2E] .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6C53380, 0x8D6CD5, 0xE8000020] .text USBPORT.SYS!DllUnload B6C0F62C 5 Bytes JMP 8A67C1C8 .text ag8k2j22.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 B6B997C0 48 Bytes [AE, 97, 6E, 25, 78, 8B, DC, ...] INIT ag8k2j22.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 + 8880 B6BA2040 32 Bytes [00, 00, 00, 00, 00, 00, 00, ...] INIT ag8k2j22.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 + 8FF4 B6BA27B4 3 Bytes [00, 00, 00] INIT ag8k2j22.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 + 9011 B6BA27D1 3 Bytes [2B, BA, B6] INIT ag8k2j22.SYS!A0DB34FC6FE35D429A28ADDE5467D4D7 + 9015 B6BA27D5 3 Bytes [2B, BA, B6] INIT ... ? C:\WINDOWS\System32\Drivers\ag8k2j22.SYS suspicious PE modification .text win32k.sys!EngFreeUserMem + 674 BF809992 5 Bytes JMP B41C3180 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFreeUserMem + 35D0 BF80C8EE 5 Bytes JMP B41C307C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSurface + 45 BF813986 5 Bytes JMP B41C3036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11F0 BF81C7C9 5 Bytes JMP B41C2724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngSetLastError + 79A8 BF824339 5 Bytes JMP B41C1F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateBitmap + F9C BF828CA3 5 Bytes JMP B41C32EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316EE 1 Byte [E9] .text win32k.sys!EngUnmapFontFileFD + 2C50 BF8316EE 5 Bytes JMP B41C34F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngUnmapFontFileFD + B68E BF83A12C 5 Bytes JMP B41C2F3C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!FONTOBJ_pxoGetXform + C2CF BF851A23 5 Bytes JMP B41C1E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F17 BF85BF4A 2 Bytes JMP B41C27E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + F1A BF85BF4D 2 Bytes [96, F4] {XCHG ESI, EAX; HLT } .text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E5B4 5 Bytes JMP B41C2384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!XLATEOBJ_iXlate + 360C BF85E63F 5 Bytes JMP B41C2562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 88 BF85F8B2 5 Bytes JMP B41C1E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreatePalette + 5457 BF864C81 5 Bytes JMP B41C30BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetCurrentCodePage + 4128 BF873FD0 5 Bytes JMP B41C251C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGetLastError + 1606 BF891282 5 Bytes JMP B41C27FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngGradientFill + 26EE BF89482D 5 Bytes JMP B41C3232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngStretchBltROP + 583 BF895305 5 Bytes JMP B41C3450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 3857 BF89C6AB 5 Bytes JMP B41C270C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCopyBits + 4DEC BF89DC40 5 Bytes JMP B41C1FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngEraseSurface + A9D8 BF8C21B0 5 Bytes JMP B41C2104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1517 BF8CA612 5 Bytes JMP B41C21AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngFillPath + 1797 BF8CA892 5 Bytes JMP B41C22E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + 3B3E BF8EC2F7 5 Bytes JMP B41C1D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngDeleteSemaphore + CB2F BF8F52E8 5 Bytes JMP B41C273C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 19DF BF913433 5 Bytes JMP B41C1F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 25B3 BF914007 5 Bytes JMP B41C20B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngCreateClip + 4F2C BF916980 5 Bytes JMP B41C267C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .text win32k.sys!EngPlgBlt + 18FC BF9463F2 5 Bytes JMP B41C33A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) .reloc C:\WINDOWS\system32\drivers\PnkBstrK.sys section is executable [0xB0AAF000, 0x18F38, 0xE0000060] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000801F8 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000803FC .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08 .text C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[204] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600 .text C:\WINDOWS\system32\ctfmon.exe[256] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000A01F8 .text C:\WINDOWS\system32\ctfmon.exe[256] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[256] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000A03FC .text C:\WINDOWS\system32\ctfmon.exe[256] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\ctfmon.exe[256] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00371014 .text C:\WINDOWS\system32\ctfmon.exe[256] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00370804 .text C:\WINDOWS\system32\ctfmon.exe[256] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00370A08 .text C:\WINDOWS\system32\ctfmon.exe[256] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00370C0C .text C:\WINDOWS\system32\ctfmon.exe[256] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00370E10 .text C:\WINDOWS\system32\ctfmon.exe[256] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003701F8 .text C:\WINDOWS\system32\ctfmon.exe[256] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003703FC .text C:\WINDOWS\system32\ctfmon.exe[256] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00370600 .text C:\WINDOWS\system32\ctfmon.exe[256] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003801F8 .text C:\WINDOWS\system32\ctfmon.exe[256] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003803FC .text