GMER 1.0.15.15572 - http://www.gmer.net Rootkit scan 2011-05-02 00:28:14 Windows 5.1.2600 Dodatek Service Pack 2 Harddisk3\DR3 -> \Device\Scsi\JRAID1Port4Path0Target1Lun0 ST340014 rev. Running: p2gkec41.exe; Driver: C:\DOCUME~1\andrzej\USTAWI~1\Temp\fwncyfow.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA6FE76C0] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA6FE7770] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA6FE7810] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA6FE78B0] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB74033A0, 0x5FE082, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [71, 71] {JNO 0x73} .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [77, 71] {JA 0x73} .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [6E, 71] .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [74, 71] {JZ 0x73} .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [7A, 71] {JP 0x73} .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00BB0001 .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] WS2_32.dll!WSALookupServiceNextW 71A52E99 6 Bytes JMP 719C0F5A .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] WS2_32.dll!WSALookupServiceEnd 71A53226 6 Bytes JMP 71990F5A .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] WS2_32.dll!WSALookupServiceBeginW 71A53307 6 Bytes JMP 71A30F5A .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] WS2_32.dll!connect 71A5406A 6 Bytes JMP 71AC0F5A .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] WS2_32.dll!listen 71A588D3 6 Bytes JMP 71A90F5A .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71810F5A .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [7D, 71] {JGE 0x73} .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 71840F5A .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 718A0F5A .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] USER32.dll!SendInput + 4 77D3C458 2 Bytes [8F, 71] .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 71870F5A .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 718D0F5A .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71960F5A .text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[148] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71930F5A .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [87, 71] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [8D, 71] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [84, 71] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [8A, 71] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [90, 71] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B10001 .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71970F5A .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [93, 71] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 719A0F5A .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71A00F5A .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] USER32.dll!SendInput + 4 77D3C458 2 Bytes [A5, 71] .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 719D0F5A .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71A30F5A .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71AC0F5A .text C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe[216] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A90F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [87, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [8D, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [84, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [8A, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [90, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B20001 .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 719A0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71A00F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] USER32.dll!SendInput + 4 77D3C458 2 Bytes [A5, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 719D0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71A30F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71AC0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A90F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71970F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [93, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] WS2_32.dll!WSALookupServiceNextW 00D52E99 6 Bytes JMP 71790F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] WS2_32.dll!WSALookupServiceEnd 00D53226 6 Bytes JMP 71760F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] WS2_32.dll!WSALookupServiceBeginW 00D53307 6 Bytes JMP 717C0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] WS2_32.dll!connect 00D5406A 6 Bytes JMP 71820F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[252] WS2_32.dll!listen 00D588D3 6 Bytes JMP 717F0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [87, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [8D, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [84, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [8A, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [90, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00A90001 .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71970F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [93, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 719A0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71A00F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] USER32.dll!SendInput + 4 77D3C458 2 Bytes [A5, 71] .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 719D0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71A30F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71AC0F5A .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[276] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A90F5A .text C:\Program Files\D-Tools\daemon.exe[288] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Program Files\D-Tools\daemon.exe[288] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Program Files\D-Tools\daemon.exe[288] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\D-Tools\daemon.exe[288] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\D-Tools\daemon.exe[288] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [84, 71] .text C:\Program Files\D-Tools\daemon.exe[288] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\D-Tools\daemon.exe[288] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [7B, 71] {JNP 0x73} .text C:\Program Files\D-Tools\daemon.exe[288] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Program Files\D-Tools\daemon.exe[288] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [81, 71] .text C:\Program Files\D-Tools\daemon.exe[288] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Program Files\D-Tools\daemon.exe[288] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [87, 71] .text C:\Program Files\D-Tools\daemon.exe[288] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00A40001 .text C:\Program