kozgi utworzono 31 października 2013 utworzono 31 października 2013 Witam! Mam problemy z wariującym internetem. 1. Po kliknięciu na gotowe zakładki google i facebooka wczytywała się tylko strona z aktualizacją Firefoxa (którego używam), ale z tym poradziłem sobie za pomocę resetu ustawień Firefoxa. 2. Czat na fb rozłącza się po kilku sekundach od wejścia i nie chce się znów połączyć. 3. Youtube też zawodzi, bo co chwile zrywa filmik i jest taki napis, jak się zwykle dzieje gdy wtyczka przestaje działać, czyli śnieżące tło i napis: "Wystąpił błąd, spróbuj ponownie później. 4. Mam wrażenie że internet działa jakoś wolniej. 5. Mocno zastanawia mnie fakt, że także przez telefon nie mogę się łączyć z google i facebookiem- więc może coś jest nie tak z routerem? Więcej usterek na razie nie zauważyłem. Proszę o pomoc.
Natsuki Kuga komentarz 1 listopada 2013 komentarz 1 listopada 2013 Zapoznaj się z tematem: http://www.forumpc.pl/topic/277786-nieingerencyjne-narzędzia-do-tworzenia-logów-systemowych/?p=1683581 i pokaż zestaw logów z OTL i Gmer. Skoro już jesteśmy w tym dziale, to warto zacząć od logów. ;)
kozgi komentarz 2 listopada 2013 Autor komentarz 2 listopada 2013 Log z OTLa: [log]OTL logfile created on: 2013-11-02 22:12:46 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PC\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,25 Gb Total Physical Memory | 1,53 Gb Available Physical Memory | 47,03% Memory free 6,72 Gb Paging File | 4,95 Gb Available in Paging File | 73,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 253,91 Gb Total Space | 42,19 Gb Free Space | 16,62% Space Free | Partition Type: NTFS Drive D: | 211,85 Gb Total Space | 28,61 Gb Free Space | 13,50% Space Free | Partition Type: NTFS Drive F: | 6,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PC-PC | User Name: PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013-10-31 21:32:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe PRC - [2013-10-26 02:53:20 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013-10-22 16:11:05 | 002,864,096 | ---- | M] () -- C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe PRC - [2013-10-11 13:54:33 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe PRC - [2013-01-18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2013-01-18 15:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2013-01-18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-07-06 13:17:02 | 000,207,360 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe PRC - [2012-04-09 16:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012-02-23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe PRC - [2011-11-28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-11-28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-01-08 09:42:54 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2008-01-22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2008-01-21 03:24:43 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2008-01-21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007-06-04 18:02:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0350Mon.exe PRC - [2007-05-15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2013-10-26 02:53:40 | 003,368,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013-10-22 16:11:05 | 002,864,096 | ---- | M] () -- C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe MOD - [2013-10-22 16:09:45 | 002,735,584 | ---- | M] () -- c:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll MOD - [2013-10-11 13:54:33 | 016,233,864 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll MOD - [2012-07-06 13:17:02 | 000,207,360 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe MOD - [2011-06-24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011-06-24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013-10-26 02:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-10-22 16:11:05 | 002,864,096 | ---- | M] () [Auto | Running] -- C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -- (BitGuard) SRV - [2013-10-11 13:54:34 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-02-28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-02-25 23:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013-02-04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2013-01-18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-11-28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2009-01-08 09:42:54 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008-01-22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-05-15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PC\AppData\Local\Temp\naecd.sys -- (naecd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013-02-25 23:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011-12-10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011-11-28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-11-28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-11-28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-11-28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-11-28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011-11-28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011-04-29 00:13:46 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011-04-29 00:13:45 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011-02-12 15:29:51 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010-12-09 14:45:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009-07-31 01:12:56 | 000,282,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET) DRV - [2009-06-29 08:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009-01-08 09:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2008-02-22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008-02-22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008-02-22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2007-06-10 18:01:02 | 000,142,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0350Afx.sys -- (VF0350Afx) DRV - [2007-05-15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007-05-15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007-05-15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007-05-15 15:55:36 | 000,016,304 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2007-05-10 18:02:00 | 000,170,368 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0350Vid.sys -- (VF0350Vid) DRV - [2007-03-05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0350Vfx.sys -- (VF0350Vfx) DRV - [2006-01-12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt73.sys -- (RT73) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=cc50f048-ff71-11e1-aade-002719bb633e IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=cc50f048-ff71-11e1-aade-002719bb633e&q={searchTerms} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol.com/?babsrc=HP_ss&mntrId=8A37002719BB633E&affID=119357&tsp=5022 IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=cc50f048-ff71-11e1-aade-002719bb633e IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes\{0878CF36-4E7F-4672-80B4-359377E08026}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYPL&apn_uid=501E4811-2DD1-4BBE-BE27-4ACA3E0A4F8A&apn_sauid=9B27062B-C444-427B-98F8-5D4FCF8DD848 IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8A37002719BB633E&affID=119357&tsp=5022 IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=cc50f048-ff71-11e1-aade-002719bb633e&q={searchTerms} IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "error" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.pl/" FF - prefs.js..extensions.enabledAddons: IplextoALL%40ALLPlayer.org:0.7.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0 FF - prefs.js..keyword.URL: "error" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\PC\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-04 20:26:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-09-30 21:48:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-11-02 21:14:03 | 000,000,000 | ---D | M] [2011-02-12 10:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions [2013-11-01 00:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\b1q54a23.default-1383250290663\Extensions [2013-09-30 21:48:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013-09-30 21:48:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-09-30 21:48:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013-10-31 20:23:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010-12-09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Browsers Protector] C:\Program Files\Browsers Protector\regmon32.exe () O4 - HKLM..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [Gkdido] C:\Users\PC\AppData\Roaming\Gkdido.exe File not found O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.36.98.49 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2217FEC6-2A61-4667-BD00-37F5F1B5902F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28742AC5-657B-482C-B8EB-EB60219DC815}: DhcpNameServer = 8.8.4.4 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A70C41F-39A9-4EC5-A0EB-F190B043B6FD}: DhcpNameServer = 77.36.98.49 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D967711-FBBF-47AE-94B5-604F765FD428}: DhcpNameServer = 8.8.8.8 8.8.4.4 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll) - c:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2013-10-12 20:40:05 | 000,000,057 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{bacc9213-36a4-11e0-8ae7-002719bb633e}\Shell - "" = AutoRun O33 - MountPoints2\{bacc9213-36a4-11e0-8ae7-002719bb633e}\Shell\AutoRun\command - "" = F:\setup.exe -- [2013-10-12 21:16:40 | 000,454,497 | R--- | M] (EA Games ) O33 - MountPoints2\{f974c649-bfd9-11e2-9d8a-002618467637}\Shell - "" = AutoRun O33 - MountPoints2\{f974c649-bfd9-11e2-9d8a-002618467637}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013-11-02 21:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2013-11-02 21:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013-11-02 21:14:03 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013-11-02 21:13:51 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013-11-02 21:13:51 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013-11-02 21:13:51 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013-11-02 21:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013-10-31 21:32:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe [2013-10-31 21:11:36 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\Stare dane programu Firefox [2013-10-28 08:14:31 | 000,000,000 | ---D | C] -- C:\Users\PC\Podcasts [2013-10-28 08:14:31 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\Media Go [2013-10-28 08:13:31 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Sony [2013-10-28 08:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2013-10-28 08:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2013-10-28 07:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Media Go Install [2013-10-28 07:58:54 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Sony [2013-10-28 00:15:54 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\House.of.Cards.2013.S01E02.PL.BRRip.XviD-DeiX [2013-10-28 00:14:56 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\House Of Cards 2013 S01 BDRip XviD-DEMAND[ettv] [2013-10-27 22:16:57 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard [2013-10-26 11:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14 [2013-10-26 11:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\FIFA 14 [2013-10-25 11:38:28 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\[BEST-TORRENTS.NET] FIFA 14 [2013-10-25 11:33:18 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\Pulpit [2013-10-25 09:42:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2013-10-25 09:42:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2013-10-20 12:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013-10-18 17:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam [2013-10-18 16:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Total War ROME II [2013-10-14 06:29:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013-10-14 06:29:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013-10-14 06:29:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013-10-14 06:29:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013-10-14 06:29:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013-10-14 06:29:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013-10-14 06:29:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013-10-14 06:29:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013-10-11 13:54:31 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2013-10-11 12:32:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013-10-11 12:32:45 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013-10-11 12:32:45 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013-10-11 12:32:45 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013-10-11 12:32:45 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013-10-11 12:32:45 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013-10-11 12:32:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013-10-11 12:32:45 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013-10-11 12:32:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013-10-11 12:32:41 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2013-10-11 12:32:39 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013-10-11 12:32:32 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2013-10-11 12:32:32 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2013-10-11 12:32:23 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013-10-11 12:32:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013-10-11 12:32:20 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys [2013-10-06 10:38:35 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\Witcher 2 [2013-10-06 10:38:35 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\The Witcher 2 [2013-10-05 15:11:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2 Assassins of Kings [2013-10-05 14:55:30 | 000,000,000 | ---D | C] -- C:\Program Files\Black_Box [2013-10-04 17:40:33 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\Assassins.Creed.III-SKIDROW [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013-11-02 22:04:19 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-11-02 21:57:29 | 000,368,554 | ---- | M] () -- C:\Users\PC\Desktop\gmer.zip [2013-11-02 21:52:04 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-11-02 21:13:45 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013-11-02 21:13:44 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013-11-02 21:13:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013-11-02 21:13:44 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013-11-02 21:09:33 | 011,605,566 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-11-02 21:09:33 | 003,998,682 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-11-02 21:09:32 | 004,560,294 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-11-02 21:09:32 | 003,875,484 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-11-02 21:03:13 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-11-02 21:03:01 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013-11-02 21:03:01 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013-11-02 21:02:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-11-02 21:02:55 | 3488,759,808 | -HS- | M] () -- C:\hiberfil.sys [2013-11-02 16:30:26 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite [2013-11-02 11:11:36 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013-11-01 15:33:11 | 000,022,528 | ---- | M] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-10-31 21:32:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe [2013-10-26 11:51:53 | 000,000,902 | ---- | M] () -- C:\Users\Public\Desktop\FIFA 14.lnk [2013-10-23 15:03:49 | 000,200,662 | ---- | M] () -- C:\Users\PC\Desktop\Proces ateński.pdf [2013-10-17 21:38:14 | 000,284,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013-10-11 13:54:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-10-11 13:54:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013-10-11 13:54:31 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2013-10-06 14:51:52 | 035,675,692 | ---- | M] () -- C:\Users\PC\Desktop\Stanisław Waltoś - Proces Karny. Zarys Systemu.pdf [2013-10-04 18:21:54 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013-11-02 21:57:27 | 000,368,554 | ---- | C] () -- C:\Users\PC\Desktop\gmer.zip [2013-11-02 16:30:26 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite [2013-11-02 11:11:36 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013-10-26 11:51:53 | 000,000,902 | ---- | C] () -- C:\Users\Public\Desktop\FIFA 14.lnk [2013-10-25 10:27:32 | 035,675,692 | ---- | C] () -- C:\Users\PC\Desktop\Stanisław Waltoś - Proces Karny. Zarys Systemu.pdf [2013-10-25 10:27:27 | 000,200,662 | ---- | C] () -- C:\Users\PC\Desktop\Proces ateński.pdf [2012-04-18 21:15:42 | 000,060,304 | ---- | C] () -- C:\Users\PC\g2mdlhlpx.exe [2011-03-21 02:55:04 | 000,000,090 | ---- | C] () -- C:\Users\PC\AppData\Local\fusioncache.dat [2011-02-12 10:30:24 | 000,032,594 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011-02-12 10:30:24 | 000,032,594 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011-02-11 17:04:05 | 000,022,528 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-11 17:02:28 | 000,000,680 | ---- | C] () -- C:\Users\PC\AppData\Local\d3d9caps.