C:\WINDOWS\system32\ctfmon.exe[256] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00380804 .text C:\WINDOWS\system32\ctfmon.exe[256] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00380A08 .text C:\WINDOWS\system32\ctfmon.exe[256] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00380600 .text C:\Program Files\Vtune\TBPanel.exe[356] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Vtune\TBPanel.exe[356] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Vtune\TBPanel.exe[356] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Vtune\TBPanel.exe[356] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Vtune\TBPanel.exe[356] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8 .text C:\Program Files\Vtune\TBPanel.exe[356] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC .text C:\Program Files\Vtune\TBPanel.exe[356] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804 .text C:\Program Files\Vtune\TBPanel.exe[356] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08 .text C:\Program Files\Vtune\TBPanel.exe[356] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600 .text C:\Program Files\Vtune\TBPanel.exe[356] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Vtune\TBPanel.exe[356] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Vtune\TBPanel.exe[356] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Vtune\TBPanel.exe[356] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Vtune\TBPanel.exe[356] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Vtune\TBPanel.exe[356] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Vtune\TBPanel.exe[356] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Vtune\TBPanel.exe[356] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe[364] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\rundll32.exe[400] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\rundll32.exe[400] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[400] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\rundll32.exe[400] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\rundll32.exe[400] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\rundll32.exe[400] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\rundll32.exe[400] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\rundll32.exe[400] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\rundll32.exe[400] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\rundll32.exe[400] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\rundll32.exe[400] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\rundll32.exe[400] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\rundll32.exe[400] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\rundll32.exe[400] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\rundll32.exe[400] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\rundll32.exe[400] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\rundll32.exe[400] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\smss.exe[848] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\csrss.exe[896] KERNEL32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[924] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000701F8 .text C:\WINDOWS\system32\winlogon.exe[924] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[924] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000703FC .text C:\WINDOWS\system32\winlogon.exe[924] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\winlogon.exe[924] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\winlogon.exe[924] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\winlogon.exe[924] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\winlogon.exe[924] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\winlogon.exe[924] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\winlogon.exe[924] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\services.exe[968] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\services.exe[968] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\services.exe[968] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\services.exe[968] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\services.exe[968] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\services.exe[968] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\services.exe[968] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\services.exe[968] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\services.exe[968] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\services.exe[968] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\lsass.exe[980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\lsass.exe[980] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\lsass.exe[980] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\lsass.exe[980] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\lsass.exe[980] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\lsass.exe[980] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\lsass.exe[980] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\lsass.exe[980] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\lsass.exe[980] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\Explorer.EXE[984] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\Explorer.EXE[984] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[984] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\Explorer.EXE[984] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\Explorer.EXE[984] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00371014 .text