Files\D-Tools\daemon.exe[288] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 718E0F5A .text C:\Program Files\D-Tools\daemon.exe[288] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Program Files\D-Tools\daemon.exe[288] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [8A, 71] .text C:\Program Files\D-Tools\daemon.exe[288] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 71910F5A .text C:\Program Files\D-Tools\daemon.exe[288] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71970F5A .text C:\Program Files\D-Tools\daemon.exe[288] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Program Files\D-Tools\daemon.exe[288] USER32.dll!SendInput + 4 77D3C458 2 Bytes [9C, 71] .text C:\Program Files\D-Tools\daemon.exe[288] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 71940F5A .text C:\Program Files\D-Tools\daemon.exe[288] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 719A0F5A .text C:\Program Files\D-Tools\daemon.exe[288] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71A30F5A .text C:\Program Files\D-Tools\daemon.exe[288] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A00F5A .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [75, 71] {JNZ 0x73} .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [7B, 71] {JNP 0x73} .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [72, 71] {JB 0x73} .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [78, 71] {JS 0x73} .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\AVG\AVG10\avgtray.exe[292] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00DA0001 .text C:\Program Files\AVG\AVG10\avgtray.exe[292] WS2_32.dll!WSALookupServiceNextW 71A52E99 6 Bytes JMP 719F001E .text C:\Program Files\AVG\AVG10\avgtray.exe[292] WS2_32.dll!WSALookupServiceEnd 71A53226 6 Bytes JMP 719C001E .text C:\Program Files\AVG\AVG10\avgtray.exe[292] WS2_32.dll!WSALookupServiceBeginW 71A53307 6 Bytes JMP 71A2001E .text C:\Program Files\AVG\AVG10\avgtray.exe[292] WS2_32.dll!connect 71A5406A 6 Bytes JMP 71AB001E .text C:\Program Files\AVG\AVG10\avgtray.exe[292] WS2_32.dll!listen 71A588D3 6 Bytes JMP 71A8001E .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 7184001E .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\avgtray.exe[292] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [81, 71] .text C:\Program Files\AVG\AVG10\avgtray.exe[292] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 7187001E .text C:\Program Files\AVG\AVG10\avgtray.exe[292] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 718D001E .text C:\Program Files\AVG\AVG10\avgtray.exe[292] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Program Files\AVG\AVG10\avgtray.exe[292] USER32.dll!SendInput + 4 77D3C458 2 Bytes [93, 71] .text C:\Program Files\AVG\AVG10\avgtray.exe[292] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 718A001E .text C:\Program Files\AVG\AVG10\avgtray.exe[292] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 7190001E .text C:\Program Files\AVG\AVG10\avgtray.exe[292] USER32.dll!mouse_event 77D86321 6 Bytes JMP 7199001E .text C:\Program Files\AVG\AVG10\avgtray.exe[292] USER32.dll!keybd_event 77D86365 6 Bytes JMP 7196001E .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [87, 71] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [8D, 71] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [84, 71] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [8A, 71] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [90, 71] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B40001 .text C:\WINDOWS\system32\RUNDLL32.EXE[324] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 719A0F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[324] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71A00F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[324] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] USER32.dll!SendInput + 4 77D3C458 2 Bytes [A5, 71] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 719D0F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[324] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71A30F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[324] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71AC0F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[324] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A90F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71970F5A .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\RUNDLL32.EXE[324] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [93, 71] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [6C, 71] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [72, 71] {JB 0x73} .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [69, 71] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [6F, 71] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [75, 71] {JNZ 0x73} .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 013E0001 .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 717F0F5A .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71850F5A .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] USER32.dll!SendInput + 4 77D3C458 2 Bytes [8A, 71] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 71820F5A .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71880F5A .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71910F5A .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] USER32.dll!keybd_event 77D86365 6 Bytes JMP 718E0F5A .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 717C0F5A .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [78, 71] {JS 0x73} .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] WS2_32.dll!WSALookupServiceNextW 71A52E99 6 Bytes JMP 71970F5A .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] WS2_32.dll!WSALookupServiceEnd 71A53226 6 Bytes JMP 71940F5A .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] WS2_32.dll!WSALookupServiceBeginW 71A53307 6 Bytes JMP 719A0F5A .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] WS2_32.dll!connect 71A5406A 6 Bytes JMP 71A00F5A .text C:\PROGRA~1\WapSter\WAPSTE~1\AQQ.exe[932] WS2_32.dll!listen 71A588D3 6 Bytes JMP 719D0F5A .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [81, 71] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [87, 71] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [7E, 71] {JLE 0x73} .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [84, 71] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [8A, 71] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00E00001 .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 71940F5A .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 719A0F5A .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] USER32.dll!SendInput + 4 77D3C458 2 Bytes [9F, 71] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 71970F5A .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 719D0F5A .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71A60F5A .