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2011-07-21 00:14:52 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Ashampoo [2013-10-01 11:40:24 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\BabSolution [2013-10-01 11:40:02 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Babylon [2013-05-28 17:23:48 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\calibre [2011-02-13 14:50:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DAEMON Tools Lite [2011-02-12 15:28:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Gadu-Gadu 10 [2011-04-11 17:51:12 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\IDoser [2012-03-16 14:08:47 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ipla [2011-02-13 15:08:03 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Leadertech [2013-10-01 12:19:49 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\LibreOffice [2013-04-12 13:51:58 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\MetaQuotes [2011-02-14 19:53:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\OpenFM [2011-02-12 11:09:21 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\OpenOffice.org [2011-05-26 16:05:48 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\PunkBuster [2011-02-12 15:59:40 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Samsung [2013-10-28 08:15:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Sony [2012-02-08 22:45:07 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Sports Interactive [2013-10-18 17:07:45 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\The Creative Assembly [2011-04-29 00:22:30 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Ubisoft [2013-10-28 07:45:29 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] < End of report > [/log] GMER:[log]GMER 2.1.19163 - http://www.gmer.net Rootkit scan 2013-11-02 22:44:51 Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3500418AS rev.CC37 465,76GB Running: gmer.exe; Driver: C:\Users\PC\AppData\Local\Temp\pxldapoc.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwAddBootEntry [0x92C67FC4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEvent [0x92C6A456] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateEventPair [0x92C6A4AE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateIoCompletion [0x92C6A5C4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateMutant [0x92C6A3AC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateSection [0x92C6A4FE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateSemaphore [0x92C6A400] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwCreateTimer [0x92C6A572] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwDeleteBootEntry [0x92C67FE8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwLoadDriver [0x92C67DB2] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwModifyBootEntry [0x92C6800C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeKey [0x92C6A9BC] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwNotifyChangeMultipleKeys [0x92C68AA4] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEvent [0x92C6A486] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenEventPair [0x92C6A4D6] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenIoCompletion [0x92C6A5EE] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenMutant [0x92C6A3D8] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenSection [0x92C6A53E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenSemaphore [0x92C6A42E] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwOpenTimer [0x92C6A59C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwQueryObject [0x92C6896A] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootEntryOrder [0x92C68030] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetBootOptions [0x92C68054] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemInformation [0x92C67E0C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSetSystemPowerState [0x92C67F48] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwShutdownSystem [0x92C67F24] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwSystemDebugControl [0x92C67F6C] SSDT \SystemRoot\System32\Drivers\aswSnx.SYS ZwVdmControl [0x92C68078] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetEvent + 10D 82CE8758 4 Bytes [C4, 7F, C6, 92] {LES EDI, [EDI-0x3a]; XCHG EDX, EAX} .text ntkrnlpa.exe!KeSetEvent + 1D1 82CE881C 8 Bytes [56, A4, C6, 92, AE, A4, C6, ...] .text ntkrnlpa.exe!KeSetEvent + 1DD 82CE8828 4 Bytes [C4, A5, C6, 92] .text ntkrnlpa.exe!KeSetEvent + 1F5 82CE8840 4 Bytes [AC, A3, C6, 92] .text ntkrnlpa.exe!KeSetEvent + 215 82CE8860 8 Bytes [FE, A4, C6, 92, 00, A4, C6, ...] .text ... .text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xAF6FB300, 0x3B6D8, 0xE8000020] .text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xAF73E300, 0x1BEE, 0xE8000020] ---- User code sections - GMER 2.1 ---- .text C:\Windows\Explorer.EXE[192] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\Explorer.EXE[192] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\Explorer.EXE[192] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\Explorer.EXE[192] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 003403FC .text C:\Windows\Explorer.EXE[192] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00340600 .text C:\Windows\Explorer.EXE[192] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00341014 .text C:\Windows\Explorer.EXE[192] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00340804 .text C:\Windows\Explorer.EXE[192] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00340A08 .text C:\Windows\Explorer.EXE[192] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00340C0C .text C:\Windows\Explorer.EXE[192] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00340E10 .text C:\Windows\Explorer.EXE[192] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 003401F8 .text C:\Windows\Explorer.EXE[192] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00390600 .text C:\Windows\Explorer.EXE[192] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00390804 .text C:\Windows\Explorer.EXE[192] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00390A08 .text C:\Windows\Explorer.EXE[192] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 003901F8 .text C:\Windows\Explorer.EXE[192] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 003903FC .text C:\Windows\Explorer.EXE[192] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\Browsers Protector\regmon32.exe[268] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 001501F8 .text C:\Program Files\Browsers Protector\regmon32.exe[268] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 001503FC .text C:\Program Files\Browsers Protector\regmon32.exe[268] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\Browsers Protector\regmon32.exe[268] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 001703FC .text C:\Program Files\Browsers Protector\regmon32.exe[268] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00170600 .text C:\Program Files\Browsers Protector\regmon32.exe[268] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00171014 .text C:\Program Files\Browsers Protector\regmon32.exe[268] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00170804 .text C:\Program Files\Browsers Protector\regmon32.exe[268] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00170A08 .text C:\Program Files\Browsers Protector\regmon32.exe[268] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00170C0C .text C:\Program Files\Browsers Protector\regmon32.exe[268] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00170E10 .text C:\Program Files\Browsers Protector\regmon32.exe[268] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 001701F8 .text C:\Program Files\Browsers Protector\regmon32.exe[268] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00180600 .text C:\Program Files\Browsers Protector\regmon32.exe[268] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00180804 .text C:\Program Files\Browsers Protector\regmon32.exe[268] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00180A08 .text C:\Program Files\Browsers Protector\regmon32.exe[268] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 001801F8 .text C:\Program Files\Browsers Protector\regmon32.exe[268] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 001803FC .text C:\Program Files\Browsers Protector\regmon32.exe[268] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\csrss.exe[584] KERNEL32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\wininit.exe[640] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000301F8 .text C:\Windows\system32\wininit.exe[640] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000303FC .text C:\Windows\system32\wininit.exe[640] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\wininit.exe[640] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\wininit.exe[640] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\wininit.exe[640] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\wininit.exe[640] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\wininit.exe[640] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\wininit.exe[640] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00050C0C .text C:\Windows\system32\wininit.exe[640] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\wininit.exe[640] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\wininit.exe[640] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00060600 .text C:\Windows\system32\wininit.exe[640] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00060804 .text C:\Windows\system32\wininit.exe[640] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\wininit.exe[640] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\wininit.exe[640] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000603FC .text C:\Windows\system32\wininit.exe[640] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\csrss.exe[652] KERNEL32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\services.exe[684] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\services.exe[684] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\services.exe[684] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\services.exe[684] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\services.exe[684] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Windows\system32\services.exe[684] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\services.exe[684] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\services.exe[684] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\services.exe[684] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\services.exe[684] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\lsass.exe[700] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsass.exe[700] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsass.exe[700] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Windows\system32\lsass.exe[700] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\lsass.exe[700] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\lsass.exe[700] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\lsass.exe[700] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\lsass.exe[700] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\lsm.exe[712] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\lsm.exe[712] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\lsm.exe[712] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\lsm.exe[712] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\lsm.exe[712] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 001D0600 .text C:\Windows\system32\lsm.exe[712] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 001D0804 .text C:\Windows\system32\lsm.exe[712] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 001D0A08 .text C:\Windows\system32\lsm.exe[712] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 001D01F8 .text C:\Windows\system32\lsm.exe[712] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 001D03FC .text C:\Windows\system32\lsm.exe[712] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\winlogon.exe[756] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000301F8 .text C:\Windows\system32\winlogon.exe[756] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000303FC .text C:\Windows\system32\winlogon.exe[756] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\winlogon.exe[756] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000503FC .text C:\Windows\system32\winlogon.exe[756] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00050600 .text C:\Windows\system32\winlogon.exe[756] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00051014 .text C:\Windows\system32\winlogon.exe[756] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00050804 .text C:\Windows\system32\winlogon.exe[756] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00050A08 .text C:\Windows\system32\winlogon.exe[756] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00050C0C .text C:\Windows\system32\winlogon.exe[756] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00050E10 .text C:\Windows\system32\winlogon.exe[756] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000501F8 .text C:\Windows\system32\winlogon.exe[756] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00060600 .text C:\Windows\system32\winlogon.exe[756] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00060804 .text C:\Windows\system32\winlogon.exe[756] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00060A08 .text C:\Windows\system32\winlogon.exe[756] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000601F8 .text C:\Windows\system32\winlogon.exe[756] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000603FC .text C:\Windows\system32\winlogon.exe[756] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\svchost.exe[896] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[896] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[896] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[896] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[896] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 006E0600 .text C:\Windows\system32\svchost.exe[896] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 006E0804 .text C:\Windows\system32\svchost.exe[896] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 006E0A08 .text C:\Windows\system32\svchost.exe[896] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 006E01F8 .text C:\Windows\system32\svchost.exe[896] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 006E03FC .text C:\Windows\system32\svchost.exe[896] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\nvvsvc.exe[952] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000401F8 .text C:\Windows\system32\nvvsvc.exe[952] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000403FC .text C:\Windows\system32\nvvsvc.exe[952] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[952] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000603FC .text C:\Windows\system32\nvvsvc.exe[952] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00060600 .text C:\Windows\system32\nvvsvc.exe[952] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00061014 .text C:\Windows\system32\nvvsvc.exe[952] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00060804 .text C:\Windows\system32\nvvsvc.exe[952] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00060A08 .text C:\Windows\system32\nvvsvc.exe[952] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00060C0C .text C:\Windows\system32\nvvsvc.exe[952] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00060E10 .text C:\Windows\system32\nvvsvc.exe[952] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000601F8 .text C:\Windows\system32\nvvsvc.exe[952] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00070600 .text C:\Windows\system32\nvvsvc.exe[952] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00070804 .text C:\Windows\system32\nvvsvc.exe[952] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\nvvsvc.exe[952] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\nvvsvc.exe[952] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000703FC .text C:\Windows\system32\nvvsvc.exe[952] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 001401F8 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 001403FC .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 001603FC .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00160600 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00161014 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00160804 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00160A08 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00160C0C .