Powolne otwieranie aplikacji/zwiechy

**Posty:** 110 · przez **cnx1234** 08 Sie 2015, 19:31

Witam!
Problem tak jak w temacie, dodam iż użyłem adwcleaner jak i zrobilem scana esetem, do tego ccleaner wraz z rejestrem, i dalej to nie jest to jak powinno, proszę o pomoc, z góry dziękuję.

Gmer:

Kod: Zaznacz wszystko: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-08-08 19:17:11 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000031 ST1000LM014-SSHD-8GB rev.LVD3 931,51GB Running: pm0hfxt9.exe; Driver: C:\Users\Norbert\AppData\Local\Temp\uxldqpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960001b5600 15 bytes [00, 96, F2, 01, 00, 6A, 6C, ...] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960001b5610 11 bytes [00, D7, FB, FF, 00, 7B, D1, ...] ---- User code sections - GMER 2.1 ---- .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[1836] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9Ex 00007ffd090eead0 5 bytes JMP 00007ffd12c805a8 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\SYSTEM32\d3d9.dll!Direct3DCreate9 00007ffd0911eb90 6 bytes JMP 00007ffd12c80570 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe[5368] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\SYSTEM32\user32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\SYSTEM32\user32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\SYSTEM32\user32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\SYSTEM32\user32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\WINDOWS\system32\taskhostex.exe[4292] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\WINDOWS\system32\igfxEM.exe[3996] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\WINDOWS\system32\igfxHK.exe[2324] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[7024] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe[6068] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\Windows\RTFTrack.exe[7072] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe[3416] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\KERNEL32.dll!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\KERNEL32.dll!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\KERNEL32.dll!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\KERNEL32.dll!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\KERNEL32.dll!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\KERNEL32.dll!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\Program Files (x86)\Lenovo\Energy Management\utility.exe[4648] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[676] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[2292] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe[452] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\SYSTEM32\combase.dll!CoCreateInstance 00007ffd146fd050 7 bytes JMP 00007ffe12c80500 .text C:\Program Files\ESET\ESET Smart Security\egui.exe[6484] C:\WINDOWS\SYSTEM32\combase.dll!CoSetProxyBlanket 00007ffd1472b170 5 bytes JMP 00007ffe12c80538 .text C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE[6956] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE[6956] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE[6956] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE[6956] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE[6956] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE[6956] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\Windows\System32\SettingSyncHost.exe[8116] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\Windows\System32\SettingSyncHost.exe[8116] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\Windows\System32\SettingSyncHost.exe[8116] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\Windows\System32\SettingSyncHost.exe[8116] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\Windows\System32\SettingSyncHost.exe[8116] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\Windows\System32\SettingSyncHost.exe[8116] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\Windows\System32\SettingSyncHost.exe[8116] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\Windows\System32\SettingSyncHost.exe[8116] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\Windows\System32\SettingSyncHost.exe[8116] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\Windows\System32\SettingSyncHost.exe[8116] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\Windows\System32\SettingSyncHost.exe[8116] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\Windows\System32\SettingSyncHost.exe[8116] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007ffd14d93e10 7 bytes JMP 00007ffe12c80260 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007ffd14d93e20 7 bytes JMP 00007ffe12c80298 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007ffd14e439b0 7 bytes JMP 00007ffe12c80340 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007ffd14e43ef0 7 bytes JMP 00007ffe12c802d0 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007ffd14e43fe0 7 bytes JMP 00007ffe12c80308 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007ffd14e706c0 7 bytes JMP 00007ffe12c801f0 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007ffd14e70730 7 bytes JMP 00007ffe12c80228 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007ffd12c921d0 5 bytes JMP 00007ffe12c80180 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007ffd12c929d0 7 bytes JMP 00007ffe12c800d8 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007ffd12c94310 5 bytes JMP 00007ffe12c80110 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007ffd12c98d80 5 bytes JMP 00007ffe12c80148 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleFileNameExW 00007ffd12d0f0b0 5 bytes JMP 00007ffe12c801b8 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007ffd15106d90 1 byte JMP 00007ffe12c80420 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\USER32.dll!CreateWindowExW + 2 00007ffd15106d92 8 bytes {JMP 0xfffffffffdb79690} .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007ffd151174a0 5 bytes JMP 00007ffe12c803e8 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007ffd15117560 9 bytes JMP 00007ffe12c80378 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\USER32.dll!ChangeDisplaySettingsExW 00007ffd15117730 5 bytes JMP 00007ffe12c80458 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007ffd15126b10 5 bytes JMP 00007ffe12c803b0 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007ffd15331500 1 byte JMP 00007ffe12c80490 .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList + 2 00007ffd15331502 6 bytes {JMP 0xfffffffffd94ef90} .text C:\WINDOWS\WinStore\WSHost.exe[5620] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007ffd15331750 8 bytes JMP 00007ffe12c804c8 ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [7044:5760] fffff960008dc2d0 Thread C:\WINDOWS\Explorer.EXE [1280:5704] 00007ffcfd005060 Thread C:\WINDOWS\Explorer.EXE [1280:340] 00007ffd058ce630 Thread C:\WINDOWS\Explorer.EXE [1280:7856] 00007ffd10781120 Thread C:\WINDOWS\Explorer.EXE [1280:6284] 00007ffd01d11480 Thread C:\WINDOWS\Explorer.EXE [1280:4920] 00007ffd01e9a710 Thread C:\WINDOWS\Explorer.EXE [1280:872] 00007ffd060b9970 Thread C:\WINDOWS\Explorer.EXE [1280:8404] 00007ffd060be630 Thread C:\WINDOWS\Explorer.EXE [1280:4932] 00007ffd060be630 Thread C:\WINDOWS\Explorer.EXE [1280:8256] 00007ffd060be630 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----

OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2015-08-08 19:15:04 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Norbert\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17905) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,91 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 31,26% Memory free 4,60 Gb Paging File | 1,69 Gb Available in Paging File | 36,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 198,65 Gb Total Space | 138,20 Gb Free Space | 69,57% Space Free | Partition Type: NTFS Drive D: | 731,91 Gb Total Space | 486,87 Gb Free Space | 66,52% Space Free | Partition Type: NTFS Computer Name: NOREK | User Name: Norbert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2015-08-08 19:09:03 | 000,380,416 | ---- | M] () -- D:\pm0hfxt9.exe PRC - [2015-07-31 08:19:29 | 000,813,896 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2015-07-16 16:15:34 | 000,245,576 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe PRC - [2015-07-07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2015-05-01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe PRC - [2015-05-01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe PRC - [2015-02-28 11:23:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Norbert\Desktop\OTL.exe PRC - [2015-01-28 14:08:58 | 001,349,576 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe PRC - [2015-01-05 07:50:02 | 000,427,800 | ---- | M] (Maxthon) -- C:\Users\Norbert\AppData\Roaming\mxnitro\MxNitro.exe PRC - [2014-11-06 19:14:58 | 002,464,072 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe PRC - [2014-11-06 19:14:48 | 001,795,912 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe PRC - [2014-10-29 02:31:31 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WWAHost.exe PRC - [2014-09-13 19:43:50 | 000,076,152 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2013-03-27 23:36:28 | 005,047,296 | ---- | M] (Atomix Productions) -- C:\Program Files (x86)\VirtualDJ\virtualdj_pro.exe PRC - [2013-03-12 13:19:38 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2013-03-12 13:19:38 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe PRC - [2013-01-31 15:20:50 | 000,286,192 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2013-01-31 15:20:50 | 000,015,344 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012-09-30 12:01:24 | 001,132,480 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012-09-30 12:00:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2010-02-12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2015-08-08 19:09:03 | 000,380,416 | ---- | M] () -- D:\pm0hfxt9.exe MOD - [2015-07-20 16:07:56 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\67bdc09fa286920c1f42f2a98c400f95\System.Core.ni.dll MOD - [2015-07-20 16:07:50 | 010,030,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\1c5fe4cb68f67046baec4c3a854f722f\System.ni.dll MOD - [2015-05-25 09:57:23 | 002,964,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\fc3b086418e8d8807cfb6b88ccae1c64\System.IdentityModel.ni.dll MOD - [2015-05-25 09:56:58 | 001,070,592 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\3d476a44c20ddf99250f3ade1b0da1da\System.ServiceModel.Web.ni.dll MOD - [2015-05-19 10:28:08 | 012,898,304 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\592a40dd076e6e46b4a8bc95bb64b2e8\System.Windows.Forms.ni.dll MOD - [2015-05-18 13:25:12 | 000,786,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\7159bb28e23de8ed898a2acb1dbfef6c\System.ServiceModel.Internals.ni.dll MOD - [2015-05-18 13:25:12 | 000,118,272 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1c09d6db83322a23a1744d75c4836f85\SMDiagnostics.ni.dll MOD - [2015-05-18 12:23:36 | 019,567,616 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\662aae610c401a254416904a4861b189\System.ServiceModel.ni.dll MOD - [2015-05-18 12:21:51 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\814dd462b742d7c16c620e79397b2463\System.Configuration.ni.dll MOD - [2015-02-17 12:58:21 | 007,785,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\43edd630a9f8cd6ac38c527b106ec94f\System.Xml.ni.dll MOD - [2015-02-17 12:57:54 | 002,803,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\ab763e7f2c7532e9fe8f587995105156\System.Runtime.Serialization.ni.dll MOD - [2015-02-17 12:57:51 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\8efdc7a3726640f79d9333da88accaf8\System.Drawing.ni.dll MOD - [2014-11-10 02:53:06 | 000,876,824 | ---- | M] () -- C:\Users\Norbert\AppData\Roaming\mxnitro\1.0.0.3000\libglesv2.dll MOD - [2014-11-10 02:53:06 | 000,684,312 | ---- | M] () -- C:\Users\Norbert\AppData\Roaming\mxnitro\1.0.0.3000\mxdb.dll MOD - [2014-11-10 02:53:06 | 000,134,424 | ---- | M] () -- C:\Users\Norbert\AppData\Roaming\mxnitro\1.0.0.3000\libegl.dll MOD - [2014-11-10 02:52:54 | 002,307,352 | ---- | M] () -- C:\Users\Norbert\AppData\Roaming\mxnitro\1.0.0.3000\ffmpegsumo.dll MOD - [2014-11-10 02:52:52 | 014,669,128 | ---- | M] () -- C:\Users\Norbert\AppData\Roaming\mxnitro\1.0.0.3000\plugins\pepflashplayer.dll MOD - [2014-11-10 02:52:52 | 008,537,928 | ---- | M] () -- C:\Users\Norbert\AppData\Roaming\mxnitro\1.0.0.3000\plugins\pdf.dll MOD - [2014-11-10 02:52:52 | 000,259,352 | ---- | M] () -- C:\Users\Norbert\AppData\Roaming\mxnitro\1.0.0.3000\maxzlib.dll MOD - [2014-11-04 02:04:30 | 000,010,952 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll MOD - [2014-03-18 11:58:24 | 017,395,376 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\c90ef9a73ea0044641d31b19023aad61\mscorlib.ni.dll MOD - [2013-03-27 23:36:24 | 000,458,752 | ---- | M] () -- C:\Users\Norbert\Documents\VirtualDJ\Plugins\SoundEffect\vocals+.dll MOD - [2013-03-27 23:36:17 | 000,557,056 | ---- | M] () -- C:\Users\Norbert\Documents\VirtualDJ\Plugins\SoundEffect\beatgrid.dll MOD - [2013-03-27 23:36:06 | 000,102,400 | ---- | M] () -- C:\Users\Norbert\Documents\VirtualDJ\Plugins\SoundEffect\brake.dll MOD - [2013-03-27 23:36:00 | 000,102,400 | ---- | M] () -- C:\Users\Norbert\Documents\VirtualDJ\Plugins\SoundEffect\backspin.dll MOD - [2013-03-27 23:35:53 | 000,102,400 | ---- | M] () -- C:\Users\Norbert\Documents\VirtualDJ\Plugins\VideoTransition\default.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2015-05-30 21:36:24 | 000,230,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:[b]64bit:[/b] - [2015-05-25 15:07:50 | 001,430,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:[b]64bit:[/b] - [2015-05-12 15:19:37 | 000,294,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:[b]64bit:[/b] - [2015-05-07 17:21:51 | 000,522,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc) SRV:[b]64bit:[/b] - [2015-02-21 01:49:18 | 000,780,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:[b]64bit:[/b] - [2015-02-04 01:58:28 | 000,366,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc) SRV:[b]64bit:[/b] - [2015-02-04 01:58:28 | 000,023,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:[b]64bit:[/b] - [2015-01-28 14:08:58 | 001,349,576 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn) SRV:[b]64bit:[/b] - [2014-11-06 19:14:48 | 001,148,744 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe -- (GfExperienceService) SRV:[b]64bit:[/b] - [2014-11-06 19:14:44 | 019,819,848 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc) SRV:[b]64bit:[/b] - [2014-10-31 06:51:25 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2014-10-29 06:09:06 | 000,092,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\KeyboardFilterSvc.dll -- (MsKeyboardFilter) SRV:[b]64bit:[/b] - [2014-10-29 05:59:51 | 003,460,472 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:[b]64bit:[/b] - [2014-10-29 05:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:[b]64bit:[/b] - [2014-10-29 04:42:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:[b]64bit:[/b] - [2014-10-29 04:42:03 | 000,041,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:[b]64bit:[/b] - [2014-10-29 04:34:51 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:[b]64bit:[/b] - [2014-10-29 04:33:55 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:[b]64bit:[/b] - [2014-10-29 04:30:35 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:[b]64bit:[/b] - [2014-10-29 04:29:22 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:[b]64bit:[/b] - [2014-10-29 03:57:05 | 000,324,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv) SRV:[b]64bit:[/b] - [2014-10-29 03:48:20 | 