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A30F5A .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71910F5A .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\KiesTrayAgent.exe[1168] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [8D, 71] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [87, 71] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [8D, 71] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [84, 71] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [8A, 71] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [90, 71] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ntdll.dll!DbgUiRemoteBreakin 7C95077B 1 Byte [C3] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] KERNEL32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00A60001 .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 719A0F5A .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71A00F5A .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] USER32.dll!SendInput + 4 77D3C458 2 Bytes [A5, 71] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 719D0F5A .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71A30F5A .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71AC0F5A .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A90F5A .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71970F5A .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [93, 71] .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] WS2_32.dll!WSALookupServiceNextW 03B22E99 6 Bytes JMP 717F0F5A .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] WS2_32.dll!WSALookupServiceEnd 03B23226 6 Bytes JMP 717C0F5A .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] WS2_32.dll!WSALookupServiceBeginW 03B23307 6 Bytes JMP 71820F5A .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] WS2_32.dll!connect 03B2406A 6 Bytes JMP 71790F5A .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[1296] WS2_32.dll!listen 03B288D3 6 Bytes JMP 71760F5A .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [87, 71] .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [8D, 71] .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [84, 71] .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [8A, 71] .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1964] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [90, 71] .text C:\WINDOWS\Explorer.EXE[1964] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B80001 .text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71970F5A .text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1964] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [93, 71] .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 719A0F5A .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71A00F5A .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!SendInput + 4 77D3C458 2 Bytes [A5, 71] .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 719D0F5A .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71A30F5A .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71AC0F5A .text C:\WINDOWS\Explorer.EXE[1964] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A90F5A .text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!WSALookupServiceNextW 00EB2E99 6 Bytes JMP 717F0F5A .text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!WSALookupServiceEnd 00EB3226 6 Bytes JMP 717C0F5A .text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!WSALookupServiceBeginW 00EB3307 6 Bytes JMP 71820F5A .text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!connect 00EB406A 6 Bytes JMP 71790F5A .text C:\WINDOWS\Explorer.EXE[1964] WS2_32.dll!listen 00EB88D3 6 Bytes JMP 71760F5A .text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [7F, 71] {JG 0x73} .text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [85, 71] .text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [7C, 71] {JL 0x73} .text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [82, 71] .text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[2040] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [88, 71] .text C:\WINDOWS\RTHDCPL.EXE[2040] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01B00001 .text C:\WINDOWS\RTHDCPL.EXE[2040] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 71920F5A .text C:\WINDOWS\RTHDCPL.EXE[2040] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71980F5A .text C:\WINDOWS\RTHDCPL.EXE[2040] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[2040] USER32.dll!SendInput + 4 77D3C458 2 Bytes [9D, 71] .text C:\WINDOWS\RTHDCPL.EXE[2040] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 71950F5A .text C:\WINDOWS\RTHDCPL.EXE[2040] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 719B0F5A .text C:\WINDOWS\RTHDCPL.EXE[2040] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71A40F5A .text C:\WINDOWS\RTHDCPL.EXE[2040] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A10F5A .text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 718F0F5A .text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\RTHDCPL.EXE[2040] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [8B, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtCreateFile + 4 7C90D686 6 Bytes [87, 71, 28, 00, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [8D, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenFile + 4 7C90DD01 6 Bytes [84, 71, 68, 00, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcess + 4 7C90DD7F 6 Bytes [8A, 71, A8, 01, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [90, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00900001 .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 719A0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71A00F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] USER32.dll!SendInput + 4 77D3C458 2 Bytes [A5, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 719D0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71A30F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71AC0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A90F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71970F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [93, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] WS2_32.dll!WSALookupServiceNextW 00932E99 6 Bytes JMP 71790F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] WS2_32.dll!WSALookupServiceEnd 00933226 6 Bytes JMP 71760F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] WS2_32.dll!WSALookupServiceBeginW 00933307 6 Bytes JMP 717C0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] WS2_32.dll!connect 0093406A 6 Bytes JMP 71820F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2052] WS2_32.dll!listen 009388D3 6 Bytes JMP 717F0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile + 4 7C90D686 6 Bytes [87, 71, 28, 00, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [8D, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile + 4 7C90DD01 6 Bytes [84, 71, 68, 00, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess + 4 7C90DD7F 6 Bytes [8A, 71, A8, 01, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [90, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00900001 .