C:\WINDOWS\Explorer.EXE[984] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00370804 .text C:\WINDOWS\Explorer.EXE[984] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00370A08 .text C:\WINDOWS\Explorer.EXE[984] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00370C0C .text C:\WINDOWS\Explorer.EXE[984] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00370E10 .text C:\WINDOWS\Explorer.EXE[984] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003701F8 .text C:\WINDOWS\Explorer.EXE[984] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003703FC .text C:\WINDOWS\Explorer.EXE[984] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00370600 .text C:\WINDOWS\Explorer.EXE[984] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003801F8 .text C:\WINDOWS\Explorer.EXE[984] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003803FC .text C:\WINDOWS\Explorer.EXE[984] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00380804 .text C:\WINDOWS\Explorer.EXE[984] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00380A08 .text C:\WINDOWS\Explorer.EXE[984] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00380600 .text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1148] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1236] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1236] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1236] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1292] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1292] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\svchost.exe[1332] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\WINDOWS\System32\svchost.exe[1332] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1372] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1384] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1424] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1424] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1424] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1424] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\RunDLL32.exe[1492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\RunDLL32.exe[1492] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[1492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\RunDLL32.exe[1492] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\RunDLL32.exe[1492] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\RunDLL32.exe[1492] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\RunDLL32.exe[1492] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\RunDLL32.exe[1492] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\RunDLL32.exe[1492] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\RunDLL32.exe[1492] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\RunDLL32.exe[1492] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\RunDLL32.exe[1492] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\RunDLL32.exe[1492] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\RunDLL32.exe[1492] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\RunDLL32.exe[1492] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\RunDLL32.exe[1492] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\RunDLL32.exe[1492] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8 .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804 .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08 .text C:\PROGRA~1\Icon7\iConfig\capturesound.exe[1504] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1536] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1536] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1536] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003101F8 .text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003103FC .text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00310804 .text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00310A08 .text C:\WINDOWS\system32\svchost.exe[1536] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00310600 .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1600] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\avastUI.exe[1600] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 009B1014 .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 009B0804 .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 009B0A08 .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 009B0C0C .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 009B0E10 .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 009B01F8 .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 009B03FC .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 009B0600 .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 009C01F8 .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 009C03FC .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 009C0804 .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 009C0A08 .text C:\Documents and Settings\DZIECIAKI_PSUJE\Pulpit\uvireufb.exe[1676] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 009C0600 .