000,166,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:[b]64bit:[/b] - [2014-10-29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:[b]64bit:[/b] - [2014-10-29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:[b]64bit:[/b] - [2014-10-29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:[b]64bit:[/b] - [2014-10-29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:[b]64bit:[/b] - [2014-10-29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:[b]64bit:[/b] - [2014-10-29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:[b]64bit:[/b] - [2014-10-29 03:43:27 | 000,524,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:[b]64bit:[/b] - [2014-10-29 03:27:21 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:[b]64bit:[/b] - [2014-10-29 03:26:21 | 000,838,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:[b]64bit:[/b] - [2014-10-29 03:24:37 | 000,131,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:[b]64bit:[/b] - [2014-10-29 03:22:40 | 000,062,464 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:[b]64bit:[/b] - [2014-10-29 03:20:03 | 000,262,656 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:[b]64bit:[/b] - [2014-10-29 03:19:20 | 000,550,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:[b]64bit:[/b] - [2014-10-29 03:16:17 | 000,154,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:[b]64bit:[/b] - [2014-10-29 03:13:24 | 000,374,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:[b]64bit:[/b] - [2014-10-29 03:13:02 | 000,260,608 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:[b]64bit:[/b] - [2014-10-29 03:12:36 | 000,407,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:[b]64bit:[/b] - [2014-10-29 03:12:22 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:[b]64bit:[/b] - [2014-10-29 03:11:10 | 001,639,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:[b]64bit:[/b] - [2014-10-29 03:05:09 | 000,206,848 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:[b]64bit:[/b] - [2014-10-29 02:57:18 | 000,074,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:[b]64bit:[/b] - [2014-10-29 02:48:52 | 000,562,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:[b]64bit:[/b] - [2014-10-29 02:46:48 | 001,348,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:[b]64bit:[/b] - [2014-10-29 02:35:51 | 001,668,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:[b]64bit:[/b] - [2014-08-14 00:24:04 | 000,324,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0) SRV:[b]64bit:[/b] - [2013-02-13 12:47:04 | 000,820,184 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2013-02-13 12:46:48 | 000,731,648 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2013-01-31 15:20:50 | 000,015,344 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2015-07-14 23:34:48 | 000,268,976 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015-07-07 20:12:28 | 000,082,128 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2015-05-07 17:05:40 | 000,367,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc) SRV - [2015-05-01 11:17:04 | 001,772,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc) SRV - [2015-05-01 11:16:10 | 001,394,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc) SRV - [2015-03-30 15:29:00 | 002,490,216 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2015-02-18 19:11:32 | 000,315,488 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2014-11-10 18:45:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service) SRV - [2014-11-10 18:45:17 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2014-11-06 19:14:48 | 001,795,912 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService) SRV - [2014-10-29 05:50:11 | 002,987,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2014-10-29 03:51:55 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) SRV - [2014-10-29 03:04:45 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2014-09-13 19:43:50 | 000,076,152 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2014-08-14 00:24:08 | 000,276,808 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2014-02-28 11:32:36 | 000,174,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe -- (iumsvc) SRV - [2013-03-12 13:20:08 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013-03-12 13:19:38 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2013-03-12 13:19:38 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R) SRV - [2013-02-04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2012-09-30 12:01:24 | 001,132,480 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012-09-30 12:00:56 | 001,112,000 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2010-02-12 11:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2015-04-16 08:17:07 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:[b]64bit:[/b] - [2015-03-30 15:28:52 | 000,044,296 | -H-- | M] (LogMeIn Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Hamdrv.sys -- (hamachi) DRV:[b]64bit:[/b] - [2015-03-20 03:56:10 | 000,080,384 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:[b]64bit:[/b] - [2015-03-17 19:26:06 | 000,467,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:[b]64bit:[/b] - [2015-03-13 06:03:31 | 000,239,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:[b]64bit:[/b] - [2015-03-09 04:02:51 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:[b]64bit:[/b] - [2015-03-09 04:02:45 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsp.sys -- (storvsp) DRV:[b]64bit:[/b] - [2015-03-04 12:25:11 | 000,377,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:[b]64bit:[/b] - [2015-02-23 16:06:26 | 000,246,000 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm) DRV:[b]64bit:[/b] - [2015-02-23 16:06:26 | 000,241,880 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\edevmon.sys -- (edevmon) DRV:[b]64bit:[/b] - [2015-02-23 16:06:26 | 000,222,280 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw) DRV:[b]64bit:[/b] - [2015-02-23 16:06:26 | 000,169,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv) DRV:[b]64bit:[/b] - [2015-02-23 16:06:26 | 000,064,208 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp) DRV:[b]64bit:[/b] - [2015-02-23 16:06:26 | 000,044,632 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF) DRV:[b]64bit:[/b] - [2015-02-04 01:58:33 | 000,264,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:[b]64bit:[/b] - [2015-02-04 01:58:33 | 000,114,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:[b]64bit:[/b] - [2015-02-04 01:58:04 | 000,044,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:[b]64bit:[/b] - [2015-01-30 05:01:46 | 000,132,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthA2DP.sys -- (BthA2DP) DRV:[b]64bit:[/b] - [2014-12-04 21:09:30 | 000,030,424 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsomc.sys -- (ggsomc) DRV:[b]64bit:[/b] - [2014-12-04 21:09:30 | 000,016,088 | ---- | M] (Sony Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:[b]64bit:[/b] - [2014-11-06 19:14:43 | 000,019,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys -- (NvStreamKms) DRV:[b]64bit:[/b] - [2014-11-04 02:04:30 | 000,032,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2014-10-29 05:59:47 | 000,415,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:[b]64bit:[/b] - [2014-10-29 05:59:12 | 000,136,512 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:[b]64bit:[/b] - [2014-10-29 05:57:42 | 000,054,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr) DRV:[b]64bit:[/b] - [2014-10-29 05:56:04 | 000,027,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2014-10-29 04:46:43 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2014-10-29 04:46:09 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc) DRV:[b]64bit:[/b] - [2014-10-29 04:45:54 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:[b]64bit:[/b] - [2014-10-29 04:45:39 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:[b]64bit:[/b] - [2014-10-29 04:45:16 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:[b]64bit:[/b] - [2014-10-15 10:32:36 | 000,921,920 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS) DRV:[b]64bit:[/b] - [2014-10-13 04:43:17 | 000,086,336 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:[b]64bit:[/b] - [2014-10-13 04:43:17 | 000,039,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep) DRV:[b]64bit:[/b] - [2014-10-07 08:54:45 | 000,189,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000) DRV:[b]64bit:[/b] - [2014-10-07 08:44:39 | 000,069,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:[b]64bit:[/b] - [2014-10-03 21:23:02 | 000,038,216 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible) DRV:[b]64bit:[/b] - [2014-09-12 06:09:47 | 000,157,016 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof) DRV:[b]64bit:[/b] - [2014-09-12 00:42:57 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:[b]64bit:[/b] - [2014-09-12 00:42:57 | 000,033,560 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:[b]64bit:[/b] - [2014-08-15 02:36:55 | 000,146,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:[b]64bit:[/b] - [2014-08-14 00:23:50 | 004,786,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2014-07-28 21:48:49 | 000,038,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible) DRV:[b]64bit:[/b] - [2014-07-28 21:48:49 | 000,027,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus) DRV:[b]64bit:[/b] - [2014-03-18 11:57:58 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:[b]64bit:[/b] - [2014-03-18 11:57:48 | 000,226,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthLEEnum.sys -- (BthLEEnum) DRV:[b]64bit:[/b] - [2014-03-18 11:57:48 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:[b]64bit:[/b] - [2014-03-18 11:57:48 | 000,079,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:[b]64bit:[/b] - [2014-03-18 11:57:48 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:[b]64bit:[/b] - [2014-03-18 11:57:48 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:[b]64bit:[/b] - [2014-03-18 11:40:44 | 000,022,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kbldfltr.sys -- (kbldfltr) DRV:[b]64bit:[/b] - [2014-03-18 11:40:37 | 000,220,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Vid.sys -- (Vid) DRV:[b]64bit:[/b] - [2014-03-18 11:40:37 | 000,129,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbusr.sys -- (vmbusr) DRV:[b]64bit:[/b] - [2014-03-18 11:40:37 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcivsp.sys -- (vpcivsp) DRV:[b]64bit:[/b] - [2014-03-18 11:40:37 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2014-01-22 08:52:12 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) DRV:[b]64bit:[/b] - [2014-01-22 08:52:10 | 000,206,080 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:[b]64bit:[/b] - [2014-01-22 08:52:10 | 000,108,800 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:[b]64bit:[/b] - [2013-08-31 03:02:26 | 003,345,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwew00.sys -- (NETwNe64) DRV:[b]64bit:[/b] - [2013-08-22 15:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:[b]64bit:[/b] - [2013-08-22 15:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2013-08-22 14:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:[b]64bit:[/b] - [2013-08-22 14:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:[b]64bit:[/b] - [2013-08-22 14:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:[b]64bit:[/b] - [2013-08-22 14:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis) DRV:[b]64bit:[/b] - [2013-08-22 14:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:[b]64bit:[/b] - [2013-08-22 14:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2013-08-22 14:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2013-08-22 14:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS) DRV:[b]64bit:[/b] - [2013-08-22 14:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2013-08-22 14:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3) DRV:[b]64bit:[/b] - [2013-08-22 14:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX) DRV:[b]64bit:[/b] - [2013-08-22 14:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2013-08-22 14:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2013-08-22 14:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware) DRV:[b]64bit:[/b] - [2013-08-22 14:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2013-08-22 14:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:[b]64bit:[/b] - [2013-08-22 14:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:[b]64bit:[/b] - [2013-08-22 14:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2013-08-22 14:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:[b]64bit:[/b] - [2013-08-22 14:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:[b]64bit:[/b] - [2013-08-22 14:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2013-08-22 14:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:[b]64bit:[/b] - [2013-08-22 14:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:[b]64bit:[/b] - [2013-08-22 14:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:[b]64bit:[/b] - [2013-08-22 14:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:[b]64bit:[/b] - [2013-08-22 14:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:[b]64bit:[/b] - [2013-08-22 13:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:[b]64bit:[/b] - [2013-08-22 13:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo) DRV:[b]64bit:[/b] - [2013-08-22 13:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:[b]64bit:[/b] - [2013-08-22 13:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:[b]64bit:[/b] - [2013-08-22 13:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:[b]64bit:[/b] - [2013-08-22 13:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:[b]64bit:[/b] - [2013-08-22 13:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:[b]64bit:[/b] - [2013-08-22 13:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV:[b]64bit:[/b] - [2013-08-22 13:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:[b]64bit:[/b] - [2013-08-22 13:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid) DRV:[b]64bit:[/b] - [2013-08-22 13:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:[b]64bit:[/b] - [2013-08-22 13:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2013-08-22 13:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:[b]64bit:[/b] - [2013-08-22 13:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2013-08-22 13:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:[b]64bit:[/b] - [2013-08-22 10:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM) DRV:[b]64bit:[/b] - [2013-08-13 01:25:46 | 000,017,624 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2) DRV:[b]64bit:[/b] - [2013-08-10 02:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:[b]64bit:[/b] - [2013-07-30 20:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO) DRV:[b]64bit:[/b] - [2013-07-25 21:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C) DRV:[b]64bit:[/b] - [2013-04-08 12:36:04 | 001,588,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ksaud.sys -- (ksaud) DRV:[b]64bit:[/b] - [2013-03-08 10:58:18 | 000,473,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2013-03-08 10:58:18 | 000,033,008 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:[b]64bit:[/b] - [2013-03-06 23:02:58 | 008,243,144 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc) DRV:[b]64bit:[/b] - [2013-01-31 15:20:10 | 000,652,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:[b]64bit:[/b] - [2013-01-11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2012-11-19 11:34:56 | 000,118,936 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C) DRV:[b]64bit:[/b] - [2012-10-01 14:41:40 | 001,337,216 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:[b]64bit:[/b] - [2012-10-01 14:41:38 | 000,132,480 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:[b]64bit:[/b] - [2012-08-06 11:07:08 | 000,068,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:[b]64bit:[/b] - [2010-01-05 03:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur) DRV:[b]64bit:[/b] - [2009-09-10 16:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2009-07-24 16:52:14 | 000,114,560 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.interia.pl/#utm_source=instalki&utm_medium=installer&utm_campaign=instalki IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3598932418-1263865583-842487310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gazeta.pl/0,0.html?p=173 IE - HKU\S-1-5-21-3598932418-1263865583-842487310-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 90 0A E3 1C CE CF 01 [binary data] IE - HKU\S-1-5-21-3598932418-1263865583-842487310-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3598932418-1263865583-842487310-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3598932418-1263865583-842487310-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelogx64.dll (EA Digital Illusions CE AB) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll () FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.5.1: C:\Program Files (x86)\Battlelog Web Plugins\2.5.1\npbattlelog.dll (EA Digital Illusions CE AB) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2015-04-11 15:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Norbert\AppData\Roaming\mozilla\Extensions [2015-03-31 10:23:14 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [color=#E56717]========== Chrome ==========[/color] CHR - Extension: No name found = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0\ CHR - Extension: No name found = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\ CHR - Extension: No name found = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.0_0\ CHR - Extension: No name found = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.7_0\ CHR - Extension: No name found = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.30_0\ CHR - Extension: No name found = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0\ CHR - Extension: No name found = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.2.0_0\ CHR - Extension: No name found = C:\Users\Norbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\ O1 HOSTS File: ([2013-08-22 15:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.) O4:[b]64bit:[/b] - HKLM..\Run: [Creative SB Monitoring Utility] C:\WINDOWS\SysNative\SBAVMon.dll (Creative Technology Ltd.) O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET) O4:[b]64bit:[/b] - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:[b]64bit:[/b] - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:[b]64bit:[/b] - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [RtsFT] C:\WINDOWS\RTFTrack.exe (Realtek semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [SynLenovoGestureMgr] C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe (Synaptics) O4 - HKLM..\Run: [LogMeIn Hamachi Ui] D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) O4 - HKLM..\Run: [Module Loader] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi Surround 5.1 Pro\Volume Panel\VolPanlu.exe (Creative Technology Ltd) O4 - HKU\S-1-5-21-3598932418-1263865583-842487310-1001..\Run: [ALLPlayer WiFi Remote] C:\Program Files (x86)\ALLPlayer Remote\ALLPlayerRemoteControl.exe (ALLPlayer Group Ltd.) O4 - HKU\S-1-5-21-3598932418-1263865583-842487310-1001..\Run: [ALLUpdate] C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe (ALLPlayer Group Ltd.) O4 - HKU\S-1-5-21-3598932418-1263865583-842487310-1001..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) O4 - HKU\S-1-5-21-3598932418-1263865583-842487310-1001..\Run: [Napisy24.pl] C:\Program Files (x86)\Napisy24\Napisy24.exe (Napisy24.pl) O4 - HKU\S-1-5-21-3598932418-1263865583-842487310-1001..\Run: [Napisy24Update] C:\Program Files (x86)\Napisy24\Napisy24Update.exe (Napisy24.pl) O4 - Startup: C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wysyłanie do programu OneNote.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: Wyślij do Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8 - Extra context menu item: Wyślij do Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O9:[b]64bit:[/b] - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2) O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4246E915-0E6E-4DA3-8718-0AF192D4878B}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AFCF2104-9D1D-46BE-93E5-551C80CBA019}: DhcpNameServer = 192.168.1.1 O18:[b]64bit:[/b] - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\WINDOWS\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{3c8ef606-d252-11e4-be8e-28d2449c060e}\Shell - "" = AutoRun O33 - MountPoints2\{3c8ef606-d252-11e4-be8e-28d2449c060e}\Shell\AutoRun\command - "" = "F:\AutoRun.exe" O33 - MountPoints2\{6396cd42-7179-11e4-be77-28d2449c060e}\Shell - "" = AutoRun O33 - MountPoints2\{6396cd42-7179-11e4-be77-28d2449c060e}\Shell\AutoRun\command - "" = "F:\AutoRun.exe" O33 - MountPoints2\{b4584401-6d21-11e4-be76-fce7a150d8b8}\Shell - "" = AutoRun O33 - MountPoints2\{b4584401-6d21-11e4-be76-fce7a150d8b8}\Shell\AutoRun\command - "" = "F:\AutoRun.exe" O33 - MountPoints2\{b458444c-6d21-11e4-be76-fce7a150d8b8}\Shell - "" = AutoRun O33 - MountPoints2\{b458444c-6d21-11e4-be76-fce7a150d8b8}\Shell\AutoRun\command - "" = "F:\AutoRun.exe" O33 - MountPoints2\{b4584a08-6d21-11e4-be76-fce7a150d8b8}\Shell - "" = AutoRun O33 - MountPoints2\{b4584a08-6d21-11e4-be76-fce7a150d8b8}\Shell\AutoRun\command - "" = "F:\AutoRun.exe" O33 - MountPoints2\{c445d8e2-d7e0-11e4-be8f-28d2449c060e}\Shell - "" = AutoRun O33 - MountPoints2\{c445d8e2-d7e0-11e4-be8f-28d2449c060e}\Shell\AutoRun\command - "" = "F:\AutoRun.exe" O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2015-08-02 16:49:55 | 000,000,000 | ---D | C] -- C:\Users\Norbert\Desktop\Tabata cwiczenia [2015-07-28 22:49:10 | 001,084,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll [2015-07-21 17:42:46 | 000,358,912 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll [2015-07-21 17:42:46 | 000,301,056 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll [2015-07-21 17:42:46 | 000,044,032 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll [2015-07-21 17:42:46 | 000,035,840 | ---- | C] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll [2015-07-19 17:59:28 | 005,923,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll [2015-07-19 17:58:43 | 002,880,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll [2015-07-19 17:58:40 | 002,125,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl [2015-07-19 17:58:40 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll [2015-07-19 17:58:40 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll [2015-07-19 17:58:40 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll [2015-07-19 17:58:40 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieui.dll [2015-07-19 17:58:40 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll [2015-07-19 17:58:40 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieui.dll [2015-07-19 17:58:40 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll [2015-07-19 17:58:40 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MshtmlDac.dll [2015-07-19 17:58:40 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tdc.ocx [2015-07-19 17:58:40 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MshtmlDac.dll [2015-07-19 17:58:39 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl [2015-07-19 17:58:39 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll [2015-07-19 17:58:39 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll [2015-07-19 17:58:39 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll [2015-07-19 17:58:39 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll [2015-07-19 17:58:39 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll [2015-07-19 17:58:39 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tdc.ocx [2015-07-19 17:58:39 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll [2015-07-19 17:58:38 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript.dll [2015-07-19 17:58:38 | 000,664,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript.dll [2015-07-17 22:36:12 | 000,721,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapi.dll [2015-07-17 22:36:12 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapp.exe [2015-07-17 22:36:12 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wups.dll [2015-07-17 22:36:11 | 002,229,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wucltux.dll [2015-07-17 22:36:11 | 000,891,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuapi.dll [2015-07-17 22:36:11 | 000,359,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinSetupUI.dll [2015-07-17 22:36:11 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuwebv.dll [2015-07-17 22:36:11 | 000,136,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe [2015-07-17 22:36:11 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuwebv.dll [2015-07-17 22:36:11 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wudriver.dll [2015-07-17 22:36:11 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wudriver.dll [2015-07-17 22:36:11 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wuapp.exe [2015-07-17 22:36:10 | 000,409,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WUSettingsProvider.dll [2015-07-17 22:36:10 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups.dll [2015-07-17 22:36:10 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wups2.dll [2015-07-17 22:35:39 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WiFiDisplay.dll [2015-07-17 22:35:38 | 001,441,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll [2015-07-17 22:35:38 | 001,311,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rpcrt4.dll [2015-07-17 22:35:38 | 000,445,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\certcli.dll [2015-07-17 22:35:38 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\certcli.dll [2015-07-17 22:35:34 | 002,774,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll [2015-07-17 22:35:34 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GeofenceMonitorService.dll [2015-07-17 22:35:34 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\GeofenceMonitorService.dll [2015-07-17 22:35:33 | 003,320,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll [2015-07-17 22:35:33 | 002,460,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll [2015-07-17 22:35:33 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll [2015-07-17 22:35:33 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\werdiagcontroller.dll [2015-07-17 22:35:31 | 003,109,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ExplorerFrame.dll [2015-07-17 22:35:31 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExplorerFrame.dll [2015-07-17 22:35:26 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\usb8023.sys [2015-07-17 22:35:25 | 001,145,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aeinv.dll [2015-07-17 22:35:25 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\generaltel.dll [2015-07-17 22:35:24 | 000,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\invagent.dll [2015-07-17 22:35:24 | 000,433,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\devinv.dll [2015-07-17 22:35:24 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aepdu.dll [2015-07-17 22:35:24 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\acmigration.dll [2015-07-17 22:35:24 | 000,026,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CompatTelRunner.exe [2015-07-17 22:20:52 | 000,971,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSShared.dll [2015-07-17 22:20:52 | 000,811,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WSShared.dll [2015-07-17 22:20:52 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.TestingFramework.dll [2015-07-17 22:20:52 | 000,210,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll [2015-07-17 22:20:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\storvsp.sys [2015-07-17 22:20:15 | 000,332,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fhcpl.dll [2015-07-17 22:19:54 | 001,380,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32.dll [2015-07-17 22:13:41 | 001,661,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll [2015-07-17 22:13:39 | 003,084,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msftedit.dll [2015-07-17 22:13:39 | 002,471,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msftedit.dll [2015-07-17 22:12:21 | 000,564,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apphelp.dll [2015-07-17 22:10:47 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll [2015-07-17 22:09:12 | 007,784,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll [2015-07-17 22:09:12 | 005,264,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll [2015-07-16 19:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET [2015-07-16 19:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET [2015-07-10 19:12:17 | 000,000,000 | -H-D | C] -- C:\$Windows.~BT [1 C:\Users\Norbert\Documents\*.tmp files -> C:\Users\Norbert\Documents\*.tmp -> ] [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2015-08-08 18:34:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2015-08-08 18:20:00 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2015-08-08 16:20:00 | 000,001,064 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1d090c62a403b14.job [2015-08-08 15:12:10 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2015-08-08 13:51:50 | 000,001,064 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2015-08-06 21:37:33 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2015-08-06 11:09:07 | 001,828,496 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI [2015-08-06 11:09:07 | 000,808,198 | ---- | M] () -- C:\WINDOWS\SysNative\perfh015.dat [2015-08-06 11:09:07 | 000,723,514 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat [2015-08-06 11:09:07 | 000,164,014 | ---- | M] () -- C:\WINDOWS\SysNative\perfc015.dat [2015-08-06 11:09:07 | 000,136,128 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat [2015-08-06 00:20:32 | 000,483,600 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2015-08-06 00:20:16 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2015-08-06 00:20:09 | 3362,381,824 | -HS- | M] () -- C:\hiberfil.sys [2015-07-25 15:34:01 | 001,084,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appraiser.dll [2015-07-16 16:15:35 | 000,001,068 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1d0bfd1e23f4f31.job [2015-07-14 16:14:06 | 000,301,056 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\atmfd.dll [2015-07-14 16:14:02 | 000,035,840 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysWow64\atmlib.dll [2015-07-14 16:14:00 | 000,358,912 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysNative\atmfd.dll [2015-07-14 16:13:55 | 000,044,032 | ---- | M] (Adobe Systems) -- C:\WINDOWS\SysNative\atmlib.dll [2015-07-13 23:10:13 | 000,792,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe [2015-07-13 23:10:13 | 000,178,168 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl [2015-07-09 21:51:16 | 000,136,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuauclt.exe [2015-07-09 20:40:34 | 000,359,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinSetupUI.dll [1 C:\Users\Norbert\Documents\*.tmp files -> C:\Users\Norbert\Documents\*.tmp -> ] [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015-08-06 00:20:17 | 000,483,600 | ---- | C] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT [2015-07-17 22:10:48 | 000,410,739 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml [2015-07-16 16:15:35 | 000,001,068 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1d0bfd1e23f4f31.job [2015-03-16 00:59:56 | 000,107,008 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll [2015-03-16 00:58:03 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll [2015-03-13 20:19:42 | 000,378,880 | ---- | C] () -- C:\WINDOWS\SysWow64\av_dll.dll [2015-03-13 20:19:42 | 000,020,992 | ---- | C] () -- C:\WINDOWS\SysWow64\av_proxy.dll [2015-02-27 17:47:31 | 