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 719A0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71A00F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] USER32.dll!SendInput + 4 77D3C458 2 Bytes [A5, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 719D0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71A30F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71AC0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A90F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71970F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [93, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!WSALookupServiceNextW 00932E99 6 Bytes JMP 71790F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!WSALookupServiceEnd 00933226 6 Bytes JMP 71760F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!WSALookupServiceBeginW 00933307 6 Bytes JMP 717C0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!connect 0093406A 6 Bytes JMP 71820F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2560] WS2_32.dll!listen 009388D3 6 Bytes JMP 717F0F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [87, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [8D, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [84, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [8A, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [90, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00AC0001 .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 719A0F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71A00F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] USER32.dll!SendInput + 4 77D3C458 2 Bytes [A5, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 719D0F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71A30F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71AC0F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A90F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71970F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\p2gkec41.exe[2680] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [93, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [87, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [8D, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [84, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [8A, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [90, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B20001 .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 719A0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71A00F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] USER32.dll!SendInput + 4 77D3C458 2 Bytes [A5, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 719D0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71A30F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71AC0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A90F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71970F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [93, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] WS2_32.dll!WSALookupServiceNextW 00B52E99 6 Bytes JMP 71790F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] WS2_32.dll!WSALookupServiceEnd 00B53226 6 Bytes JMP 71760F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] WS2_32.dll!WSALookupServiceBeginW 00B53307 6 Bytes JMP 717C0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] WS2_32.dll!connect 00B5406A 6 Bytes JMP 71820F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[2700] WS2_32.dll!listen 00B588D3 6 Bytes JMP 717F0F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [87, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [8D, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ntdll.dll!NtOpenFile + 4 7C90DD01 2 Bytes [84, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ntdll.dll!NtOpenProcess + 4 7C90DD7F 2 Bytes [8A, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [90, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C40001 .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 719A0F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71A00F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] USER32.dll!SendInput + 4 77D3C458 2 Bytes [A5, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 719D0F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71A30F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71AC0F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A90F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71970F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [93, 71] .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] WS2_32.dll!WSALookupServiceNextW 01212E99 6 Bytes JMP 71730F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] WS2_32.dll!WSALookupServiceEnd 01213226 6 Bytes JMP 71700F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] WS2_32.dll!WSALookupServiceBeginW 01213307 6 Bytes JMP 71760F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] WS2_32.dll!connect 0121406A 6 Bytes JMP 717C0F5A .text C:\Documents and Settings\andrzej\Moje dokumenty\Moje gry\OTL.exe[2736] WS2_32.dll!listen 012188D3 6 Bytes JMP 71790F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtCreateFile + 4 7C90D686 6 Bytes [87, 71, 28, 00, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtCreateFile + B 7C90D68D 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [8D, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 1 Byte [28] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtMapViewOfSection + 6 7C90DC5B 4 Bytes [28, 03, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtMapViewOfSection + B 7C90DC60 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenFile 7C90DCFD 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenFile + 4 7C90DD01 6 Bytes [84, 71, 68, 00, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenFile + B 7C90DD08 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcess 7C90DD7B 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcess + 4 7C90DD7F 6 Bytes [8A, 71, A8, 01, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcess + B 7C90DD86 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessToken + 6 7C90DD96 4 Bytes CALL 7B90F39C .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessToken + B 7C90DD9B 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessTokenEx + 6 7C90DDAB 4 Bytes [A8, 02, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenProcessTokenEx + B 7C90DDB0 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThread + 6 7C90DDFF 4 Bytes [68, 01, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThread + B 7C90DE04 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadToken + 6 7C90DE14 4 Bytes [68, 02, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadToken + B 7C90DE19 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadTokenEx + 6 7C90DE29 4 Bytes CALL 7B90F430 .