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00160E10 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 001601F8 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00170600 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00170804 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00170A08 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 001701F8 .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 001703FC .text C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe[964] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1004] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1004] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1004] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00320600 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00320804 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00320A08 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 003201F8 .text C:\Windows\system32\svchost.exe[1004] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 003203FC .text C:\Windows\system32\svchost.exe[1004] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1052] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00150600 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00150804 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00150A08 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 001501F8 .text C:\Windows\System32\svchost.exe[1052] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 001503FC .text C:\Windows\System32\svchost.exe[1096] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1096] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1096] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000B03FC .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 000B0600 .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 000B1014 .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 000B0804 .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 000B0A08 .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 000B0C0C .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 000B0E10 .text C:\Windows\System32\svchost.exe[1096] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000B01F8 .text C:\Windows\System32\svchost.exe[1096] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 009D0600 .text C:\Windows\System32\svchost.exe[1096] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 009D0804 .text C:\Windows\System32\svchost.exe[1096] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 009D0A08 .text C:\Windows\System32\svchost.exe[1096] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 009D01F8 .text C:\Windows\System32\svchost.exe[1096] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 009D03FC .text C:\Windows\System32\svchost.exe[1096] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[1172] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[1172] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[1172] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 009B0600 .text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 009B0804 .text C:\Windows\System32\svchost.exe[1172] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 009B0A08 .text C:\Windows\System32\svchost.exe[1172] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 009B01F8 .text C:\Windows\System32\svchost.exe[1172] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 009B03FC .text C:\Windows\System32\svchost.exe[1172] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1208] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1208] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00AE0600 .text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00AE0804 .text C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00AE0A08 .text C:\Windows\system32\svchost.exe[1208] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 00AE01F8 .text C:\Windows\system32\svchost.exe[1208] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 00AE03FC .text C:\Windows\system32\svchost.exe[1208] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\AUDIODG.EXE[1308] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1336] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1336] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1336] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00290600 .text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00290804 .text C:\Windows\system32\svchost.exe[1336] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00290A08 .text C:\Windows\system32\svchost.exe[1336] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 002901F8 .text C:\Windows\system32\svchost.exe[1336] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 002903FC .text C:\Windows\system32\svchost.exe[1336] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\svchost.exe[1368] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1368] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1368] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1368] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1368] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00820600 .text C:\Windows\system32\svchost.exe[1368] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00820804 .text C:\Windows\system32\svchost.exe[1368] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00820A08 .text C:\Windows\system32\svchost.exe[1368] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 008201F8 .text C:\Windows\system32\svchost.exe[1368] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 008203FC .text C:\Windows\system32\svchost.exe[1368] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\Windows Defender\MSASCui.exe[1404] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Defender\MSASCui.exe[1404] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Defender\MSASCui.exe[1404] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\Windows Defender\MSASCui.exe[1404] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Program Files\Windows Defender\MSASCui.exe[1404] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Program Files\Windows Defender\MSASCui.exe[1404] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Program Files\Windows Defender\MSASCui.exe[1404] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Program Files\Windows Defender\MSASCui.exe[1404] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Program Files\Windows Defender\MSASCui.exe[1404] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Program Files\Windows Defender\MSASCui.exe[1404] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Program Files\Windows Defender\MSASCui.exe[1404] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Windows Defender\MSASCui.exe[1404] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Program Files\Windows Defender\MSASCui.exe[1404] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Program Files\Windows Defender\MSASCui.exe[1404] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Defender\MSASCui.exe[1404] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Defender\MSASCui.exe[1404] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Program Files\Windows Defender\MSASCui.exe[1404] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[1412] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[1412] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00B30600 .text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00B30804 .text C:\Windows\system32\svchost.exe[1412] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00B30A08 .text C:\Windows\system32\svchost.exe[1412] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 00B301F8 .text C:\Windows\system32\svchost.exe[1412] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 00B303FC .text C:\Windows\system32\svchost.exe[1412] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1516] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\nvvsvc.exe[1524] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000401F8 .text C:\Windows\system32\nvvsvc.exe[1524] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000403FC .text C:\Windows\system32\nvvsvc.exe[1524] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\nvvsvc.exe[1524] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000603FC .text C:\Windows\system32\nvvsvc.exe[1524] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00060600 .text C:\Windows\system32\nvvsvc.exe[1524] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00061014 .text C:\Windows\system32\nvvsvc.exe[1524] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00060804 .text C:\Windows\system32\nvvsvc.exe[1524] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00060A08 .text C:\Windows\system32\nvvsvc.exe[1524] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00060C0C .text C:\Windows\system32\nvvsvc.exe[1524] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00060E10 .text C:\Windows\system32\nvvsvc.exe[1524] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000601F8 .text C:\Windows\system32\nvvsvc.exe[1524] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00070600 .text C:\Windows\system32\nvvsvc.exe[1524] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00070804 .text C:\Windows\system32\nvvsvc.exe[1524] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\nvvsvc.exe[1524] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\nvvsvc.exe[1524] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000703FC .text C:\Windows\system32\nvvsvc.exe[1524] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\V0350Mon.exe[1560] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 001401F8 .text C:\Windows\V0350Mon.exe[1560] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 001403FC .text C:\Windows\V0350Mon.exe[1560] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\V0350Mon.exe[1560] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00160600 .text C:\Windows\V0350Mon.exe[1560] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00160804 .text C:\Windows\V0350Mon.exe[1560] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00160A08 .text C:\Windows\V0350Mon.exe[1560] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 001601F8 .text C:\Windows\V0350Mon.exe[1560] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 001603FC .text C:\Windows\V0350Mon.exe[1560] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\V0350Mon.exe[1560] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 001703FC .text C:\Windows\V0350Mon.exe[1560] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00170600 .text C:\Windows\V0350Mon.exe[1560] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00171014 .text C:\Windows\V0350Mon.exe[1560] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00170804 .text C:\Windows\V0350Mon.exe[1560] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00170A08 .text C:\Windows\V0350Mon.exe[1560] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00170C0C .text C:\Windows\V0350Mon.exe[1560] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00170E10 .text C:\Windows\V0350Mon.exe[1560] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 001701F8 .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1772] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[1772] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\svchost.exe[1780] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[1780] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[1780] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[1780] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[1780] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00200600 .text C:\Windows\system32\svchost.exe[1780] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00200804 .text C:\Windows\system32\svchost.exe[1780] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00200A08 .text C:\Windows\system32\svchost.exe[1780] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 002001F8 .text C:\Windows\system32\svchost.exe[1780] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 002003FC .text C:\Windows\system32\svchost.exe[1780] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000601F8 .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000603FC .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00070600 .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00070804 .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00070A08 .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000703FC .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000803FC .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00080600 .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00081014 .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00080804 .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00080A08 .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00080C0C .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00080E10 .text C:\Program Files\Ask.com\Updater\Updater.exe[1820] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000801F8 .text C:\Program Files\iPod\bin\iPodService.exe[1860] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Program Files\iPod\bin\iPodService.exe[1860] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Program Files\iPod\bin\iPodService.exe[1860] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\iPod\bin\iPodService.exe[1860] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Program Files\iPod\bin\iPodService.exe[1860] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Program Files\iPod\bin\iPodService.exe[1860] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Program Files\iPod\bin\iPodService.exe[1860] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Program Files\iPod\bin\iPodService.exe[1860] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Program Files\iPod\bin\iPodService.exe[1860] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Program Files\iPod\bin\iPodService.exe[1860] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Program Files\iPod\bin\iPodService.exe[1860] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Program Files\iPod\bin\iPodService.exe[1860] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Program Files\iPod\bin\iPodService.exe[1860] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Program Files\iPod\bin\iPodService.exe[1860] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Program Files\iPod\bin\iPodService.exe[1860] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Program Files\iPod\bin\iPodService.exe[1860] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Program Files\iPod\bin\iPodService.exe[1860] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\iTunes\iTunesHelper.exe[1980] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Program Files\iTunes\iTunesHelper.exe[1980] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Program Files\iTunes\iTunesHelper.exe[1980] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\iTunes\iTunesHelper.exe[1980] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Program Files\iTunes\iTunesHelper.exe[1980] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Program Files\iTunes\iTunesHelper.exe[1980] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Program Files\iTunes\iTunesHelper.exe[1980] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Program Files\iTunes\iTunesHelper.exe[1980] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Program Files\iTunes\iTunesHelper.exe[1980] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Program Files\iTunes\iTunesHelper.exe[1980] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Program Files\iTunes\iTunesHelper.exe[1980] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Program Files\iTunes\iTunesHelper.exe[1980] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Program Files\iTunes\iTunesHelper.exe[1980] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Program Files\iTunes\iTunesHelper.exe[1980] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Program Files\iTunes\iTunesHelper.exe[1980] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Program Files\iTunes\iTunesHelper.exe[1980] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Program Files\iTunes\iTunesHelper.exe[1980] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\Dwm.exe[1984] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\Dwm.exe[1984] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\Dwm.exe[1984] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\Dwm.exe[1984] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\Dwm.exe[1984] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\Dwm.exe[1984] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\Dwm.exe[1984] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\Dwm.exe[1984] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\Dwm.exe[1984] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\Dwm.exe[1984] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\Dwm.exe[1984] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\Dwm.exe[1984] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Windows\system32\Dwm.exe[1984] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\Dwm.exe[1984] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\Dwm.exe[1984] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\Dwm.exe[1984] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\Dwm.exe[1984] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] kernel32.dll!SetUnhandledExceptionFilter 7730A8B5 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP } .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[2008] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000803FC .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00080600 .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00081014 .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00080804 .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00080A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00080C0C .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00080E10 .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000801F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00090600 .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00090804 .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00090A08 .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000901F8 .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000903FC .text C:\Program Files\Windows Sidebar\sidebar.exe[2084] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Apple\Internet Services\ubd.exe[2096] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000803FC .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00080600 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00081014 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00080804 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00080A08 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00080C0C .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00080E10 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000801F8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00090600 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00090804 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00090A08 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000901F8 .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000903FC .text C:\Program Files\NVIDIA Corporation\Display\nvtray.exe[2364] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\System32\spoolsv.exe[2732] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\System32\spoolsv.exe[2732] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\System32\spoolsv.exe[2732] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\System32\spoolsv.exe[2732] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\spoolsv.exe[2732] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\spoolsv.exe[2732] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\spoolsv.exe[2732] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\spoolsv.exe[2732] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\spoolsv.exe[2732] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\spoolsv.exe[2732] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\spoolsv.exe[2732] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\System32\spoolsv.exe[2732] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00110600 .text C:\Windows\System32\spoolsv.exe[2732] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00110804 .text C:\Windows\System32\spoolsv.exe[2732] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00110A08 .text C:\Windows\System32\spoolsv.exe[2732] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 001101F8 .text C:\Windows\System32\spoolsv.exe[2732] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 001103FC .text C:\Windows\System32\spoolsv.exe[2732] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\taskeng.exe[2744] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2744] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2744] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2744] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2744] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2744] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2744] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2744] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2744] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2744] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2744] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2744] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2744] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2744] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2744] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2744] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[2744] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\svchost.exe[2768] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\svchost.exe[2768] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\svchost.exe[2768] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\svchost.exe[2768] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\svchost.exe[2768] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 001D0600 .text C:\Windows\system32\svchost.exe[2768] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 001D0804 .text C:\Windows\system32\svchost.exe[2768] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 001D0A08 .text C:\Windows\system32\svchost.exe[2768] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 001D01F8 .text C:\Windows\system32\svchost.exe[2768] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 001D03FC .text C:\Windows\system32\svchost.exe[2768] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\taskeng.exe[2828] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\taskeng.exe[2828] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\taskeng.exe[2828] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\taskeng.exe[2828] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\taskeng.exe[2828] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Windows\system32\taskeng.exe[2828] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\taskeng.exe[2828] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\taskeng.exe[2828] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\taskeng.exe[2828] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\taskeng.exe[2828] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000401F8 .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000403FC .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 000D0600 .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 000D0804 .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 000D0A08 .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000D01F8 .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000D03FC .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000E03FC .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 000E0600 .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 000E1014 .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 000E0804 .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 000E0A08 .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 000E0C0C .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 000E0E10 .text C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe[3048] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000E01F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 6545F920 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 001503FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] kernel32.dll!HeapSetInformation + 26 7730A8B0 7 Bytes JMP 654640F6 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] kernel32.dll!LockResource + C 77326ACB 7 Bytes JMP 65C2329A C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] kernel32.dll!VirtualAllocEx + 54 7732AF50 7 Bytes JMP 65C232BD C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00170600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00170804 .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00170A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 001701F8 .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 001703FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] GDI32.dll!SetStretchBltMode + 256 76C2745C 7 Bytes JMP 65C2321B C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 001803FC .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00180600 .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00181014 .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00180804 .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00180A08 .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00180C0C .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00180E10 .text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 001801F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00070600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00070804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00070A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000701F8 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000703FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!InSendMessageEx + 4C9 7600E7C8 7 Bytes JMP 657B2180 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!CreateWindowExW + AA 760113AF 7 Bytes JMP 657B21F1 C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!GetWindowInfo 7601428E 5 Bytes JMP 657B5F7C C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!SetMenuItemBitmaps + 71 760214EE 7 Bytes JMP 657AF95F C:\Program Files\Mozilla Firefox\xul.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000803FC .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00080600 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00081014 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00080804 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00080A08 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00080C0C .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00080E10 .text C:\Program Files\Mozilla Firefox\plugin-container.exe[3264] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[3280] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00070600 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00070804 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00070A08 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000701F8 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000703FC .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000803FC .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00080600 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00081014 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00080804 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00080A08 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00080C0C .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00080E10 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3324] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000801F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Program Files\Bonjour\mDNSResponder.exe[3364] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\schtasks.exe[3372] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000401F8 .text C:\Windows\system32\schtasks.exe[3372] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000403FC .text C:\Windows\system32\schtasks.exe[3372] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\schtasks.exe[3372] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000603FC .text C:\Windows\system32\schtasks.exe[3372] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00060600 .text C:\Windows\system32\schtasks.exe[3372] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00061014 .text C:\Windows\system32\schtasks.exe[3372] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00060804 .text C:\Windows\system32\schtasks.exe[3372] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00060A08 .text C:\Windows\system32\schtasks.exe[3372] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00060C0C .text C:\Windows\system32\schtasks.exe[3372] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00060E10 .text C:\Windows\system32\schtasks.exe[3372] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000601F8 .text C:\Windows\system32\schtasks.exe[3372] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00070600 .text C:\Windows\system32\schtasks.exe[3372] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00070804 .text C:\Windows\system32\schtasks.exe[3372] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\schtasks.exe[3372] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\schtasks.exe[3372] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000703FC .text C:\Windows\system32\schtasks.exe[3372] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00070600 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00070804 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00070A08 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000701F8 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000703FC .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000803FC .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00080600 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00081014 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00080804 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00080A08 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00080C0C .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00080E10 .text C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe[3384] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\FsUsbExService.Exe[3412] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 001401F8 .text C:\Windows\system32\FsUsbExService.Exe[3412] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 001403FC .text C:\Windows\system32\FsUsbExService.Exe[3412] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\FsUsbExService.Exe[3412] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00160600 .text C:\Windows\system32\FsUsbExService.Exe[3412] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00160804 .text C:\Windows\system32\FsUsbExService.Exe[3412] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00160A08 .text C:\Windows\system32\FsUsbExService.Exe[3412] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 001601F8 .text C:\Windows\system32\FsUsbExService.Exe[3412] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 001603FC .text C:\Windows\system32\FsUsbExService.Exe[3412] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\FsUsbExService.Exe[3412] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\FsUsbExService.Exe[3412] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\FsUsbExService.Exe[3412] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\FsUsbExService.Exe[3412] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\FsUsbExService.Exe[3412] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\FsUsbExService.Exe[3412] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00170C0C .text C:\Windows\system32\FsUsbExService.Exe[3412] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\FsUsbExService.Exe[3412] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 001701F8 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 001501F8 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 001503FC .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00270600 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00270804 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00270A08 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 002701F8 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 002703FC .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 002803FC .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00280600 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00281014 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00280804 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00280A08 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00280C0C .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00280E10 .text C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE[3528] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 002801F8 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000801F8 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000803FC .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 000A0600 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 000A0804 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 000A0A08 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000A01F8 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000A03FC .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000B03FC .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 000B0600 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 000B1014 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 000B0804 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 000B0A08 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 000B0C0C .