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1744] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1744] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1744] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\spoolsv.exe[1784] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\spoolsv.exe[1784] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\spoolsv.exe[1784] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\spoolsv.exe[1784] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\spoolsv.exe[1784] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\spoolsv.exe[1784] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\spoolsv.exe[1784] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\spoolsv.exe[1784] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\spoolsv.exe[1784] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\spoolsv.exe[1784] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\spoolsv.exe[1784] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1864] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\svchost.exe[1864] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\svchost.exe[1864] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\svchost.exe[1864] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 002F1014 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 002F0804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 002F0A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 002F0C0C .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 002F0E10 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 002F01F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 002F03FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 002F0600 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003001F8 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003003FC .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 00300804 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 00300A08 .text C:\WINDOWS\system32\wbem\wmiprvse.exe[2316] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 00300600 .text C:\WINDOWS\System32\alg.exe[2716] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000901F8 .text C:\WINDOWS\System32\alg.exe[2716] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2716] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000903FC .text C:\WINDOWS\System32\alg.exe[2716] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\System32\alg.exe[2716] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 002F01F8 .text C:\WINDOWS\System32\alg.exe[2716] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 002F03FC .text C:\WINDOWS\System32\alg.exe[2716] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 002F0804 .text C:\WINDOWS\System32\alg.exe[2716] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 002F0A08 .text C:\WINDOWS\System32\alg.exe[2716] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 002F0600 .text C:\WINDOWS\System32\alg.exe[2716] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 00301014 .text C:\WINDOWS\System32\alg.exe[2716] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 00300804 .text C:\WINDOWS\System32\alg.exe[2716] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 00300A08 .text C:\WINDOWS\System32\alg.exe[2716] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 00300C0C .text C:\WINDOWS\System32\alg.exe[2716] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 00300E10 .text C:\WINDOWS\System32\alg.exe[2716] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003001F8 .text C:\WINDOWS\System32\alg.exe[2716] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003003FC .text C:\WINDOWS\System32\alg.exe[2716] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 00300600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 000501F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 000503FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 01071014 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 01070804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 01070A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 01070C0C .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 01070E10 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 010701F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 010703FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 01070600 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 010801F8 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 010803FC .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 01080804 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 01080A08 .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[2792] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 01080600 .text C:\WINDOWS\system32\nvsvc32.exe[2896] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\WINDOWS\system32\nvsvc32.exe[2896] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[2896] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\WINDOWS\system32\nvsvc32.exe[2896] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\nvsvc32.exe[2896] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\nvsvc32.exe[2896] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\nvsvc32.exe[2896] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\nvsvc32.exe[2896] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\nvsvc32.exe[2896] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\nvsvc32.exe[2896] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\nvsvc32.exe[2896] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\nvsvc32.exe[2896] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\WINDOWS\system32\nvsvc32.exe[2896] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8 .text C:\WINDOWS\system32\nvsvc32.exe[2896] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC .text C:\WINDOWS\system32\nvsvc32.exe[2896] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804 .text C:\WINDOWS\system32\nvsvc32.exe[2896] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08 .text C:\WINDOWS\system32\nvsvc32.exe[2896] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003E01F8 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003E03FC .