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtOpenThreadTokenEx + B 7C90DE2E 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryAttributesFile + 6 7C90DEE6 4 Bytes [A8, 00, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryAttributesFile + B 7C90DEEB 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryFullAttributesFile + 6 7C90DFB8 4 Bytes CALL 7B90F5BD .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtQueryFullAttributesFile + B 7C90DFBD 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationFile + 6 7C90E5DF 4 Bytes [28, 01, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationFile + B 7C90E5E4 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationThread + 6 7C90E648 4 Bytes [28, 02, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetInformationThread + B 7C90E64D 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [90, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 1 Byte [68] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtUnmapViewOfSection + 6 7C90E966 4 Bytes [68, 03, 16, 00] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ntdll.dll!NtUnmapViewOfSection + B 7C90E96B 1 Byte [E2] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00900001 .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!PostMessageW 77D38CA3 6 Bytes JMP 719A0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!SendMessageW 77D3B762 6 Bytes JMP 71A00F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!SendInput 77D3C454 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!SendInput + 4 77D3C458 2 Bytes [A5, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!PostMessageA 77D3DB62 6 Bytes JMP 719D0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!SendMessageA 77D3E2AE 6 Bytes JMP 71A30F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!mouse_event 77D86321 6 Bytes JMP 71AC0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] USER32.dll!keybd_event 77D86365 6 Bytes JMP 71A90F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ADVAPI32.dll!CreateServiceA 77E27071 6 Bytes JMP 71970F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ADVAPI32.dll!CreateServiceW 77E27209 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] ADVAPI32.dll!CreateServiceW + 4 77E2720D 2 Bytes [93, 71] .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] WS2_32.dll!WSALookupServiceNextW 00932E99 6 Bytes JMP 71790F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] WS2_32.dll!WSALookupServiceEnd 00933226 6 Bytes JMP 71760F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] WS2_32.dll!WSALookupServiceBeginW 00933307 6 Bytes JMP 717C0F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] WS2_32.dll!connect 0093406A 6 Bytes JMP 71820F5A .text C:\Documents and Settings\andrzej\Ustawienia lokalne\Dane aplikacji\Google\Chrome\Application\chrome.exe[3644] WS2_32.dll!listen 009388D3 6 Bytes JMP 717F0F5A ---- Devices - GMER 1.0.15 ---- Device \FileSystem\Ntfs \Ntfs 8AF520AC AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) Device \FileSystem\Fastfat \FatCdrom 8AB226DC AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \Driver\Cdrom \Device\CdRom0 8AAEF008 Device \FileSystem\Rdbss \Device\FsWrap 8A7BE234 Device \Driver\atapi \Device\Ide\IdePort0 8AB1A008 Device \Driver\atapi \Device\Ide\IdePort1 8AB1A008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 8AB1A008 Device \Driver\atapi \Device\Ide\IdePort2 8AB1A008 Device \Driver\atapi \Device\Ide\IdePort3 8AB1A008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c 8AB1A008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-19 8AB1A008 Device \Driver\Cdrom \Device\CdRom1 8AAEF008 Device \Driver\Cdrom \Device\CdRom2 8AAEF008 Device \FileSystem\InCDfs \Device\InCDfsComm 8A119474 Device \FileSystem\Srv \Device\LanmanServer 8A841B9C AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A43E0AC Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A43E0AC Device \FileSystem\Npfs \Device\NamedPipe 8A11BBCC Device \FileSystem\Msfs \Device\Mailslot 8A11BC3C Device \Driver\d344prt \Device\Scsi\d344prt1Port5Path0Target1Lun0 8AACE7D8 Device \Driver\d344prt \Device\Scsi\d344prt1 8AACE7D8 Device \Driver\d344prt \Device\Scsi\d344prt1Port5Path0Target0Lun0 8AACE7D8 Device \FileSystem\Fastfat \Fat 8AB226DC AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG) AttachedDevice \FileSystem\Fastfat \Fat 8A7EDE94 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8AA489F4 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8AA489F4 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8AA489F4 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8AA489F4 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8AA489F4 Device \FileSystem\InCDfs \GLOBAL??\BsUDF 8A119474 Device \FileSystem\Cdfs \Cdfs 8A8B44A4 ---- Modules - GMER 1.0.15 ---- Module _________ F7477000-F748F000 (98304 bytes) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\Temp\avg-6d611c6f-52c9-4253-ac76-b95a69fcd407.tmp 0 bytes File C:\WINDOWS\Temp\avg-6d69022e-511a-494d-8474-2a2a6ede733f.tmp 0 bytes File C:\WINDOWS\Temp\avg-6db2b137-524c-4911-ada3-ac1c6d2d736f.tmp 0 bytes File C:\WINDOWS\Temp\avg-6dbd636d-d1eb-4c6a-83b0-c55e726ab549.tmp 0 bytes File C:\WINDOWS\Temp\avg-6dd5037e-6c5f-4912-b1c8-a313b6d06729.tmp 0 bytes File C:\WINDOWS\Temp\avg-6df5e719-6518-4257-b71e-3a3cc6ca3a2f.tmp 0 bytes File C:\WINDOWS\Temp\avg-6e64ba4c-f1dd-4103-b6c4-d01130b8ed72.tmp 0 bytes File C:\WINDOWS\Temp\avg-6e892b56-ceba-433b-ad91-034c24497249.tmp 0 bytes File C:\WINDOWS\Temp\avg-e721d321-a4e3-415c-a169-1b07f9537525.tmp 0 bytes File C:\WINDOWS\Temp\avg-e766f851-f6f0-4b36-b0dc-5d2c168a4776.tmp 0 bytes File C:\WINDOWS\Temp\avg-e7c5687d-5c4d-4f56-ab30-a250aed72757.tmp 0 bytes File C:\WINDOWS\Temp\avg-e7cb2b10-5cdb-4662-878d-b3782ae33135.tmp 200506 bytes File C:\WINDOWS\Temp\avg-e8bf3811-570d-4c59-954b-f35f6f5e880d.tmp 0 bytes File C:\WINDOWS\Temp\avg-e923b70e-c8a7-4140-a54f-77585df80d4d.tmp 0 bytes File C:\WINDOWS\Temp\avg-eabf8a25-320c-4407-9503-5c3b94498d11.tmp 0 bytes File C:\WINDOWS\Temp\avg-eace8a3f-31cc-4d1a-a484-66036a166575.tmp 0 bytes File C:\WINDOWS\Temp\avg-eadbbb4e-16d4-492c-ac1e-ce2183c1b701.tmp 0 bytes File C:\WINDOWS\Temp\avg-93c43913-0385-4422-850c-8d6cc541e023.tmp 0 bytes File C:\WINDOWS\Temp\avg-944df67c-1a33-4965-8779-69224f2df421.tmp 0 bytes File C:\WINDOWS\Temp\avg-946e5754-e33d-4b67-8b2e-7b780e2bf97f.tmp 0 bytes File C:\WINDOWS\Temp\avg-94b2f726-d0c6-4970-9ad6-b942e1d72b6f.tmp 0 bytes File C:\WINDOWS\Temp\avg-94e1aa2d-ff1d-4865-a150-e24a93112419.tmp 0 bytes File C:\WINDOWS\Temp\avg-da1f7b65-2160-405b-b8a9-a77cc319d342.tmp 365 bytes File C:\WINDOWS\Temp\avg-dafac821-a1c1-4924-93e8-d27cc252c67b.tmp 0 bytes File C:\WINDOWS\Temp\avg-db44b361-0a1d-4c45-a5e8-673e1dd5972f.tmp 0 bytes File C:\WINDOWS\Temp\avg-6f42285c-3610-401c-8b43-a670bbec2b72.tmp 0 