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 000B0E10 .text C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe[3576] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\PnkBstrA.exe[3740] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 001401F8 .text C:\Windows\system32\PnkBstrA.exe[3740] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 001403FC .text C:\Windows\system32\PnkBstrA.exe[3740] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\PnkBstrA.exe[3740] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00160600 .text C:\Windows\system32\PnkBstrA.exe[3740] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00160804 .text C:\Windows\system32\PnkBstrA.exe[3740] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00160A08 .text C:\Windows\system32\PnkBstrA.exe[3740] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 001601F8 .text C:\Windows\system32\PnkBstrA.exe[3740] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 001603FC .text C:\Windows\system32\PnkBstrA.exe[3740] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\PnkBstrA.exe[3740] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 001703FC .text C:\Windows\system32\PnkBstrA.exe[3740] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00170600 .text C:\Windows\system32\PnkBstrA.exe[3740] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00171014 .text C:\Windows\system32\PnkBstrA.exe[3740] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00170804 .text C:\Windows\system32\PnkBstrA.exe[3740] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00170A08 .text C:\Windows\system32\PnkBstrA.exe[3740] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00170C0C .text C:\Windows\system32\PnkBstrA.exe[3740] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00170E10 .text C:\Windows\system32\PnkBstrA.exe[3740] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 001701F8 .text C:\Windows\system32\svchost.exe[3752] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[3752] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[3752] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[3752] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[3752] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 007A0600 .text C:\Windows\system32\svchost.exe[3752] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 007A0804 .text C:\Windows\system32\svchost.exe[3752] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 007A0A08 .text C:\Windows\system32\svchost.exe[3752] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 007A01F8 .text C:\Windows\system32\svchost.exe[3752] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 007A03FC .text C:\Windows\system32\svchost.exe[3752] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000401F8 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000403FC .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000603FC .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00060600 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00061014 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00060804 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00060A08 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00060C0C .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00060E10 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000601F8 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00070600 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00070804 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00070A08 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000701F8 .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000703FC .text C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe[3772] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\svchost.exe[3868] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000901F8 .text C:\Windows\system32\svchost.exe[3868] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000903FC .text C:\Windows\system32\svchost.exe[3868] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\svchost.exe[3868] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000B03FC .text C:\Windows\system32\svchost.exe[3868] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 000B0600 .text C:\Windows\system32\svchost.exe[3868] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 000B1014 .text C:\Windows\system32\svchost.exe[3868] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 000B0804 .text C:\Windows\system32\svchost.exe[3868] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 000B0A08 .text C:\Windows\system32\svchost.exe[3868] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 000B0C0C .text C:\Windows\system32\svchost.exe[3868] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 000B0E10 .text C:\Windows\system32\svchost.exe[3868] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000B01F8 .text C:\Windows\system32\svchost.exe[3868] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00810600 .text C:\Windows\system32\svchost.exe[3868] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00810804 .text C:\Windows\system32\svchost.exe[3868] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00810A08 .text C:\Windows\system32\svchost.exe[3868] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 008101F8 .text C:\Windows\system32\svchost.exe[3868] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 008103FC .text C:\Windows\system32\svchost.exe[3868] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\System32\svchost.exe[3908] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\System32\svchost.exe[3908] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\System32\svchost.exe[3908] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\System32\svchost.exe[3908] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[3956] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\SearchIndexer.exe[3956] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\SearchIndexer.exe[3956] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000703FC .text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00070600 .text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00071014 .text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00070804 .text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00070A08 .text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00070C0C .text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00070E10 .text C:\Windows\system32\SearchIndexer.exe[3956] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000701F8 .text C:\Windows\system32\SearchIndexer.exe[3956] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00080600 .text C:\Windows\system32\SearchIndexer.exe[3956] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00080804 .text C:\Windows\system32\SearchIndexer.exe[3956] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00080A08 .text C:\Windows\system32\SearchIndexer.exe[3956] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000801F8 .text C:\Windows\system32\SearchIndexer.exe[3956] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000803FC .text C:\Windows\system32\SearchIndexer.exe[3956] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000501F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000503FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00070600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00070804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00070A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 000701F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 000703FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 000803FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00080600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00081014 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00080804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00080A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00080C0C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00080E10 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4108] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 000801F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 000701F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 000703FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtCreateFile + 6 771C426A 4 Bytes [28, C8, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtCreateFile + B 771C426F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtCreateKey + 6 771C42AA 4 Bytes [68, C9, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtCreateKey + B 771C42AF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtCreateMutant + 6 771C42DA 4 Bytes [28, CA, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtCreateMutant + B 771C42DF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtCreateSection + 6 771C435A 4 Bytes [68, CA, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtCreateSection + B 771C435F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtMapViewOfSection + 6 771C49BA 4 Bytes [A8, CC, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtMapViewOfSection + B 771C49BF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenFile + 6 771C4A4A 4 Bytes [68, C8, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenFile + B 771C4A4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenKey + 6 771C4A7A 4 Bytes [A8, C9, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenKey + B 771C4A7F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenMutant + B 771C4A9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenProcess + 6 771C4ACA 4 Bytes [28, CB, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenProcess + B 771C4ACF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenProcessToken + 6 771C4ADA 4 Bytes [68, CB, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenProcessToken + B 771C4ADF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenProcessTokenEx + 6 771C4AEA 4 Bytes [28, CC, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenProcessTokenEx + B 771C4AEF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenSection + 6 771C4AFA 4 Bytes [A8, CA, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenSection + B 771C4AFF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenThread + B 771C4B3F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenThreadToken + B 771C4B4F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenThreadTokenEx + 6 771C4B5A 4 Bytes [68, CC, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtOpenThreadTokenEx + B 771C4B5F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtQueryAttributesFile + 6 771C4BEA 4 Bytes [A8, C8, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtQueryAttributesFile + B 771C4BEF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtQueryFullAttributesFile + B 771C4C9F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtSetInformationFile + 6 771C517A 4 Bytes [28, C9, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtSetInformationFile + B 771C517F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtSetInformationThread + 6 771C51CA 4 Bytes [A8, CB, 06, 00] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtSetInformationThread + B 771C51CF 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ntdll.dll!NtUnmapViewOfSection + B 771C546F 1 Byte [E2] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] kernel32.dll!CreateProcessW 772E1BF3 5 Bytes JMP 000800B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] kernel32.dll!CreateProcessA 772E1C28 5 Bytes JMP 000800F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] kernel32.dll!OpenEventW 772FC023 5 Bytes JMP 00080070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] kernel32.dll!CreateEventW 7732B85E 5 Bytes JMP 00080030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!DeleteObject 76C25A37 5 Bytes JMP 000C01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetDeviceCaps 76C2617F 5 Bytes JMP 000C03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!SelectObject 76C262A0 5 Bytes JMP 000C05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!SetTextColor 76C2666B 5 Bytes JMP 000C0A30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!SetBkMode 76C26716 5 Bytes JMP 000C08F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!DeleteDC 76C268CD 5 Bytes JMP 000C0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetCurrentObject 76C26B58 5 Bytes JMP 000C0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!SetStretchBltMode 76C27206 5 Bytes JMP 000C06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!SaveDC 76C275BA 5 Bytes JMP 000C0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!RestoreDC 76C27675 5 Bytes JMP 000C0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!StretchDIBits 76C278CF 5 Bytes JMP 000C0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!ExtSelectClipRgn 76C279F8 5 Bytes JMP 000C02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!SelectClipRgn 76C27AF9 5 Bytes JMP 000C05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!MoveToEx 76C27C33 5 Bytes JMP 000C0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!Rectangle 76C27EA9 5 Bytes JMP 000C09B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetTextAlign 76C282E0 5 Bytes JMP 000C0D70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!SetTextAlign 76C285CB 5 Bytes JMP 000C09F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!ExtTextOutW 76C2872B 5 Bytes JMP 000C0970 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetTextMetricsW 76C28A81 5 Bytes JMP 000C0E30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!IntersectClipRect 76C28B64 5 Bytes JMP 000C03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetClipBox 76C29071 5 Bytes JMP 000C0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!SetICMMode 76C294E7 5 Bytes JMP 000C0DB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!CreateDCW 76C2A91D 5 Bytes JMP 000C00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!CreateDCA 76C2AA49 5 Bytes JMP 000C00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!CreateICW 76C2B2E9 5 Bytes JMP 000C0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetTextFaceW 76C2B637 5 Bytes JMP 000C0D30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetFontData 76C2BA6C 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetFontData 76C2BA6C 5 Bytes JMP 000C0C70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetTextExtentPoint32W 76C2C01A 5 Bytes JMP 000C0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!SetWorldTransform 76C2C46A 5 Bytes JMP 000C06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!LineTo 76C2C65E 5 Bytes JMP 000C0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetTextMetricsA 76C2CCEB 5 Bytes JMP 000C0DF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!ExtTextOutA 76C300A5 5 Bytes JMP 000C0930 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetTextExtentPoint32A 76C30E58 5 Bytes JMP 000C0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!ExtEscape 76C322A7 5 Bytes JMP 000C02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!Escape 76C327F1 5 Bytes JMP 000C0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!ResetDCW 76C33132 5 Bytes JMP 000C0AB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!EndPage 76C3375E 5 Bytes JMP 000C0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!SetPolyFillMode 76C361D3 5 Bytes JMP 000C0B30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!SetMiterLimit 76C362E2 5 Bytes JMP 000C0B70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetTextFaceA 76C3F4C5 5 Bytes JMP 000C0CF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!GetGlyphOutlineW 76C4A41F 5 Bytes JMP 000C0CB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!CreateScalableFontResourceW 76C4C88B 5 Bytes JMP 000C0BB0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!AddFontResourceW 76C4CC93 5 Bytes JMP 000C0BF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!RemoveFontResourceW 76C4D129 5 Bytes JMP 000C0C30 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!AbortDoc 76C52CC4 5 Bytes JMP 000C0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!EndDoc 76C530D8 5 Bytes JMP 000C01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!StartPage 76C531C3 5 Bytes JMP 000C0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!StartDocW 76C53CA7 5 Bytes JMP 000C07F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!BeginPath 76C54465 5 Bytes JMP 000C0830 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!SelectClipPath 76C544BC 5 Bytes JMP 000C0AF0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!CloseFigure 76C54517 5 Bytes JMP 000C0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!EndPath 76C5456E 5 Bytes JMP 000C0A70 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!StrokePath 76C547A0 5 Bytes JMP 000C07B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!FillPath 76C5482C 5 Bytes JMP 000C0870 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!PolylineTo 76C54C95 5 Bytes JMP 000C04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!PolyBezierTo 76C54D25 5 Bytes JMP 000C04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] GDI32.dll!PolyDraw 76C54DD6 5 Bytes JMP 000C08B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00240600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00240804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00240A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 002401F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 002403FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!SetCursor 7600D37D 5 Bytes JMP 000D0530 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!RegisterClipboardFormatW 7600D6AC 1 Byte [E9] .