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003E0804 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003E0A08 .text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[3596] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\PnkBstrA.exe[3732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\PnkBstrA.exe[3732] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[3732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\PnkBstrA.exe[3732] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrA.exe[3732] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\PnkBstrA.exe[3732] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\PnkBstrA.exe[3732] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804 .text C:\WINDOWS\system32\PnkBstrA.exe[3732] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08 .text C:\WINDOWS\system32\PnkBstrA.exe[3732] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600 .text C:\WINDOWS\system32\PnkBstrA.exe[3732] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\PnkBstrA.exe[3732] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\PnkBstrA.exe[3732] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\PnkBstrA.exe[3732] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\PnkBstrA.exe[3732] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\PnkBstrA.exe[3732] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\PnkBstrA.exe[3732] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\PnkBstrA.exe[3732] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 .text C:\Program Files\Opera\opera.exe[3836] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001501F8 .text C:\Program Files\Opera\opera.exe[3836] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\Program Files\Opera\opera.exe[3836] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001503FC .text C:\Program Files\Opera\opera.exe[3836] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\Program Files\Opera\opera.exe[3836] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003D01F8 .text C:\Program Files\Opera\opera.exe[3836] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003D03FC .text C:\Program Files\Opera\opera.exe[3836] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003D0804 .text C:\Program Files\Opera\opera.exe[3836] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003D0A08 .text C:\Program Files\Opera\opera.exe[3836] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003D0600 .text C:\Program Files\Opera\opera.exe[3836] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003E1014 .text C:\Program Files\Opera\opera.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003E0804 .text C:\Program Files\Opera\opera.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003E0A08 .text C:\Program Files\Opera\opera.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003E0C0C .text C:\Program Files\Opera\opera.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003E0E10 .text C:\Program Files\Opera\opera.exe[3836] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003E01F8 .text C:\Program Files\Opera\opera.exe[3836] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003E03FC .text C:\Program Files\Opera\opera.exe[3836] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003E0600 .text C:\WINDOWS\system32\PnkBstrB.exe[3928] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 001401F8 .text C:\WINDOWS\system32\PnkBstrB.exe[3928] ntdll.dll!RtlDosSearchPath_U + 186 7C916865 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrB.exe[3928] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 001403FC .text C:\WINDOWS\system32\PnkBstrB.exe[3928] kernel32.dll!GetBinaryTypeW + 80 7C868D8C 1 Byte [62] .text C:\WINDOWS\system32\PnkBstrB.exe[3928] USER32.dll!SetWinEventHook 77D5E3D3 5 Bytes JMP 003C01F8 .text C:\WINDOWS\system32\PnkBstrB.exe[3928] USER32.dll!UnhookWinEvent 77D5E544 5 Bytes JMP 003C03FC .text C:\WINDOWS\system32\PnkBstrB.exe[3928] USER32.dll!SetWindowsHookExW 77D5E621 5 Bytes JMP 003C0804 .text C:\WINDOWS\system32\PnkBstrB.exe[3928] USER32.dll!UnhookWindowsHookEx 77D5F29F 5 Bytes JMP 003C0A08 .text C:\WINDOWS\system32\PnkBstrB.exe[3928] USER32.dll!SetWindowsHookExA 77D602B2 5 Bytes JMP 003C0600 .text C:\WINDOWS\system32\PnkBstrB.exe[3928] ADVAPI32.dll!SetServiceObjectSecurity 77E26D81 5 Bytes JMP 003D1014 .text C:\WINDOWS\system32\PnkBstrB.exe[3928] ADVAPI32.dll!ChangeServiceConfigA 77E26E69 5 Bytes JMP 003D0804 .text C:\WINDOWS\system32\PnkBstrB.exe[3928] ADVAPI32.dll!ChangeServiceConfigW 77E27001 5 Bytes JMP 003D0A08 .text C:\WINDOWS\system32\PnkBstrB.exe[3928] ADVAPI32.dll!ChangeServiceConfig2A 77E27101 5 Bytes JMP 003D0C0C .text C:\WINDOWS\system32\PnkBstrB.exe[3928] ADVAPI32.dll!ChangeServiceConfig2W 77E27189 5 Bytes JMP 003D0E10 .text C:\WINDOWS\system32\PnkBstrB.exe[3928] ADVAPI32.dll!CreateServiceA 77E27211 5 Bytes JMP 003D01F8 .text C:\WINDOWS\system32\PnkBstrB.exe[3928] ADVAPI32.dll!CreateServiceW 77E273A9 5 Bytes JMP 003D03FC .text C:\WINDOWS\system32\PnkBstrB.exe[3928] ADVAPI32.dll!DeleteService 77E274B1 5 Bytes JMP 003D0600 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_ULONG] [B7E8F232] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!READ_PORT_UCHAR] [B7E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \WINDOWS\system32\DRIVERS\PCIIDEX.SYS[HAL.dll!WRITE_PORT_UCHAR] [B7E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B7E8E730] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B7E8E914] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B7E8E856] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B7E8F0F0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B7E8EF12] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B7EA2EB0] sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WINDOWS\system32\services.exe[968] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00620002 