bytes File C:\WINDOWS\Temp\avg-6fa3f734-d17b-4531-849e-6b64d4f90954.tmp 0 bytes File C:\WINDOWS\Temp\avg-6fda490f-236c-4f68-8a2f-a56d4aae7f1d.tmp 0 bytes File C:\WINDOWS\Temp\avg-6feb6867-52be-4c15-be58-b6539d6f0559.tmp 0 bytes File C:\WINDOWS\Temp\avg-70279208-0c33-4853-b700-405ada514044.tmp 0 bytes File C:\WINDOWS\Temp\avg-a041416b-5768-4651-8bc6-e15aa98a706e.tmp 8226 bytes File C:\WINDOWS\Temp\avg-a0bf440f-068f-4516-89ac-52470d55f75c.tmp 0 bytes File C:\WINDOWS\Temp\avg-a1362f3a-4112-4579-a0fc-f27a2b11f764.tmp 0 bytes File C:\WINDOWS\Temp\avg-a2b7c32b-3d88-440f-bd22-642d3d4c3402.tmp 0 bytes File C:\WINDOWS\Temp\avg-a42f3b4a-9650-4922-99f9-4e7c38326045.tmp 0 bytes File C:\WINDOWS\Temp\avg-a4601d42-7c19-4c3f-aeb6-2a31960dcc67.tmp 0 bytes File C:\WINDOWS\Temp\avg-a4831176-9604-4e09-9980-6f6139b63c66.tmp 0 bytes File C:\WINDOWS\Temp\avg-a4b1c55a-60f3-480f-8644-266588956a58.tmp 0 bytes File C:\WINDOWS\Temp\avg-a4d1cd4f-fb9f-4805-8f44-da7871fe4f07.tmp 0 bytes File C:\WINDOWS\Temp\avg-a4d23d65-e14f-4040-9371-c74230ff9e33.tmp 0 bytes File C:\WINDOWS\Temp\avg-f713a87e-ece6-431c-9734-9b7855c6935e.tmp 0 bytes File C:\WINDOWS\Temp\avg-f7931d56-8659-4225-89ed-5c52a9540b25.tmp 0 bytes File C:\WINDOWS\Temp\avg-f7ad7612-ebc7-4957-936b-35187abf2e57.tmp 0 bytes File C:\WINDOWS\Temp\avg-f7e08955-6c43-4c00-b112-9a1c5198730a.tmp 0 bytes File C:\WINDOWS\Temp\avg-f80c6e1f-034e-4052-b206-1e66797b3476.tmp 0 bytes File C:\WINDOWS\Temp\avg-f8556948-82c9-4a26-a478-71231761a101.tmp 0 bytes File C:\WINDOWS\Temp\avg-f8a71733-0bff-4903-96d6-a842996c977a.tmp 95849 bytes File C:\WINDOWS\Temp\avg-b2179a73-ba39-4e61-943e-cd5e194ab738.tmp 0 bytes File C:\WINDOWS\Temp\avg-b21c543a-6836-4b0a-9f49-05265cbeff4d.tmp 0 bytes File C:\WINDOWS\Temp\avg-b233d913-e70b-4755-9cca-107e0660ad45.tmp 0 bytes File C:\WINDOWS\Temp\avg-b2589164-b113-4369-a3c8-f676e5859202.tmp 0 bytes File C:\WINDOWS\Temp\avg-b2637307-399a-4701-997e-e86bf989da2a.tmp 0 bytes File C:\WINDOWS\Temp\avg-b35d024b-350b-4f4c-ace8-102d31a5a870.tmp 0 bytes File C:\WINDOWS\Temp\avg-b3702120-a356-4256-ae37-f969fa955548.tmp 0 bytes File C:\WINDOWS\Temp\avg-b37ea072-b5d2-4344-b425-5407b0aab70f.tmp 0 bytes File C:\WINDOWS\Temp\avg-b3f98226-b635-4460-b19d-795f910f2b76.tmp 0 bytes File C:\WINDOWS\Temp\avg-cc5e7132-48a4-452d-92ad-c46dd208420e.tmp 0 bytes File C:\WINDOWS\Temp\avg-cd37884a-7a3f-4575-9c1e-4443f313ff60.tmp 0 bytes File C:\WINDOWS\Temp\avg-cd641702-b19f-4c0b-a354-247b6d8ee30d.tmp 0 bytes File C:\WINDOWS\Temp\avg-cd83013f-4435-4703-9311-250995cc4565.tmp 0 bytes File C:\WINDOWS\Temp\avg-76bbde4f-020f-463a-9c13-4a52c6437f63.tmp 0 bytes File C:\WINDOWS\Temp\avg-76d3bd0d-4b7c-496c-9504-880d6f93f37e.tmp 0 bytes File C:\WINDOWS\Temp\avg-76e9fe5e-96a2-4138-9049-5e45b6687122.tmp 0 bytes File C:\WINDOWS\Temp\avg-78050d38-684e-4f2d-9708-e8577aec1953.tmp 0 bytes File C:\WINDOWS\Temp\avg-8714083c-96fc-4b06-b6fe-742ef032fb02.tmp 0 bytes File C:\WINDOWS\Temp\avg-875fc968-aa30-4f34-8d49-69790c4afa5e.tmp 0 bytes File C:\WINDOWS\Temp\avg-87c9845d-a933-4060-aee0-f87fe933f575.tmp 0 bytes File C:\WINDOWS\Temp\avg-8866086b-ff99-486e-8f2c-714fb1b5bb1c.tmp 0 bytes File C:\WINDOWS\Temp\avg-8877b417-8000-4765-b833-e00b2f18546e.tmp 0 bytes File C:\WINDOWS\Temp\avg-ab24955b-086c-4d40-a544-bb75b731cc3c.tmp 0 bytes File C:\WINDOWS\Temp\avg-ac49e562-d7e7-4475-baf2-ba7441f29f1b.tmp 0 bytes File C:\WINDOWS\Temp\avg-aca0cf75-28f2-4301-b336-156322ee9c32.tmp 0 bytes File C:\WINDOWS\Temp\avg-ad92361f-2cca-4335-9e18-e6232becb274.tmp 0 bytes File C:\WINDOWS\Temp\avg-ad9ecd30-3fc6-4451-aa5c-f175f2ef6122.tmp 0 bytes File C:\WINDOWS\Temp\avg-add7e323-c0f3-447e-af72-a731363d962c.tmp 0 bytes File C:\WINDOWS\Temp\avg-eb6f1813-9b0a-417b-8b9a-966ba974da44.tmp 0 bytes File C:\WINDOWS\Temp\avg-eb877838-80e3-451e-a574-f71009c9a975.tmp 0 bytes File C:\WINDOWS\Temp\avg-ebd3ad13-b666-4f42-b889-6540f0886572.tmp 0 bytes File C:\WINDOWS\Temp\avg-ec88c60e-32ef-4442-95f2-da20f997945d.tmp 0 bytes File C:\WINDOWS\Temp\avg-ecf3e261-7ba4-4c09-9804-3e28cf97df21.tmp 0 bytes File C:\WINDOWS\Temp\avg-ed30746c-6c0b-4123-9e51-fd18a0801b42.tmp 0 bytes File C:\WINDOWS\Temp\avg-ed456c58-7f9f-4e30-a184-a312814f1926.tmp 0 bytes File C:\WINDOWS\Temp\avg-edb1b33e-1ae4-4e73-a1b6-4f611c139058.tmp 0 bytes File C:\WINDOWS\Temp\avg-edc5bf7a-6cb2-4b4a-848d-be1e6f93b55a.tmp 0 bytes File C:\WINDOWS\Temp\avg-ee208500-e9eb-400d-aee3-4160c342761c.tmp 0 bytes File C:\WINDOWS\Temp\avg-bdb55b73-6b66-4202-80be-f320e655085d.tmp 0 bytes File C:\WINDOWS\Temp\avg-be86512e-395a-4370-b4c5-443e0b055a5e.tmp 0 bytes File C:\WINDOWS\Temp\avg-be8c3a6d-b872-4403-9eee-3b3d45698d35.tmp 0 bytes File C:\WINDOWS\Temp\avg-bed4f930-0abe-4b70-809b-51263785876c.tmp 0 bytes File C:\WINDOWS\Temp\avg-c079483a-a549-4c49-a507-0876b7b3fa61.tmp 0 bytes File C:\WINDOWS\Temp\avg-c0c7bb6b-f7b1-4c6b-8721-c5502aa4fd6d.tmp 0 bytes File C:\WINDOWS\Temp\avg-c0dcc772-f7e8-4a24-9988-2262942eb519.tmp 0 bytes File C:\WINDOWS\Temp\avg-c1274116-d888-4d13-bd9e-9106fcf85406.tmp 0 bytes File C:\WINDOWS\Temp\avg-c16c7c41-d846-455f-a2ea-d005e1b1d54e.tmp 0 bytes File C:\WINDOWS\Temp\avg-818d0235-18e7-4602-a2e5-9c60d885e722.tmp 0 bytes File C:\WINDOWS\Temp\avg-8196764e-cfcf-4e39-83de-243dea0a5c0f.tmp 0 bytes File C:\WINDOWS\Temp\avg-81f6f602-8583-4c1a-b2a7-e81a146a5d73.tmp 0 bytes File C:\WINDOWS\Temp\avg-82fa3802-9cd8-4616-b3cc-5c0936f8db33.tmp 0 bytes File C:\WINDOWS\Temp\avg-83c2e961-0d83-4521-8d01-984020345a16.tmp 0 bytes File C:\WINDOWS\Temp\avg-84a49506-6f02-4549-bf6e-ea532a5d6419.tmp 0 bytes File C:\WINDOWS\Temp\avg-86124f43-1241-4510-ad23-816adbd57b2a.tmp 0 bytes File C:\WINDOWS\Temp\avg-86176f7b-4121-421b-bc5d-da32936b803b.tmp 0 bytes File C:\WINDOWS\Temp\avg-86763a47-4127-4171-851a-e8229899c974.tmp 0 bytes File C:\WINDOWS\Temp\avg-869cb706-2683-425f-8599-e64c320ff326.tmp 0 bytes File C:\WINDOWS\Temp\avg-d2c2e964-ed60-410f-ac16-945c8396be70.tmp 0 bytes File C:\WINDOWS\Temp\avg-d460a63b-3f95-4f75-a1a0-412e258e4f66.tmp 0 bytes File C:\WINDOWS\Temp\avg-d5091510-fa1a-4700-af59-10533ebb4366.tmp 0 bytes File C:\WINDOWS\Temp\avg-d54e5620-f971-4766-ab6e-8773ad9c8a70.tmp 0 bytes File C:\WINDOWS\Temp\avg-d598086e-95c6-460c-a75d-543189bf522e.tmp 0 bytes File C:\WINDOWS\Temp\avg-d5983f7f-fa4b-422c-9527-8d34a82f0d1b.tmp 0 bytes File C:\WINDOWS\Temp\avg-fc187162-a63f-4c51-a145-d16b9c9fd659.tmp 0 bytes File C:\WINDOWS\Temp\avg-fc44db4a-142a-4c57-871e-993b976e1d10.tmp 0 bytes File C:\WINDOWS\Temp\avg-fc7a6d1f-42ca-410b-af39-69271124253e.tmp 0 bytes File C:\WINDOWS\Temp\avg-fda3fb26-f402-4514-9fa4-072eaef22e6e.tmp 0 bytes File C:\WINDOWS\Temp\avg-fdcb5c21-98fe-4d3f-909a-732f2caaf22c.tmp 0 bytes File C:\WINDOWS\Temp\avg-fe3e9d73-80fb-4f14-9c97-ef64ab29644e.tmp 0 bytes File C:\WINDOWS\Temp\avg-fe57245f-f9b8-4567-91eb-224c84b7983a.tmp 0 bytes File C:\WINDOWS\Temp\avg-fecea466-653c-4924-b8ba-860043cb392d.tmp 0 bytes File C:\WINDOWS\Temp\avg-fef24a6f-79fe-4407-87b7-a312970eff65.tmp 0 bytes File