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!RegisterClipboardFormatW 7600D6AC 5 Bytes JMP 000D02B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!ActivateKeyboardLayout 7601478C 5 Bytes JMP 000D04F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!IsWindowVisible 7601878A 7 Bytes JMP 000D06B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!MonitorFromWindow 760188D4 7 Bytes JMP 000D0630 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!ScreenToClient 76018C56 7 Bytes JMP 000D0670 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!GetClientRect 76018F0D 7 Bytes JMP 000D05B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!GetParent 760190AA 7 Bytes JMP 000D06F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!RegisterClipboardFormatA 7601A111 5 Bytes JMP 000D02F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!PostMessageW 7601A175 5 Bytes JMP 000D05F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!MapWindowPoints 7601A30D 5 Bytes JMP 000D0570 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!GetClipboardFormatNameA 7601A552 5 Bytes JMP 000D0270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!GetOpenClipboardWindow 760226A6 5 Bytes JMP 000D03F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!SetClipboardViewer 7602BA2D 5 Bytes JMP 000D04B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!IsClipboardFormatAvailable 7602C2E3 5 Bytes JMP 000D00F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!CloseClipboard 7602C2F7 5 Bytes JMP 000D00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!OpenClipboard 7602C31D 5 Bytes JMP 000D0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!GetTopWindow 7602CE0A 7 Bytes JMP 000D0730 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!GetClipboardSequenceNumber 7602D8B7 5 Bytes JMP 000D0330 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!ChangeClipboardChain 7602DF83 5 Bytes JMP 000D0430 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!CountClipboardFormats 76030048 5 Bytes JMP 000D01F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!GetClipboardOwner 760326EF 5 Bytes JMP 000D0370 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!SetClipboardData 76046410 5 Bytes JMP 000D0170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!EnumClipboardFormats 76046D16 5 Bytes JMP 000D01B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!SetCursorPos 76046FB2 5 Bytes JMP 000D0770 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!GetClipboardData 7604715A 5 Bytes JMP 000D0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!GetClipboardFormatNameW 7604A99F 5 Bytes JMP 000D0230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!EmptyClipboard 7606398B 5 Bytes JMP 000D0130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!GetClipboardViewer 760639ED 5 Bytes JMP 000D0470 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] USER32.dll!GetPriorityClipboardFormat 76063AEF 5 Bytes JMP 000D03B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 002503FC .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00250600 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00251014 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00250804 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00250A08 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00250C0C .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00250E10 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 002501F8 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ole32.dll!OleGetClipboard 76E474C9 5 Bytes JMP 000E00B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ole32.dll!OleSetClipboard 76E711E3 5 Bytes JMP 000E0030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] ole32.dll!OleIsCurrentClipboard 76E7A8F9 5 Bytes JMP 000E0070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] Secur32.dll!FreeContextBuffer 75672D83 5 Bytes JMP 001000F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] Secur32.dll!DeleteSecurityContext 75672F18 5 Bytes JMP 00100270 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] Secur32.dll!FreeCredentialsHandle 75673598 5 Bytes JMP 00100130 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] Secur32.dll!EncryptMessage 75673745 5 Bytes JMP 001001F0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] Secur32.dll!DecryptMessage 75673813 5 Bytes JMP 00100230 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] Secur32.dll!InitializeSecurityContextA 756787DF 5 Bytes JMP 00100170 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] Secur32.dll!AcquireCredentialsHandleA 75678A43 5 Bytes JMP 00100030 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] Secur32.dll!QueryContextAttributesA 75678E77 5 Bytes JMP 00100070 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] Secur32.dll!ApplyControlToken 7567DE4F 5 Bytes JMP 001001B0 .text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe[4124] Secur32.dll!QueryCredentialsAttributesA 7567E052 5 Bytes JMP 001000B0 .text C:\Users\PC\Desktop\gmer.exe[5052] ntdll.dll!LdrLoadDll 77189378 5 Bytes JMP 001501F8 .text C:\Users\PC\Desktop\gmer.exe[5052] ntdll.dll!LdrUnloadDll 7719B680 5 Bytes JMP 001503FC .text C:\Users\PC\Desktop\gmer.exe[5052] kernel32.dll!GetBinaryTypeW + 70 77332447 1 Byte [62] .text C:\Users\PC\Desktop\gmer.exe[5052] ADVAPI32.dll!CreateServiceW 76D49EB4 5 Bytes JMP 00C503FC .text C:\Users\PC\Desktop\gmer.exe[5052] ADVAPI32.dll!DeleteService 76D4A07E 5 Bytes JMP 00C50600 .text C:\Users\PC\Desktop\gmer.exe[5052] ADVAPI32.dll!SetServiceObjectSecurity 76D86CD9 5 Bytes JMP 00C51014 .text C:\Users\PC\Desktop\gmer.exe[5052] ADVAPI32.dll!ChangeServiceConfigA 76D86DD9 5 Bytes JMP 00C50804 .text C:\Users\PC\Desktop\gmer.exe[5052] ADVAPI32.dll!ChangeServiceConfigW 76D86F81 5 Bytes JMP 00C50A08 .text C:\Users\PC\Desktop\gmer.exe[5052] ADVAPI32.dll!ChangeServiceConfig2A 76D87099 5 Bytes JMP 00C50C0C .text C:\Users\PC\Desktop\gmer.exe[5052] ADVAPI32.dll!ChangeServiceConfig2W 76D871E1 5 Bytes JMP 00C50E10 .text C:\Users\PC\Desktop\gmer.exe[5052] ADVAPI32.dll!CreateServiceA 76D872A1 5 Bytes JMP 00C501F8 .text C:\Users\PC\Desktop\gmer.exe[5052] USER32.dll!SetWindowsHookExA 76006322 5 Bytes JMP 00C30600 .text C:\Users\PC\Desktop\gmer.exe[5052] USER32.dll!SetWindowsHookExW 760087AD 5 Bytes JMP 00C30804 .text C:\Users\PC\Desktop\gmer.exe[5052] USER32.dll!UnhookWindowsHookEx 760098DB 5 Bytes JMP 00C30A08 .text C:\Users\PC\Desktop\gmer.exe[5052] USER32.dll!SetWinEventHook 76009F3A 5 Bytes JMP 00C301F8 .text C:\Users\PC\Desktop\gmer.exe[5052] USER32.dll!UnhookWinEvent 7600C06F 5 Bytes JMP 00C303FC .text C:\Users\PC\Desktop\gmer.exe[5052] USER32.dll!DialogBoxParamW 760310B0 5 Bytes JMP 75075820 c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll ---- User IAT/EAT - GMER 2.1 ---- IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [7507ACE0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [KERNEL32.dll!OpenProcess] [7507A390] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [ntdll.dll!NtClose] [7507EC90] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C27817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C6B4F1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C2BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C1F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C1E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73C573F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73C2DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C1FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C1FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73CACB00] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73C4C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C1D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C16853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C1687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\Explorer.EXE[192] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C22AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18813_none_9e51e050ca1696a4\gdiplus.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 002D0002 IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [KERNEL32.dll!LoadLibraryW] [7507ACE0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [KERNEL32.dll!OpenProcess] [7507A390] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 002D0000 IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtSetInformationFile] [7507B060] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryInformationFile] [7507A510] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteFile] [7507B000] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteKey] [7507ED10] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtOpenKey] [7507EBC0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtEnumerateKey] [7507E990] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtDeleteValueKey] [7507ED70] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtSetValueKey] [7507EAE0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryValueKey] [7507EA70] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtCreateKey] [7507EB50] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtOpenFile] [7507AE90] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtQueryKey] [7507A4D0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\services.exe[684] @ C:\Windows\system32\services.exe [ntdll.dll!NtClose] [7507EC90] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [7507ACE0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!OpenProcess] [7507A390] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtClose] [7507EC90] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtOpenFile] [7507AE90] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtOpenKey] [7507EBC0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtEnumerateKey] [7507E990] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtQueryKey] [7507A4D0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtCreateKey] [7507EB50] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtDeleteValueKey] [7507ED70] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtQueryValueKey] [7507EA70] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtSetValueKey] [7507EAE0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\winlogon.exe[756] @ C:\Windows\system32\winlogon.exe [ntdll.dll!NtDeleteKey] [7507ED10] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[896] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[896] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[896] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7507AC20] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1004] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1004] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1004] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7507AC20] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\System32\svchost.exe[1096] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\System32\svchost.exe[1096] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\System32\svchost.exe[1096] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7507AC20] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\System32\svchost.exe[1172] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\System32\svchost.exe[1172] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\System32\svchost.exe[1172] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7507AC20] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1208] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7507AC20] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1336] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1336] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1336] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7507AC20] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1368] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7507AC20] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1412] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1412] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1412] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7507AC20] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1780] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1780] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[1780] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7507AC20] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[2768] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[2768] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[2768] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7507AC20] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[3752] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[3752] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[3752] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7507AC20] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[3868] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!TerminateProcess] [7507A3E0] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[3868] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7507AC80] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll IAT C:\Windows\system32\svchost.exe[3868] @ C:\Windows\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7507AC20] c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll ---- Devices - GMER 2.1 ---- Device Ntfs.sys Device InCDFs.sys AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS ---- EOF - GMER 2.1 ---- [/log]
Natsuki Kuga komentarz 4 listopada 2013 komentarz 4 listopada 2013 1. Wykonaj ten skrypt w OTL (instrukcja: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/#entry1683607 ): :OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/...de-002719bb633e IE - HKLM\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://startsear.ch/...002719bb633e&q={searchTerms} IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.searchgol...119357&tsp=5022 IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/...de-002719bb633e IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = http://vshare.toolba.../search.aspx?q={searchTerms}&srch=dsp IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes\{0878CF36-4E7F-4672-80B4-359377E08026}: "URL" = http://websearch.ask...00027&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=YYYYYYYYPL&apn_uid=501E4811-2DD1-4BBE-BE27-4ACA3E0A4F8A&apn_sauid=9B27062B-C444-427B-98F8-5D4FCF8DD848 IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss&mntrId=8A37002719BB633E&affID=119357&tsp=5022 IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://startsear.ch/...002719bb633e&q={searchTerms} FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "error" FF - prefs.js..browser.search.selectedEngine: "Ask.com" O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files\Delta\delta\1.8.24.6\bh\delta.dll (Delta-search.com) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files\Delta\delta\1.8.24.6\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [Gkdido] C:\Users\PC\AppData\Roaming\Gkdido.exe File not found O20 - AppInit_DLLs: (c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll) - c:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll () :Files C:\ProgramData\BitGuard C:\Program Files\Browsers Protector C:\Program Files\Ask.com C:\Program Files\Delta C:\Windows\System32\searchplugins C:\Windows\System32\Extensions C:\Users\PC\AppData\Roaming\BabSolution C:\Users\PC\AppData\Roaming\Babylon :Services BitGuard :Commands [emptytemp] Pokaż raport.2. Użyj AdwCleaner z opcji Usuń. Pokaż raport.3. Pokaż zestaw nowych logów (wraz z Extras z OTL!).
kozgi komentarz 7 listopada 2013 Autor komentarz 7 listopada 2013 Kiedy próbuję wykonać skrypt znikają wszystki ikonki z pulpitu, a OTL się zawiesza (nie odpowiada). Po 20 minutach pracy nic się nie dzieje. Pomógł dopiero reset kompa :/