IAT C:\WINDOWS\system32\services.exe[968] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00620000 IAT C:\Program Files\AVAST Software\Avast\avastUI.exe[1600] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1744] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [64C8F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software) ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software) Device \FileSystem\Ntfs \Ntfs 8A8921E8 AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBPDO-0 8A67B1E8 Device \Driver\usbuhci \Device\USBPDO-1 8A67B1E8 Device \Driver\usbuhci \Device\USBPDO-2 8A67B1E8 Device \Driver\usbuhci \Device\USBPDO-3 8A67B1E8 Device \Driver\usbehci \Device\USBPDO-4 8A5B31E8 AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\PCI_PNP2398 \Device\00000049 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\PCI_PNP2398 \Device\00000049 sptd.sys (SCSI Pass Through Direct Host/Duplex Secure Ltd.) Device \Driver\Cdrom \Device\CdRom0 8A5AD1E8 Device \Driver\atapi \Device\Ide\IdePort0 8A8941E8 Device \Driver\atapi \Device\Ide\IdePort1 8A8941E8 Device \Driver\atapi \Device\Ide\IdePort2 8A8941E8 Device \Driver\atapi \Device\Ide\IdePort3 8A8941E8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-10 8A8941E8 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-8 8A8941E8 Device \Driver\Cdrom \Device\CdRom1 8A5AD1E8 Device \Driver\NetBT \Device\NetBt_Wins_Export 89F2E1E8 Device \Driver\NetBT \Device\NetbiosSmb 89F2E1E8 AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\NetBT \Device\NetBT_Tcpip_{AE34ABA8-AC2F-4BFB-8E20-AE3701260DF0} 89F2E1E8 AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software) Device \Driver\usbuhci \Device\USBFDO-0 8A67B1E8 Device \Driver\usbuhci \Device\USBFDO-1 8A67B1E8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 89F2A1E8 Device \Driver\usbuhci \Device\USBFDO-2 8A67B1E8 Device \FileSystem\MRxSmb \Device\LanmanRedirector 89F2A1E8 Device \Driver\usbuhci \Device\USBFDO-3 8A67B1E8 Device \Driver\usbehci \Device\USBFDO-4 8A5B31E8 Device \Driver\ag8k2j22 \Device\Scsi\ag8k2j221Port4Path0Target0Lun0 8A6521E8 Device \Driver\ag8k2j22 \Device\Scsi\ag8k2j221 8A6521E8 Device \FileSystem\Cdfs \Cdfs 8A2A3430 ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0xA7 0x46 0x7D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x12 0xFD 0x39 0x1B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x9D 0x56 0xA6 0x16 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x59 0xAF 0xA7 0x8B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0xA7 0x46 0x7D ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x12 0xFD 0x39 0x1B ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x9D 0x56 0xA6 0x16 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x59 0xAF 0xA7 0x8B ... ---- EOF - GMER 1.0.15 ----Co jeszcze mi poradzisz ?
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 Start > uruchom > wpisz CMD . Enter w oknie konsoli wklej komende [b]netsh winsock reset[/b] klik w Enter > restart 2. Pobierz AdwCleaner i zastosuj opcję [b]Delete[/b] http://general-changelog-team.fr/outils/289-adwcleaner 3. Zrób nowy skan OTL i przedstaw raport. Logi zamieszczaj na http://wklej.to/
Dzani1125 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 (edytowane) [url="http://wklej.to/BB2sR"]Tutaj log z [/url] AdwCleanera [url="http://wklej.to/BB2sR"] http://wklej.to/BB2sR[/url]
Dzani1125 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 A tutaj masz z tego OTL http://wklej.to/3Gfn3Aha i chciałem Ci jeszcze powiedzieć że jak naciskam PPM i mam rozmieść ikony według to mam taką opcje zaznaczoną jak "Pokaż ikony pulpitu" jak to odznacze to znikają wszystkie foldery.
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 Uruchom OTL i w oknie własne opcje skanowania/skrypt wklej: [code]:OTL O2 - BHO: (no name) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files\MyAshampoo\prxtbMyA0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-854245398-73586283-839522115-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre0.dll (Conduit Ltd.) :Commands [emptytemp][/code] Kliknij w [b]Wykonaj skrypt.[/b]
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 Start > uruchom > regedit znajdź klucz [HKEY_CURRENT_USER\Software\Microsoft\Windows\Shell] PPM na wartość [b]Shell > Eksportuj > [/b]zapisz jako [b]Shell.reg[/b] potem PPM na plik Shell.reg > Edytuj przeklej zawartość notatnika do posta
Dzani1125 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 Okey masz tutaj w linku http://wklej.to/0UAEM
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 Utwórz nowe konto z uprawnieniami administratora , zaloguj sie na nie i sprawdaż jak zachowują sie ikony i widok folderów.
Dzani1125 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 Już to zrobiłem i zachowują się normalnie, ale chciałbym bardziej na tym koncie co mam siedzieć a nie na tamtym Już nic więcej nie poradzisz co by tu zrobić ?
Gość komentarz 1 czerwca 2012 komentarz 1 czerwca 2012 (edytowane) [quote]Już nic więcej nie poradzisz co by tu zrobić ?[/quote] Jak sie nazywa nowe konto?
Dzani1125 komentarz 1 czerwca 2012 Autor komentarz 1 czerwca 2012 Nowe konto nazywa sie Dawid a stare Dzani na tym co teraz siedze
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.