C:\WINDOWS\Temp\avg-738aea54-6240-4d3e-858f-0d06df2e1446.tmp 0 bytes File C:\WINDOWS\Temp\avg-7a1be154-55f8-425e-95dc-252a70876b50.tmp 0 bytes File C:\WINDOWS\Temp\avg-7ca6b27e-264e-4a5c-8e49-7834b5eb364e.tmp 0 bytes File C:\WINDOWS\Temp\avg-8070d344-2f11-4942-918d-4074285f5b1b.tmp 0 bytes File C:\WINDOWS\Temp\avg-8b92c519-4eaa-4b57-917f-4f2ef0bbf43a.tmp 0 bytes File C:\WINDOWS\Temp\avg-9622884a-bd96-4b36-a1af-567754ae3d49.tmp 0 bytes File C:\WINDOWS\Temp\avg-99c1de41-0b05-4f63-bbda-f7777ed42245.tmp 0 bytes File C:\WINDOWS\Temp\avg-a6a3c74e-6887-4e25-85a8-2022fcdc101f.tmp 0 bytes File C:\WINDOWS\Temp\avg-aab61d67-f242-427c-a8b7-1574a0c60707.tmp 0 bytes File C:\WINDOWS\Temp\avg-c22ea035-4ac1-4f29-bfcb-782c74084163.tmp 0 bytes File C:\WINDOWS\Temp\avg-c25a6479-c15c-4f16-9994-3279b0a96d29.tmp 0 bytes File C:\WINDOWS\Temp\avg-c293ac26-c960-4c09-bc7f-4433ee729a74.tmp 0 bytes File C:\WINDOWS\Temp\avg-c32ac346-17fc-4909-b980-143f2cfb2d4b.tmp 0 bytes File C:\WINDOWS\Temp\avg-c4e2b63e-0109-4133-98c4-b55e231e3064.tmp 0 bytes File C:\WINDOWS\Temp\avg-c6e44f0e-0054-4f13-8b3c-2d7a7ac89e30.tmp 0 bytes File C:\WINDOWS\Temp\avg-b42d5a5f-1f77-4a76-81ff-e121b39cb047.tmp 0 bytes File C:\WINDOWS\Temp\avg-b50eef75-07ea-4505-968c-f97f518fe676.tmp 0 bytes File C:\WINDOWS\Temp\avg-b54f9e6b-ec15-437d-b23d-52781e757310.tmp 0 bytes File C:\WINDOWS\Temp\avg-b5ae5224-2223-4c06-aaf1-3b1f8518870b.tmp 0 bytes File C:\WINDOWS\Temp\avg-b5b7df0a-079a-4577-854e-cb100418b22e.tmp 0 bytes File C:\WINDOWS\Temp\avg-b5c29859-a317-4037-9328-f22396ccdc73.tmp 0 bytes File C:\WINDOWS\Temp\avg-b5d80b0e-f52d-4b49-b446-c0701eac8753.tmp 0 bytes File C:\WINDOWS\Temp\avg-b61b415d-42b2-4601-9caf-0c7573eb8c7e.tmp 0 bytes File C:\WINDOWS\Temp\avg-b782241a-5958-4c5d-a7ad-a32cdb77fe22.tmp 0 bytes File C:\WINDOWS\Temp\avg-a6a63473-4e04-4f75-9a26-601175a84d10.tmp 0 bytes File C:\WINDOWS\Temp\avg-a6e7d13f-b2fc-4845-b1c4-ce41feca153f.tmp 0 bytes File C:\WINDOWS\Temp\avg-a7779138-37c0-4b46-8744-046ae938eb26.tmp 0 bytes File C:\WINDOWS\Temp\avg-a7ed914c-e4d1-4531-a00d-fc1aea450a05.tmp 0 bytes File C:\WINDOWS\Temp\avg-a8b36429-1827-4449-881a-cd5693b93967.tmp 0 bytes File C:\WINDOWS\Temp\avg-a8cbaa1b-3334-4903-bdd8-6e45bd2bc94a.tmp 0 bytes File C:\WINDOWS\Temp\avg-a8f9ac74-9fa7-4160-af94-8e643f3c8401.tmp 0 bytes File C:\WINDOWS\Temp\avg-a92efe75-3722-476f-a288-630b69f09a15.tmp 0 bytes File C:\WINDOWS\Temp\avg-aa219758-f26e-4241-9e6e-323c73b3ec70.tmp 0 bytes File C:\WINDOWS\Temp\avg-aa2c966f-e9ae-4927-9baa-972a0bf3df0f.tmp 0 bytes File C:\WINDOWS\Temp\avg-8bc82736-3bd0-495e-9861-13168f050969.tmp 0 bytes File C:\WINDOWS\Temp\avg-8bfedb24-cee9-4a1c-88de-ca56b7ac0708.tmp 0 bytes File C:\WINDOWS\Temp\avg-8dd3500d-3ac5-4e35-81b4-dd6d21ceca29.tmp 0 bytes File C:\WINDOWS\Temp\avg-8f085c4c-56d6-4838-9143-4675de54950c.tmp 0 bytes File C:\WINDOWS\Temp\avg-902e076e-404d-4e1d-a588-352dca78a655.tmp 0 bytes File C:\WINDOWS\Temp\avg-91b37460-b199-4c2c-b644-a7030bcba151.tmp 0 bytes File C:\WINDOWS\Temp\avg-92420976-3411-4359-a677-0f6b4dbdcf78.tmp 0 bytes File C:\WINDOWS\Temp\avg-92bab530-9a48-4331-8796-dc2269fcba4b.tmp 0 bytes File C:\WINDOWS\Temp\avg-92e03c77-616b-4e01-bb0a-da11c1273937 0 bytes File C:\WINDOWS\Temp\avg-f3954647-fe19-402f-8ab4-ed7f3ff3b164.tmp 0 bytes File C:\WINDOWS\Temp\avg-f3e46d04-e35b-4e1e-aef1-764cd52cbb53.tmp 0 bytes File C:\WINDOWS\Temp\avg-f4127977-cbf1-4c25-8dc8-656e8cf8074e.tmp 0 bytes File C:\WINDOWS\Temp\avg-f439bc0b-3122-460a-a472-764fbb3fc129.tmp 0 bytes File C:\WINDOWS\Temp\avg-f454ee0e-4468-4b28-898b-6c2bc3fc731f.tmp 0 bytes File C:\WINDOWS\Temp\avg-f472c07d-fabe-4134-9ca8-2a42f3546f76.tmp 0 bytes File C:\WINDOWS\Temp\avg-f62bd069-9d25-4b4b-8a74-e24c91ebdf1d.tmp 0 bytes File C:\WINDOWS\Temp\avg-d71ee55a-7919-402a-99ce-1202b8171c34.tmp 0 bytes File C:\WINDOWS\Temp\avg-d74be625-7af6-4071-9499-21642352044f.tmp 0 bytes File C:\WINDOWS\Temp\avg-d76c235d-7941-4218-ace3-6874832de357.tmp 0 bytes File C:\WINDOWS\Temp\avg-d77a451d-4cea-497d-b669-3b2d319a9948.tmp 0 bytes File C:\WINDOWS\Temp\avg-d7a2ac07-14a2-4807-86d0-d975aee56d03.tmp 0 bytes File C:\WINDOWS\Temp\avg-d7c9d60a-5e1c-460e-bef5-8306b8122c68.tmp 0 bytes File C:\WINDOWS\Temp\avg-d7e58577-797a-4346-9993-88694b8aa141.tmp 0 bytes File C:\WINDOWS\Temp\avg-7d1fb659-7530-4b2f-883c-747953bae944.tmp 0 bytes File C:\WINDOWS\Temp\avg-7da6c126-f4b8-4d7e-83e9-3d35abb14768.tmp 0 bytes File C:\WINDOWS\Temp\avg-7dcc852d-62b2-4651-bd90-315197b58420.tmp 0 bytes File C:\WINDOWS\Temp\avg-7ea79d5d-4a1e-4936-bf70-0b2c8e2afd4d.tmp 0 bytes File C:\WINDOWS\Temp\avg-7ebf607f-7894-445a-9474-a946be835c62.tmp 0 bytes File C:\WINDOWS\Temp\avg-7f310a7b-e9e0-4e6d-ae0a-452a44d64908.tmp 0 bytes File C:\WINDOWS\Temp\avg-7f5bfc1f-4f0a-4d1a-8daf-a62ae880c85c.tmp 0 bytes File C:\WINDOWS\Temp\avg-7f60e04d-6175-4360-808a-406ce5d38d48.tmp 0 bytes File C:\WINDOWS\Temp\avg-7fd77144-6adc-4e34-8dcb-1a2ccc9fa804.tmp 0 bytes File C:\WINDOWS\Temp\avg-9aa5e71e-f5b0-435f-b440-ee398361914a.tmp 0 bytes File C:\WINDOWS\Temp\avg-9c66fa3c-18bd-4311-a210-a6238efb7037.tmp 0 bytes File C:\WINDOWS\Temp\avg-9c78a859-9800-416e-a3da-a979928f6509.tmp 0 bytes File C:\WINDOWS\Temp\avg-9c873746-e19a-410e-9b84-8904b0774054.tmp 0 bytes File C:\WINDOWS\Temp\avg-9dd0321c-82bb-4d1e-9d02-3c07ca962f69.tmp 0 bytes File C:\WINDOWS\Temp\avg-9e6d5c42-06d4-4b22-ad67-3c5b5a70815d.tmp 200020 bytes File C:\WINDOWS\Temp\avg-b876ea06-4a4b-405e-912f-6a0eb117bd53.tmp 0 bytes File C:\WINDOWS\Temp\avg-b971c06c-34a6-4166-a609-ce3f4d9f8b79.tmp 0 bytes File C:\WINDOWS\Temp\avg-b9ce3845-7ef9-4063-9dd9-8b656fcc4b5e.tmp 0 bytes File C:\WINDOWS\Temp\avg-bc35a06e-66ca-4b7f-8640-6e1f4014410e.tmp 0 bytes File C:\WINDOWS\Temp\avg-bcfd4e0b-d32e-400a-9545-27469429c42d.tmp 0 bytes File C:\WINDOWS\Temp\cb58153f-6579-48f8-b660-e74e5281ef3d.zip 821 bytes File C:\WINDOWS\Temp\dbd54155-1c75-4bf4-b01a-8b6f79bcfbb0.zip 745 bytes File C:\WINDOWS\Temp\de9c8225-34ab-41df-bd88-1b52701cbbcb.zip 868 bytes File C:\WINDOWS\Temp\mtrap_debug.log 2734 bytes File C:\WINDOWS\Temp\orgaur59.TMP 616448 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_5f0.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_860.dat 16384 bytes File C:\WINDOWS\Temp\avg-e4e62043-d62d-4874-bda6-881ffd7eb377.tmp 0 bytes File C:\WINDOWS\Temp\avg-e5ddc354-24c7-4f53-8e4d-eb0a75110a15.tmp 0 bytes File C:\WINDOWS\Temp\avg-e6601b71-2174-474e-9490-810b91135950.tmp 0 bytes File C:\WINDOWS\Temp\avg-e66a834a-8ec2-4113-8942-2d1c687a6b24.tmp 201185 bytes executable File C:\WINDOWS\Temp\avg-e696cb2b-8616-4d38-81c7-e45c8e42d84e.tmp 0 bytes File C:\WINDOWS\Temp\avg-e6ce054f-8d63-424e-9ff2-ce7fef71d33a.tmp 0 bytes File C:\WINDOWS\Temp\avg-efd5544d-6c21-494a-84de-42006e6cea7a.tmp 0 bytes File C:\WINDOWS\Temp\avg-f0871362-56d4-4e0b-98a0-1f7510c69829.tmp 0 bytes File C:\WINDOWS\Temp\avg-f08c8823-a8c2-4e1b-8d2a-8846cc0b7849.tmp 0 bytes File C:\WINDOWS\Temp\avg-f191736f-75f9-4d40-87fb-384771ee4312.tmp 0 bytes File C:\WINDOWS\Temp\avg-f28ff97f-2730-446f-b6eb-37325dc92b35.tmp 0 bytes File C:\WINDOWS\Temp\avg-f294b537-a749-427b-9b88-ae2f5d0c0d1a.tmp 0 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_99c.