kozgi komentarz 7 listopada 2013 Autor komentarz 7 listopada 2013 (edytowane) Chyba pomogło :) potrzymałem OTLa dłużej w stanie "zawieszenia" i wyskoczył komunikat po angielsku, nie pamiętam dokładnie o co chodziło, ale coś w rodzaju "program chce zmienić twoje ustawienia" (w dużym skrócie) i miałem do wyboru: tak, lub nie. Wybrałem "tak" i program dalej nie odpowiadał, więc potrzymałem go jeszcze jakiś czas. Później, gdy nic się nie zmeniło zresetowałem komputer i początkowo było to samo, ale jak dzisiaj włączyłem komputer problem chyba minął. Dodam jeszcze że chyba przy wyłączaniu kompa zainstalowała się aktualizacja systemu, więc może to pomogło. Dodam skany z OTLa. Spójrzcie proszę fachowym okiem czy wszystko ok: [log]OTL logfile created on: 2013-11-08 10:21:29 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PC\Desktop\Programy Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,25 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 59,43% Memory free 6,72 Gb Paging File | 5,25 Gb Available in Paging File | 78,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 253,91 Gb Total Space | 50,06 Gb Free Space | 19,72% Space Free | Partition Type: NTFS Drive D: | 211,85 Gb Total Space | 28,33 Gb Free Space | 13,37% Space Free | Partition Type: NTFS Drive F: | 6,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PC-PC | User Name: PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013-10-31 21:32:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\Programy\OTL.exe PRC - [2013-10-26 02:53:20 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2013-10-22 16:11:05 | 002,864,096 | ---- | M] () -- C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe PRC - [2013-10-11 13:54:33 | 001,862,536 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe PRC - [2013-01-18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2013-01-18 15:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe PRC - [2013-01-18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012-07-06 13:17:02 | 000,207,360 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe PRC - [2012-04-09 16:43:42 | 001,557,160 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe PRC - [2012-02-23 11:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe PRC - [2011-11-28 19:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2011-11-28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2009-04-11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009-01-08 09:42:54 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe PRC - [2008-01-22 18:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe PRC - [2008-01-21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007-06-04 18:02:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0350Mon.exe PRC - [2007-05-15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe ========== Modules (No Company Name) ========== MOD - [2013-10-26 02:53:40 | 003,368,048 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll MOD - [2013-10-22 16:11:05 | 002,864,096 | ---- | M] () -- C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe MOD - [2013-10-22 16:09:45 | 002,735,584 | ---- | M] () -- c:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll MOD - [2013-10-11 13:54:33 | 016,233,864 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_9_900_117.dll MOD - [2012-07-06 13:17:02 | 000,207,360 | ---- | M] () -- C:\Program Files\Browsers Protector\regmon32.exe MOD - [2011-06-24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011-06-24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ========== Services (SafeList) ========== SRV - [2013-10-26 02:53:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013-10-22 16:11:05 | 002,864,096 | ---- | M] () [Auto | Running] -- C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe -- (BitGuard) SRV - [2013-10-11 13:54:34 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-02-28 17:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-02-25 23:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013-02-04 17:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2013-01-18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012-10-02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012-01-13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011-11-28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2009-01-08 09:42:54 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService) SRV - [2008-01-22 18:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2008-01-21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007-05-15 15:55:46 | 001,550,896 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe -- (InCDsrv) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\PC\AppData\Local\Temp\naecd.sys -- (naecd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2013-02-25 23:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011-12-10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011-11-28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2011-11-28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2011-11-28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr) DRV - [2011-11-28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2011-11-28 18:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2011-11-28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2011-04-29 00:13:46 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2011-04-29 00:13:45 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011-02-12 15:29:51 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010-12-09 14:45:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009-07-31 01:12:56 | 000,282,144 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVNET) DRV - [2009-06-29 08:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2009-03-18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2009-01-08 09:42:54 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2008-02-22 15:33:02 | 000,114,304 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2008-02-22 15:33:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2008-02-22 15:33:00 | 000,087,936 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) DRV - [2007-06-10 18:01:02 | 000,142,656 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\V0350Afx.sys -- (VF0350Afx) DRV - [2007-05-15 15:55:36 | 000,118,576 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\Windows\System32\drivers\InCDfs.sys -- (InCDfs) DRV - [2007-05-15 15:55:36 | 000,038,576 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDRm.sys -- (incdrm) DRV - [2007-05-15 15:55:36 | 000,037,040 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\Windows\System32\drivers\InCDPass.sys -- (InCDPass) DRV - [2007-05-15 15:55:36 | 000,016,304 | ---- | M] (Nero AG) [Recognizer | System | Unknown] -- C:\Windows\System32\drivers\InCDrec.sys -- (InCDrec) DRV - [2007-05-10 18:02:00 | 000,170,368 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0350Vid.sys -- (VF0350Vid) DRV - [2007-03-05 11:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0350Vfx.sys -- (VF0350Vfx) DRV - [2006-01-12 19:46:28 | 000,252,928 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt73.sys -- (RT73) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes,DefaultScope = {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-679051662-1481701582-1949037630-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Web Search" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "error" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.pl/" FF - prefs.js..extensions.enabledAddons: IplextoALL%40ALLPlayer.org:0.7.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0 FF - prefs.js..keyword.URL: "error" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Users\PC\AppData\Local\Citrix\Plugins\97\npappdetector.dll (Citrix Online) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-02-04 20:26:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013-09-30 21:48:48 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013-11-02 21:14:03 | 000,000,000 | ---D | M] [2011-02-12 10:57:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Extensions [2013-11-01 00:43:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\b1q54a23.default-1383250290663\Extensions [2013-09-30 21:48:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013-09-30 21:48:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-09-30 21:48:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013-10-31 20:23:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010-12-09 11:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll O1 HOSTS File: ([2006-09-18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\Program Files\ALLPlayer\Iplex\IplexToALLPlayer.dll (ALLCinema Ltd.) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Browsers Protector] C:\Program Files\Browsers Protector\regmon32.exe () O4 - HKLM..\Run: [V0350Mon.exe] C:\Windows\V0350Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [ALLUpdate] C:\Program Files\ALLPlayer\ALLUpdate.exe () O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [Gkdido] C:\Users\PC\AppData\Roaming\Gkdido.exe File not found O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O4 - HKU\S-1-5-21-679051662-1481701582-1949037630-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.36.98.49 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2217FEC6-2A61-4667-BD00-37F5F1B5902F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{28742AC5-657B-482C-B8EB-EB60219DC815}: DhcpNameServer = 8.8.4.4 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A70C41F-39A9-4EC5-A0EB-F190B043B6FD}: DhcpNameServer = 77.36.98.49 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6D967711-FBBF-47AE-94B5-604F765FD428}: DhcpNameServer = 8.8.8.8 8.8.4.4 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (c:\progra~2\bitguard\271769~1.27\{c16c1~1\bitguard.dll) - c:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O24 - Desktop BackupWallPaper: C:\Users\PC\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta z Galerii fotografii systemu Windows.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006-09-18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f974c649-bfd9-11e2-9d8a-002618467637}\Shell - "" = AutoRun O33 - MountPoints2\{f974c649-bfd9-11e2-9d8a-002618467637}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013-11-07 17:47:56 | 000,000,000 | ---D | C] -- C:\_OTL [2013-11-07 17:42:54 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\logi [2013-11-07 17:41:44 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\pok [2013-11-02 21:14:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2013-11-02 21:14:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013-11-02 21:14:03 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013-11-02 21:13:51 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013-11-02 21:13:51 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013-11-02 21:13:51 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013-11-02 21:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java [2013-10-28 08:14:31 | 000,000,000 | ---D | C] -- C:\Users\PC\Podcasts [2013-10-28 08:14:31 | 000,000,000 | ---D | C] -- C:\Users\PC\Documents\Media Go [2013-10-28 08:13:31 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Sony [2013-10-28 08:13:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sony Shared [2013-10-28 08:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation [2013-10-28 07:58:54 | 000,000,000 | ---D | C] -- C:\Program Files\Sony Media Go Install [2013-10-28 07:58:54 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Sony [2013-10-27 22:16:57 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard [2013-10-26 11:51:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14 [2013-10-26 11:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\FIFA 14 [2013-10-25 09:42:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\Extensions [2013-10-25 09:42:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\searchplugins [2013-10-20 12:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin [2013-10-18 17:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam [2013-10-18 16:28:50 | 000,000,000 | ---D | C] -- C:\Program Files\Total War ROME II [2013-10-14 06:29:57 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013-10-14 06:29:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013-10-14 06:29:55 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013-10-14 06:29:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013-10-14 06:29:55 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013-10-14 06:29:54 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013-10-14 06:29:53 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013-10-14 06:29:52 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013-10-11 13:54:31 | 017,813,896 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [2013-10-11 12:32:45 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013-10-11 12:32:45 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013-10-11 12:32:45 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013-10-11 12:32:45 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013-10-11 12:32:45 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013-10-11 12:32:45 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013-10-11 12:32:45 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013-10-11 12:32:45 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013-10-11 12:32:43 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013-10-11 12:32:41 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2013-10-11 12:32:39 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013-10-11 12:32:32 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2013-10-11 12:32:32 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2013-10-11 12:32:23 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013-10-11 12:32:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013-10-11 12:32:20 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013-11-08 10:16:07 | 011,752,372 | ---- | M] () -- C:\Windows\System32\perfh015.dat [2013-11-08 10:16:07 | 004,613,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013-11-08 10:16:07 | 004,051,262 | ---- | M] () -- C:\Windows\System32\perfc015.dat [2013-11-08 10:16:07 | 003,926,876 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013-11-08 10:10:05 | 000,001,024 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-11-08 10:09:26 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013-11-08 10:09:26 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013-11-08 10:09:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-11-08 10:09:21 | 3488,776,192 | -HS- | M] () -- C:\hiberfil.sys [2013-11-08 02:04:00 | 000,001,028 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-11-08 01:52:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-11-08 00:37:38 | 000,028,672 | ---- | M] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-11-02 21:13:45 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013-11-02 21:13:44 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013-11-02 21:13:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013-11-02 21:13:44 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013-11-02 16:30:26 | 000,000,000 | ---- | M] () -- C:\cookies.sqlite [2013-10-17 21:38:14 | 000,284,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013-10-11 13:54:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013-10-11 13:54:33 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013-10-11 13:54:31 | 017,813,896 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerInstaller.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013-11-07 19:28:43 | 3488,776,192 | -HS- | C] () -- C:\hiberfil.sys [2013-11-02 16:30:26 | 000,000,000 | ---- | C] () -- C:\cookies.sqlite [2012-04-18 21:15:42 | 000,060,304 | ---- | C] () -- C:\Users\PC\g2mdlhlpx.exe [2011-03-21 02:55:04 | 000,000,090 | ---- | C] () -- C:\Users\PC\AppData\Local\fusioncache.dat [2011-02-12 10:30:24 | 000,032,594 | ---- | C] () -- C:\ProgramData\nvModes.dat [2011-02-12 10:30:24 | 000,032,594 | ---- | C] () -- C:\ProgramData\nvModes.001 [2011-02-11 17:04:05 | 000,028,672 | ---- | C] () -- C:\Users\PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011-02-11 17:02:28 | 000,000,680 | ---- | C] () -- C:\Users\PC\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006-11-02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012-06-08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009-04-11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009-04-11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011-07-21 00:14:52 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Ashampoo [2013-10-01 11:40:24 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\BabSolution [2013-10-01 11:40:02 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Babylon [2013-05-28 17:23:48 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\calibre [2011-02-13 14:50:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DAEMON Tools Lite [2011-02-12 15:28:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Gadu-Gadu 10 [2011-04-11 17:51:12 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\IDoser [2012-03-16 14:08:47 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ipla [2011-02-13 15:08:03 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Leadertech [2013-10-01 12:19:49 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\LibreOffice [2013-04-12 13:51:58 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\MetaQuotes [2011-02-14 19:53:34 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\OpenFM [2011-02-12 11:09:21 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\OpenOffice.org [2011-05-26 16:05:48 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\PunkBuster [2011-02-12 15:59:40 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Samsung [2013-10-28 08:15:13 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Sony [2012-02-08 22:45:07 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Sports Interactive [2013-10-18 17:07:45 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\The Creative Assembly [2011-04-29 00:22:30 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Ubisoft [2013-11-03 15:53:02 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > [/log] extras: [log]OTL Extras logfile created on: 2013-11-08 10:21:29 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\PC\Desktop\Programy Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,25 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 59,43% Memory free 6,72 Gb Paging File | 5,25 Gb Available in Paging File | 78,10% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 253,91 Gb Total Space | 50,06 Gb Free Space | 19,72% Space Free | Partition Type: NTFS Drive D: | 211,85 Gb Total Space | 28,33 Gb Free Space | 13,37% Space Free | Partition Type: NTFS Drive F: | 6,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PC-PC | User Name: PC | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-679051662-1481701582-1949037630-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{BB4B209D-6FB2-47B6-9484-0D6579A24DCB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03171311-A71B-49E3-B147-485FEDC588F3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{0D8FF729-A32F-49F4-9EC8-0A02B7643183}" = dir=in | app=c:\program files\itunes\itunes.exe | "{182A5B25-7725-48A8-9E6A-008AC48FF6B2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{236DB778-9CCD-48DD-9E8A-14F3132B1B1B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{2C7BA058-0E7B-4061-A010-614096D3B7DC}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{2F9C7D45-AC61-4423-8F86-14689960F2C5}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{344059E0-F3FD-48C3-8B31-32EF5A040978}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{45A0A518-8379-4A09-9468-C7C6049E3A71}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{47E06FB4-CC36-46D6-A317-FE5E60F182E2}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | "{49D6CA41-E800-4D3C-849A-90393D7F00C7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{4BC12CED-2D0C-4EA2-9EF1-F64FEE695CB9}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | "{6223E525-33DF-4FC2-A4BB-8784D9A02158}" = protocol=6 | dir=in | app=c:\program files\fifa 13\game\fifa13.exe | "{68D9609F-B630-45DF-BF3C-A4E1274DA829}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{7A796CED-3D10-409F-B8E9-46A53510A6DC}" = protocol=17 | dir=in | app=c:\program files\fifa 13\game\fifa13.exe | "{81FABDFC-BC29-47C6-A372-3D948A2335ED}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | "{85911EFB-BAA1-4CFB-8317-D7D6603A5358}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{9965BF4A-1895-4887-A85E-7B2813C11E5C}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{A3C73963-0D41-4CFD-AEFA-C500B265B81C}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{A9AD5E48-22C9-44F6-B2CE-9DAC60E2ABED}" = protocol=17 | dir=in | app=c:\program files\fifa 14\game\fifa14-www.skidrowcrack.com.exe | "{B159AFE0-105A-4868-9908-20B6D6BA4998}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{B1ED2C29-19F3-4B54-93BF-1E60F1981A3D}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{BE8CB2E6-58CF-473A-83BC-FDD6CF7C664B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{C9790D6C-8FE3-4928-B328-B4AD3127784D}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{F4FDEA16-8F95-4338-8AF4-6710D8697EBE}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed brotherhood\acbmp.exe | "{FE9F35F1-D336-4B4D-82FE-01F534438722}" = protocol=6 | dir=in | app=c:\program files\fifa 14\game\fifa14-www.skidrowcrack.com.exe | "TCP Query User{146E12A3-14E0-4C03-91D7-6829D447B74C}C:\windows.old\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\windows.old\program files\gadu-gadu 10\gg.exe | "TCP Query User{1F4E0FEC-4D87-4E24-861D-7D528C579921}C:\program files\black_box\the witcher 2 assassins of kings\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\black_box\the witcher 2 assassins of kings\bin\witcher2.exe | "TCP Query User{3648C002-5CAE-4F87-A0CD-E3A804A9F1D2}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{3797B213-140A-4DBC-9C4C-6E7DF5D9B980}C:\program files\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=c:\program files\total war rome ii\rome2.exe | "TCP Query User{3A7E782E-9855-4FAB-B80F-35C24E58BB83}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{5586CDA3-AAB6-41D6-B374-7C4163A18503}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{64796332-0E28-4203-A381-1D784A72FFFB}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "TCP Query User{6E6F8A4E-5E34-4C0F-B13F-E28B565F21E3}C:\program files\gadu-gadu 10\gg.exe" = protocol=6 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "TCP Query User{70B82479-2AEC-4EF0-9675-A1BCFAE421B3}C:\program files\fifa 13\game\fifa13.exe" = protocol=6 | dir=in | app=c:\program files\fifa 13\game\fifa13.exe | "TCP Query User{7B63D4E5-ED8D-485F-8F48-5E79CE864308}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "TCP Query User{85680587-6BD2-4366-8D14-D068E5335473}C:\program files\fifa 12\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\fifa 12\game\fifa.exe | "TCP Query User{874484E1-9AFF-44C3-AA09-E12E1539E80B}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "TCP Query User{9740D7C7-A2EA-42A8-9587-D6C0A8F27AF5}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | "TCP Query User{ABA7FBB2-0D6E-4A3E-BBD2-8C179C8FDDE5}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "TCP Query User{BB2EC59B-39A4-4688-A974-97DA38826011}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | "TCP Query User{CFA9B748-BFB3-4E41-A219-4FC97A7F55EF}C:\program files\total war rome ii\rome2.exe" = protocol=6 | dir=in | app=c:\program files\total war rome ii\rome2.exe | "TCP Query User{EA0C3C79-89DB-4985-B89A-FA541343C469}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | "TCP Query User{FB3C2814-7C5A-4435-85AE-6B21C163686D}C:\program files\libreoffice 4\program\soffice.bin" = protocol=6 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin | "TCP Query User{FF274A13-BA7B-4BBA-AD9E-6A1544A6B547}C:\program files\black_box\the witcher 2 assassins of kings\bin\witcher2.exe" = protocol=6 | dir=in | app=c:\program files\black_box\the witcher 2 assassins of kings\bin\witcher2.exe | "UDP Query User{09423D42-40F0-43FD-8AA4-9258D5E19824}C:\program files\black_box\the witcher 2 assassins of kings\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\black_box\the witcher 2 assassins of kings\bin\witcher2.exe | "UDP Query User{0B903FF6-415D-4C12-8F47-19C2CBE5B0D6}C:\program files\fifa 12\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\fifa 12\game\fifa.exe | "UDP Query User{2ABF2EEA-AECD-4818-AB4B-78866058C403}C:\windows.old\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\windows.old\program files\gadu-gadu 10\gg.exe | "UDP Query User{3BB73BE7-853D-4214-83F7-4279E9088029}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{52FED472-2D78-4980-B9B4-D4C844A3F6F7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | "UDP Query User{57006485-826E-4F76-939A-0AF4033E9EE1}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | "UDP Query User{6B5C3B30-6C59-4C04-9301-2741C375FA64}C:\program files\gadu-gadu 10\gg.exe" = protocol=17 | dir=in | app=c:\program files\gadu-gadu 10\gg.exe | "UDP Query User{6CA578F0-B84D-4361-8A42-ABA42F75F172}C:\program files\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files\ea sports\fifa 11\game\fifa.exe | "UDP Query User{7600D6B9-1005-433D-B377-C1778094F0D5}C:\program files\fifa 13\game\fifa13.exe" = protocol=17 | dir=in | app=c:\program files\fifa 13\game\fifa13.exe | "UDP Query User{77E67220-78DA-47CC-BC60-C3BE8C52EF93}C:\program files\libreoffice 4\program\soffice.bin" = protocol=17 | dir=in | app=c:\program files\libreoffice 4\program\soffice.bin | "UDP Query User{82D2F703-91E9-435E-974F-8E3ED35FB0CB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{A18D09A1-D586-4127-84F2-F6469B84BAD7}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | "UDP Query User{CF106776-A962-439B-9A20-3C8DCFC10C20}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{DA767BE3-6D5F-47EE-A715-9B85A7D52A2A}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | "UDP Query User{E759378D-8E7A-4656-9197-2FAB546E999B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | "UDP Query User{EABD3E3C-6EB1-4BBF-93B7-E8F1B1C6B758}C:\program files\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=c:\program files\total war rome ii\rome2.exe | "UDP Query User{F0231BC4-F99B-47B0-B31B-6C7542C02C11}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe | "UDP Query User{F5508242-299C-4BC9-9C22-9CFE616EEE8D}C:\program files\black_box\the witcher 2 assassins of kings\bin\witcher2.exe" = protocol=17 | dir=in | app=c:\program files\black_box\the witcher 2 assassins of kings\bin\witcher2.exe | "UDP Query User{F603F745-33EB-41EE-9044-457BED40EF1C}C:\program files\total war rome ii\rome2.exe" = protocol=17 | dir=in | app=c:\program files\total war rome ii\rome2.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{0BF46BBF-F160-46C2-9A69-97E33A08BF04}" = The Guild II "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1900_series" = Canon iP1900 series Printer Driver "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = BitGuard "{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45 "{321320E1-0E5A-36CB-9E52-F3B201B8C4D4}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{3F5FA47E-B4DE-45B4-85E3-11CD5E4974A3}_is1" = The Witcher 2 Assassins of Kings version 1.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III "{5C19E2DC-4CCF-3114-B40A-6E565987025F}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{5C7025FD-6BD0-4E48-8948-696E26AF6F15}" = Media Go "{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{8227BCD8-AA43-B935-7134-2732A298364A}" = Media Go Video Playback Engine 1.120.102.05010 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{8727531E-6C58-4852-A90B-39CF45E269A9}" = OpenOffice.org 3.2 "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.1 "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9B4E6CB9-E54D-47F7-A414-E2D5740E1045}" = Nero 7 Essentials "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9EFDFBA8-9174-3C61-8645-28376C5CA994}" = Microsoft .NET Framework 3.5 Language Pack SP1 - plk "{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5 "{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13 "{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1045-7B44-A95000000001}" = Adobe Reader 9.5.0 - Polish "{ACBE6747-6FC1-48DB-8E5D-E81EFCB1EC72}" = Hearts of Iron III Gold "{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Sterownik 3D Vision 311.06 "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.10.0514 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX "{BC0D2092-A74B-4439-8874-92DDA4563661}" = The Guild II - Piraci Starego Świata "{C768790F-04FB-11E0-9B2C-001AA037B01E}" = Google Earth "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{E357C7B4-E337-4E43-84F1-8FDAF1EF4038}" = calibre "{E49F0B92-AD5E-4C09-9C17-F2B52AB6001B}" = LibreOffice 4.1.2.2 "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.181 "{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}" = The Witcher 2 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition "{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "{FAB6C0F5-0CE9-47DA-B7E3-3B3F1B0137D8}" = Total War ROME II "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Advanced Video FX Engine" = Advanced Video FX Engine "ALLPlayer_is1" = ALLPlayer V4.X "Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80 "avast" = avast! Free Antivirus "Browsers Protector" = Browsers Protector "CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program "CCleaner" = CCleaner "Creative Live! Cam Center" = Creative Live! Cam Center "Creative Live! Cam Doodling" = Creative Live! Cam Doodling "Creative Live! Cam FX Creator" = Creative Live! Cam FX Creator "Creative Live! Cam Manager" = Creative Live! Cam Manager "Creative Live! Cam User's Guide" = Creative Live! Cam User's Guide "Creative Photo Manager" = Creative Photo Manager "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative VF0350" = Creative Live! Cam Video Chat or Video IM Driver (1.02.01.00) "DAEMON Tools Lite" = DAEMON Tools Lite "delta" = Delta toolbar "Delta Chrome Toolbar" = Delta Chrome Toolbar "Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX "FastStone Image Viewer" = FastStone Image Viewer 4.3 "FIFA 14_is1" = FIFA 14 version 1.0 u1 "Gadu-Gadu 10" = Gadu-Gadu 10 "I-Doser" = I-Doser Free "In Nomine_is1" = In Nomine 3.2 "InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer "InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio "KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Basic) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware wersja 1.60.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - plk" = Pakiet językowy programu Microsoft .NET Framework 3.5 z dodatkiem SP1 — PLK "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "Mozilla Firefox 25.0 (x86 pl)" = Mozilla Firefox 25.0 (x86 pl) "MozillaMaintenanceService" = Mozilla Maintenance Service "NapiProjekt_is1" = NapiProjekt 1.0.6.9 "Napoleon's Ambition_is1" = Napoleon's Ambition 2.1 "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PunkBusterSvc" = PunkBuster Services "RealAlt_is1" = Real Alternative 1.9.0 Lite "Rejestracja użytkownika drukarki Canon iP1900 series" = Rejestracja użytkownika drukarki Canon iP1900 series "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "SightSpeed" = SightSpeed (remove only) "SopCast" = SopCast 3.4.0 "SysInfo" = Creative System Information "TVUPlayer" = TVUPlayer 2.5.3.1 "Update Engine" = Sony Ericsson Update Engine "Usbfix" = UsbFix By El Desaparecido "uTorrent" = µTorrent "VLC media player" = VLC media player 1.0.5 "Winamp" = Winamp "WinRAR archiver" = Archiwizator WinRAR ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-679051662-1481701582-1949037630-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "362057353.portal.qtrax.com" = Qtrax Player "GoToMeeting" = GoToMeeting 5.5.0.1133 "Winamp Detect" = Detektor Winampa ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 2013-11-07 16:03:39 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2013-11-07 16:03:39 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2013-11-07 16:04:35 | Computer Name = PC-PC | Source = Windows Search Service | ID = 3013 Description = Error - 2013-11-07 17:06:20 | Computer Name = PC-PC | Source = MsiInstaller | ID = 11609 Description = Error - 2013-11-07 17:10:38 | Computer Name = PC-PC | Source = LoadPerf | ID = 3012 Description = Error - 2013-11-07 17:10:38 | Computer Name = PC-PC | Source = LoadPerf | ID = 3012 Description = Error - 2013-11-07 17:10:38 | Computer Name = PC-PC | Source = LoadPerf | ID = 3011 Description = Error - 2013-11-08 05:16:03 | Computer Name = PC-PC | Source = LoadPerf | ID = 3012 Description = Error - 2013-11-08 05:16:03 | Computer Name = PC-PC | Source = LoadPerf | ID = 3012 Description = Error - 2013-11-08 05:16:03 | Computer Name = PC-PC | Source = LoadPerf | ID = 3011 Description = [ System Events ] Error - 2013-11-07 14:31:09 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7038 Description = Error - 2013-11-07 14:31:09 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2013-11-07 16:02:56 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2013-11-07 16:04:33 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7034 Description = Error - 2013-11-07 16:04:34 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7031 Description = Error - 2013-11-07 17:04:56 | Computer Name = PC-PC | Source = EventLog | ID = 6008 Description = Poprzednie zamknięcie systemu przy 22:03:47 na 2013-11-07 było nieoczekiwane. Error - 2013-11-07 17:07:18 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7038 Description = Error - 2013-11-07 17:07:18 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2013-11-08 05:12:02 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7038 Description = Error - 2013-11-08 05:12:02 | Computer Name = PC-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > [/log] Poprawka: gdy uruchomiłem komputer następnym razem- wszystki problemy powróciły :/
Natsuki Kuga komentarz 9 listopada 2013 komentarz 9 listopada 2013 Spróbujemy w takim razie innym narzędziem, skoro OTL nie daje rady (nic się nie usunęło). Wykonaj log z FSS: http://www.forumpc.pl/topic/277786-nieingerencyjne-narz%C4%99dzia-do-tworzenia-log%C3%B3w-systemowych/#entry1862932
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.