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_9f8.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_a70.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_b94.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_c70.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_ce4.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_d14.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_de8.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_e1c.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_e34.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_efc.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_f0c.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_f1c.dat 16384 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_fac.dat 16384 bytes File C:\WINDOWS\Temp\rules.ini 184 bytes File C:\WINDOWS\Temp\avg-c1d06f62-e0d4-473f-988f-825b90811c0b.tmp 0 bytes File C:\WINDOWS\Temp\avg-df446572-af22-4e50-b780-895c9a1c1f66.tmp 0 bytes File C:\WINDOWS\Temp\avg-e49a9244-4f60-4d3e-966e-0439d023bf5f.tmp 0 bytes File C:\WINDOWS\Temp\avg-eb004118-2ec3-486d-a840-3b7db27c8d18.tmp 0 bytes File C:\WINDOWS\Temp\avg-f373a37d-e385-4e2b-ae0e-fa695573ed13.tmp 0 bytes File C:\WINDOWS\Temp\Perflib_Perfdata_8c8.dat 16384 bytes File C:\WINDOWS\Temp\avg-693f1645-e4b1-4e21-bb5e-d73beadf5d74.tmp 0 bytes File C:\WINDOWS\Temp\avg-6b9aba2e-1ac5-4365-a1c9-a3401450d37b.tmp 0 bytes File C:\WINDOWS\Temp\avg-6c28ed03-1754-4305-a698-111932513749.tmp 0 bytes File C:\WINDOWS\Temp\avg-6c3eb05d-1ebb-4873-85cc-61212997fb65.tmp 0 bytes File C:\WINDOWS\Temp\avg-6c7fa21a-e9d3-4c5c-80bc-78540b2f421e.tmp 0 bytes File C:\WINDOWS\Temp\avg-f9bf1e42-6cba-4c3d-a8a0-1a7173e7d539.tmp 0 bytes File C:\WINDOWS\Temp\avg-f9bf651e-d938-4574-8c2f-bc78e46a5f41.tmp 0 bytes File C:\WINDOWS\Temp\avg-f9f83c7e-be08-4f02-b9cf-042611edae72.tmp 0 bytes File C:\WINDOWS\Temp\avg-fa9c9636-5577-4a35-8327-a36eb3188118.tmp 0 bytes File C:\WINDOWS\Temp\avg-fb410e0e-2b5b-457c-bf7c-6e65a2edcd08.tmp 0 bytes File C:\WINDOWS\Temp\avg-fbb9dd24-3e50-4102-b844-5a05deefb476.tmp 0 bytes File C:\WINDOWS\Temp\avg-fbc32c6a-be8e-4978-a6c9-ec29e0be4430.tmp 0 bytes File C:\WINDOWS\Temp\avg-fbd3306d-abdb-447a-9a42-1652b58f874d.tmp 0 bytes File C:\WINDOWS\Temp\avg-c82cfb49-ed56-4706-925c-d7706c361524.tmp 0 bytes File C:\WINDOWS\Temp\avg-c8ea6469-24f5-4c5f-8e1f-b70308a12876.tmp 0 bytes File C:\WINDOWS\Temp\avg-c9d7c63a-a84e-4662-98e7-bf028762434f.tmp 0 bytes File C:\WINDOWS\Temp\avg-c9f09a69-bbbe-4d62-858d-cf602926115c.tmp 0 bytes File C:\WINDOWS\Temp\avg-cafe6839-a5f2-4a3a-bfb3-b21b4f22ff0e.tmp 0 bytes File C:\WINDOWS\Temp\avg-cb07853d-738d-4768-b6cc-8f48b0bbc748.tmp 0 bytes File C:\WINDOWS\Temp\avg-cb95c815-7309-4b69-b657-90209693e345.tmp 0 bytes File C:\WINDOWS\Temp\avg-cbd4ac0f-e0d0-446b-9074-2e04f51afc04.tmp 0 bytes File C:\WINDOWS\Temp\avg-cbda0b45-60a3-4870-ab66-6e56767a0f6a.tmp 0 bytes File C:\WINDOWS\Temp\avg-a5608416-7867-4145-8325-b057ea2f3d04.tmp 0 bytes File C:\WINDOWS\Temp\avg-a562273d-5c60-4b2e-abb7-4e14ad5e0123.tmp 0 bytes File C:\WINDOWS\Temp\avg-7396c94a-10d8-494d-ac3b-16383bbb2d27.tmp 0 bytes File C:\WINDOWS\Temp\avg-7413e161-44bf-4b60-8a16-880892d6957e.tmp 0 bytes File C:\WINDOWS\Temp\avg-749bb44e-31d5-4e2f-a388-462680c51f77.tmp 0 bytes File C:\WINDOWS\Temp\avg-75a08d36-1951-4e35-8b60-60493b28e878.tmp 0 bytes File C:\WINDOWS\Temp\avg-75d45b30-e238-423e-a94e-2676f6e2fb4c.tmp 0 bytes File C:\WINDOWS\Temp\avg-96930760-51f3-4052-8c31-a0732325fb23.tmp 0 bytes File C:\WINDOWS\Temp\avg-96e52e07-23ab-4541-a658-6e03c61d951b.tmp 0 bytes File C:\WINDOWS\Temp\avg-971fe714-54f0-4126-abd1-3704dab38c27.tmp 0 bytes File C:\WINDOWS\Temp\avg-9826f17a-be71-4b3d-80f0-871578ceb15c.tmp 0 bytes File C:\WINDOWS\Temp\avg-99570a69-f08c-461b-ba12-f83f6675042a.tmp 0 bytes File C:\WINDOWS\Temp\avg-99bd4175-f0e6-492b-bb91-45706bd01952.tmp 0 bytes File C:\WINDOWS\Temp\avg-aeb11b1b-29dd-4c30-9bb5-f007de9fad0e.tmp 0 bytes File C:\WINDOWS\Temp\avg-af347d3e-2cd1-4d57-a8f2-9352b3fd582d.tmp 0 bytes File C:\WINDOWS\Temp\avg-b082df22-4db1-4424-84ea-040f2f961b7a.tmp 0 bytes File C:\WINDOWS\Temp\avg-b1083844-d1c5-4c0e-9543-5a25a7a8f176.tmp 0 bytes File C:\WINDOWS\Temp\avg-b133c320-d1e8-4333-9ff8-b85e6e9cd612.tmp 0 bytes File C:\WINDOWS\Temp\avg-b135af60-b5d2-4335-a31b-6f00ad2dd270.tmp 0 bytes File C:\WINDOWS\Temp\avg-b1d8c336-350b-4334-a2c6-cc272a6fa70a.tmp 90218 bytes File C:\WINDOWS\Temp\avg-e02bbd22-fd35-4269-b4a2-cc05f989cf7f.tmp 0 bytes File C:\WINDOWS\Temp\avg-e0cf2769-973d-475a-95aa-d42014dd1e03.tmp 0 bytes File C:\WINDOWS\Temp\avg-e160da59-f861-4939-9e40-79230623fc05.tmp 0 bytes File C:\WINDOWS\Temp\avg-e241745a-4f97-4a4f-b16f-a746b62f5164.tmp 0 bytes File C:\WINDOWS\Temp\avg-b79bb249-ac42-4a5f-973f-57120273a309.tmp 0 bytes File C:\WINDOWS\Temp\avg-71b05b56-f65a-4911-b149-f114e4813b5a.tmp 0 bytes File C:\WINDOWS\Temp\avg-71b6152a-9149-4e58-83c1-357760c53568.tmp 0 bytes File C:\WINDOWS\Temp\avg-7321623b-c784-4b25-a902-f03ec0340d2e.tmp 0 bytes File C:\WINDOWS\Temp\avg-7327f327-5ad0-4d1d-b4ea-c9678c47bb5b.tmp 0 bytes File C:\WINDOWS\Temp\avg-89608a5c-96c4-4c24-bde8-042ebdbb1727.tmp 0 bytes File C:\WINDOWS\Temp\avg-896ba466-601b-4f1d-8654-314b094bb27a.tmp 201088 bytes File C:\WINDOWS\Temp\avg-8a41613e-d24d-4c7a-92d8-6d446cc1f97c.tmp 0 bytes File C:\WINDOWS\Temp\avg-8a63823b-00a1-4d22-9c8c-1529c6da6e58.tmp 0 bytes File C:\WINDOWS\Temp\avg-8af87816-52a1-4d23-9a63-5f571abaaa05.tmp 0 bytes File C:\WINDOWS\Temp\avg-8b6a7907-322e-4312-8ddb-e3114df8503a.tmp 0 bytes File C:\WINDOWS\Temp\avg-d8978141-eaaa-4959-b2c5-6018549d6a69.tmp 0 bytes File C:\WINDOWS\Temp\avg-d94b8b0a-4bf7-424b-a89f-9b7720a8662f.tmp 0 bytes File C:\WINDOWS\Temp\avg-d968092e-b8a3-497d-9e1c-c33fc504236a.tmp 0 bytes File C:\WINDOWS\Temp\avg-d98f5971-1eb3-452e-b47b-271927fa3913.tmp 0 bytes File C:\WINDOWS\Temp\avg-d9951f6b-e75e-4e63-b604-531d4bb0fe01.tmp 0 bytes File C:\WINDOWS\Temp\avg-d9c5f927-4bdf-4968-8d4c-4769ba708a67.tmp 0 bytes File C:\WINDOWS\Temp\avg-d9c76320-9d79-4416-8b6c-7d54e009fe51.tmp 0 bytes File C:\WINDOWS\Temp\avg-cf1d8c3a-036f-4275-aa30-ca1f44fe1e54.tmp 0 bytes File C:\WINDOWS\Temp\avg-d03ab304-0028-4d04-8b02-ec65a954e952.tmp 0 bytes File C:\WINDOWS\Temp\avg-d04cc967-6c5a-4712-b24a-971a3a382c5d.tmp 0 bytes File C:\WINDOWS\Temp\avg-d075aa79-9b60-4438-8aa1-477ea4bf3a1c.tmp 0 bytes File C:\WINDOWS\Temp\avg-d0b1ae75-6d4e-4419-a4e4-dc04cec97e5b.tmp 0 bytes File C:\WINDOWS\Temp\avg-d0c17720-808a-417c-8b52-8c658e799651.tmp 0 bytes File C:\WINDOWS\Temp\avg-7a53344a-41bb-4923-b47f-544444781c49.tmp 0 bytes File C:\WINDOWS\Temp\avg-7bb6ff29-ab57-4839-9ba4-d3378ba6fb64.tmp 0 bytes File C:\WINDOWS\Temp\avg-7c4b6d3b-42cf-4d66-8948-194b3c246a4a.tmp 0 bytes File C:\WINDOWS\Temp\avg-7c9d2c30-1464-461f-bf80-964ec688e910.tmp 0 bytes ---- EOF - GMER 1.0.15 ----