000,644,608 | ---- | C] () -- C:\WINDOWS\SysWow64\xvidcore.dll [2015-02-27 17:47:31 | 000,258,048 | ---- | C] () -- C:\WINDOWS\SysWow64\libFLAC.dll [2014-11-11 20:54:55 | 000,001,772 | ---- | C] () -- C:\ProgramData\cfSB1095A.ini [2014-11-10 18:47:15 | 000,001,772 | ---- | C] () -- C:\ProgramData\cfSB1095.ini [2014-09-14 16:57:21 | 000,022,024 | ---- | C] () -- C:\ProgramData\.sys [2014-09-13 17:10:15 | 000,280,904 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe [2014-09-13 17:10:14 | 000,076,152 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe [2014-09-12 00:35:27 | 000,172,097 | ---- | C] () -- C:\WINDOWS\SysWow64\NoMSGuninstall.exe [2014-09-12 00:35:27 | 000,000,911 | ---- | C] () -- C:\WINDOWS\SysWow64\ProductName.ini [2014-09-12 00:35:16 | 000,001,519 | ---- | C] () -- C:\WINDOWS\SysWow64\_IconCfg0.ini [2014-09-12 00:35:16 | 000,000,213 | ---- | C] () -- C:\WINDOWS\SysWow64\IconCfg0.ini [2014-09-12 00:32:05 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2014-09-12 00:21:56 | 001,762,308 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI [2014-08-14 00:23:42 | 000,186,368 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll [2014-08-14 00:23:38 | 012,728,192 | ---- | C] () -- C:\WINDOWS\SysWow64\igd11dxva32.dll [2014-03-18 11:58:10 | 000,002,255 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini [2013-08-22 17:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat [2013-08-22 17:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT [2013-08-22 16:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2013-08-22 09:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin [2013-08-22 01:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll [2013-08-22 01:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat [color=#E56717]========== ZeroAccess Check ==========[/color] [2014-09-12 15:52:56 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015-05-07 19:50:50 | 022,292,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015-05-07 18:53:12 | 019,734,960 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2014-10-29 03:19:43 | 001,013,760 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2014-10-29 02:59:23 | 000,786,944 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2014-10-29 03:16:01 | 000,512,512 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2015-06-14 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Azuon [2014-10-28 20:09:59 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Canneverbe Limited [2015-02-11 13:52:54 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\DAEMON Tools Lite [2014-09-18 13:49:52 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\ESET [2014-11-14 16:35:17 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\LolClient [2015-03-26 18:14:15 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\mxnitro [2015-02-27 13:50:41 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\NapiProjekt [2015-04-11 15:30:04 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\OpenFM [2014-09-13 13:15:19 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Opera Software [2014-09-13 13:09:49 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Origin [2014-11-14 13:20:34 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\Riot Games [2015-01-04 00:41:45 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\TS3Client [2015-07-16 18:32:25 | 000,000,000 | ---D | M] -- C:\Users\Norbert\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 237 bytes -> C:\Users\Norbert\OneDrive:ms-properties @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:56E2E879 < End of report >

extras:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2015-08-08 19:15:04 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Norbert\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17905) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,91 Gb Total Physical Memory | 1,22 Gb Available Physical Memory | 31,26% Memory free 4,60 Gb Paging File | 1,69 Gb Available in Paging File | 36,75% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86) Drive C: | 198,65 Gb Total Space | 138,20 Gb Free Space | 69,57% Space Free | Partition Type: NTFS Drive D: | 731,91 Gb Total Space | 486,87 Gb Free Space | 66,52% Space Free | Partition Type: NTFS Computer Name: NOREK | User Name: Norbert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- Reg Error: Key error. File not found .url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- Reg Error: Key error. File not found [HKEY_USERS\S-1-5-21-3598932418-1263865583-842487310-1001\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [Napisy24] -- "C:\Program Files (x86)\Napisy24\Napisy24.exe" "%1" (Napisy24.pl) Directory [OpenSubtitles] -- Reg Error: Key error. Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- Reg Error: Key error. htmlfile [opennew] -- Reg Error: Key error. http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" () Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang () Directory [Napisy24] -- "C:\Program Files (x86)\Napisy24\Napisy24.exe" "%1" (Napisy24.pl) Directory [OpenSubtitles] -- Reg Error: Key error. Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- Reg Error: Key error. CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = [binary data] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade] "UpgradeTime" = Reg Error: Unknown registry data type -- File not found [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{157AED41-C7EB-4F91-BAEE-35EE75B3EA4A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{234E2148-714E-4E30-B24C-5DEFD86E9490}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{24ED43E7-F38F-41D2-BE2D-AD5EF48F277C}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{28173F5C-7790-49DA-BC54-2AF31662708D}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{2940E8F9-3395-4792-BD36-ED5B97044A0D}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{2CFAA577-097C-40CA-AEA9-C279EA51D6BD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{2D78786E-D561-4BA2-AF2E-F1D807C51154}" = lport=139 | protocol=6 | dir=in | app=system | "{32B35CF2-C3DA-467B-82D8-E93B6A3F30A8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{54FA012C-6B88-427B-9E08-4391533A2FF1}" = lport=2869 | protocol=6 | dir=in | app=system | "{58E1F107-3E31-481C-AFC3-2D13F26DB720}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{5A0FF8C5-4436-4BB1-BF2C-8C90BD728219}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{6B3612B9-3CF2-46CC-91D5-AA81EC2C625F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{726BCAA4-3632-4414-B8C7-E38953199DDD}" = rport=139 | protocol=6 | dir=out | app=system | "{75A89E78-8899-4344-850A-B65C634D8584}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{8B5F4D09-AF81-485A-9157-C2B673B0F58A}" = lport=47984 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{8BE71C7D-E9D1-4C05-984E-71AD49E1EBD7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | "{8D94096E-D3B0-48CB-ADFD-6BBDCFD5E173}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{93A4AA1C-A0E5-45C1-8531-9153E8DFF710}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{93CF7D83-0974-4DF1-B257-7298B7F29BA0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | "{AEABE074-B1E2-415D-85D9-5FE7F748137D}" = rport=10243 | protocol=6 | dir=out | app=system | "{BDE697F2-0AE9-4B80-BE54-F48108C5ACBD}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | "{C1054A1F-5C21-432C-BD6A-1C26B8892B44}" = rport=445 | protocol=6 | dir=out | app=system | "{CB5A3021-2BC4-4DA4-8E4C-64C13C72417B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe | "{D2498FD4-228A-4622-8EC3-B6C43473D460}" = lport=10243 | protocol=6 | dir=in | app=system | "{D3AC90E9-03C6-43CB-924F-63209B41D999}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{D4E2091F-30EA-443A-A1B2-F4F1D24DE0F6}" = rport=138 | protocol=17 | dir=out | app=system | "{D7FC073D-ED2C-4A58-99FF-0E8E850174D8}" = lport=445 | protocol=6 | dir=in | app=system | "{EC14770F-4D92-474C-9513-0D71E55BCCA0}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | "{EFF80291-48CC-466C-A789-CE0A099F87DA}" = lport=137 | protocol=17 | dir=in | app=system | "{F8B1EF8E-6032-4FB9-B68E-4A44F9E2CF0A}" = rport=137 | protocol=17 | dir=out | app=system | "{FA3007E7-F478-4476-A2FF-F88B9C07DD26}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{FC449B82-591E-4E2E-B2AE-F34D63550412}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | "{FC56A28A-DA1F-464E-BC0F-9F605E7ECFA1}" = lport=138 | protocol=17 | dir=in | app=system | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{01AA266D-28AF-47FD-B0CD-3F6C3A66012C}" = dir=out | name=@{microsoft.zunevideo_2.6.441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{039184BE-0395-49BA-83F2-495BDB633635}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{094A3383-E9BE-4906-AD9D-02D864AC68F8}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{0E3B0CB0-8EE8-415F-BB5D-0B40C99AC791}" = protocol=17 | dir=in | app=c:\program files (x86)\napiprojekt\napisy.exe | "{14CD069F-C324-4207-B6AF-BD9C362F5556}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{19E08108-51FB-4B0F-8067-43E3C6642CF2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{1BE19728-E879-4EF5-B6E5-577308DF97B5}" = dir=out | name=@{microsoft.bingfinance_3.0.4.323_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | "{1C90FF41-6222-427A-9C0D-74641FF49D35}" = dir=out | name=@{microsoft.bingweather_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | "{1CC01BD4-D5BB-43B4-AC69-7279A1986DA1}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{1EB55539-41EA-47A8-BB01-714CF1E26C70}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{1F43DB25-0DB7-418D-82BC-FC97F42D4726}" = dir=out | name=skype | "{201DA091-3B03-472F-A255-3881D3F6BF64}" = dir=in | name=windows phone | "{23D880DB-96D0-4AC8-848C-9AD3D511E120}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{244A5F30-8688-48B0-B068-597C6A34AE22}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{24D401F8-8598-4757-A25D-AD1DFAABC2DA}" = dir=out | name=onenote | "{2AA70D8E-D3E1-4755-A3CD-51228D1BDDFA}" = dir=out | name=@{microsoft.bingsports_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | "{2B497C40-9336-4ECA-AB0A-DF900291E005}" = protocol=6 | dir=in | app=c:\users\norbert\appdata\roaming\utorrent\utorrent.exe | "{2EB2AD43-4B52-4748-8F0D-15E656B95056}" = protocol=6 | dir=out | app=system | "{2F4D6E7D-1BE2-4A99-B139-19DEFBBCC2D9}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{2F80FFFF-FD83-45D5-8F0D-EA8E2749F9F6}" = dir=out | name=windows_ie_ac_001 | "{2FCD2FB7-25DB-4DAB-882A-F83132EBBE68}" = dir=out | name=@{microsoft.zunemusic_2.6.672.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | "{30F4F0F3-14EB-496C-9C83-A8B8DB580009}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{310272CC-AA2E-4100-BAC8-79E90B6E9DAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{349525BA-BB66-4AC5-BD1E-4757EA061D18}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{349997B8-BB54-4E4B-8E0F-83D9AE96DE36}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{34A9AF57-E980-404A-8EC5-BD640A2AB146}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{38C07F99-FAB7-4BB2-835F-5DB7F48670AA}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | "{41F4F672-FEE3-4358-A885-17B62956EBF3}" = dir=in | name=juniper networks junos pulse | "{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | "{4439FE52-B4FA-46CC-89FF-92EED370441D}" = dir=out | name=windows phone | "{443FCAF4-747D-4373-AB1E-FD313948FDB4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{4514BCCD-161C-4C6A-9BFF-652424C0663F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{4A10F96C-04CC-4F1B-B237-EB8FCC364ADD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{4DAAB268-1781-42EF-A5C0-9B80679546B0}" = dir=out | name=juniper networks junos pulse | "{4E715214-F84A-4C39-B211-3547349553E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{54D43E8F-765D-40D2-A1F8-1148B399226B}" = protocol=6 | dir=in | app=d:\program files (x86)\gameforgelive\gfl_client.exe | "{554B9E43-BCE5-42AC-8A90-A3398BE4006A}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | "{564EB6C7-3BB7-43A3-81FF-CC8918364E26}" = dir=out | name=windows_ie_ac_001 | "{5A168BE4-542E-4554-AD7F-BFA38E3F7FC5}" = dir=out | name=check point vpn | "{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | "{6126E7F6-7133-4221-B3B1-A268E95B3652}" = protocol=6 | dir=in | app=c:\program files (x86)\napiprojekt\napisy.exe | "{628E4A60-1DA6-4D31-9DEC-58A9B1D7C03A}" = protocol=6 | dir=in | app=c:\program files (x86)\napiprojekt\napisy.exe | "{62DBFBEE-FB88-49C3-B3ED-B092EAD707CD}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{6544F490-FF02-4854-999A-3831BD24014B}" = dir=out | name=@{microsoft.bingfinance_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | "{67CC429C-91D7-4F16-8A6B-A2CE45B63A43}" = dir=out | name=allegro.pl | "{68241A0B-1BAD-448E-B7A3-2505B42678BE}" = dir=out | name=@{microsoft.bingmaps_2.1.3230.2048_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{6CA968BF-9830-44BD-BE8D-7DF5FD9B583D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{6CDA12E0-EA68-4A30-B1FF-006414E538FA}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{6DC0A12E-DAC2-4FD0-BAD5-A0DB0083D49C}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{6EBEC523-BE0E-46A5-A45E-982A527B92BC}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{6FDFFA47-81B8-4B65-BACD-5391D6C47606}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{70EBD4BB-70AC-4215-8413-08C261CB10FD}" = dir=out | name=angielski na co dzień | "{7270291A-7606-4F52-B9D5-321E66A324E8}" = dir=out | name=@{microsoft.bingweather_3.0.2.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/brandedapptitle} | "{76D5E34B-9549-4E7D-980B-3FA2F3188E56}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{77A1176B-F325-42FF-BF2F-B7B8A875FD46}" = dir=in | name=check point vpn | "{7B028A3D-8173-4251-AED5-6A1D2EB6665D}" = protocol=6 | dir=in | app=c:\program files (x86)\lg software\lg smart share\\dmr\smartsharedmr.exe | "{7B22AA6C-92F4-449A-AC87-83AA52EE7A03}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{7CD84D9E-66DA-4728-AABE-32646150BE1E}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{7D332624-C74F-45C3-B696-382A47006613}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{7E5EA47E-5179-4BE0-BCED-B77F9C8E2A95}" = dir=out | name=@{microsoft.bingtravel_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{82D9F7BE-B111-4402-A811-8E990B947ADE}" = protocol=17 | dir=in | app=c:\program files (x86)\lg software\lg smart share\\dmr\smartsharedmr.exe | "{8300A454-14F7-4444-B6E4-A0FFD1BE3719}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{84B5C6E4-B7D6-4B5D-BF50-34BACA93AA78}" = dir=out | name=f5 vpn | "{8751B64F-0659-47C0-8D91-BB8D9FC2FBBF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{89BB65FE-5D51-4970-9539-F92E81391A2F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{9146801A-161F-4A84-AF34-21708AEE2416}" = protocol=17 | dir=in | app=c:\program files (x86)\sony mobile\update engine\sony mobile update engine.exe | "{924F187F-6D60-465B-8B4C-8AADAAE9A372}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{9388D05C-00EE-41F8-A31F-98660E611517}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{962041A5-9851-4066-BF31-3B2327E5A645}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{969AFECD-140D-4DD5-B3B1-52A0EBF44932}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{97439100-1F8E-4066-8267-E0D8EB371E74}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{982E281C-DC74-4B7B-8901-44AE81CD438E}" = protocol=6 | dir=in | app=c:\program files (x86)\sony mobile\update engine\sony mobile update engine.exe | "{9D94CA58-22E3-4280-BC11-3E821A03BBB6}" = dir=out | name=windows_ie_ac_001 | "{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{A0CC7A24-B4B3-4C92-8E05-5DE1EEC4362B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{A1BC1202-0F62-4F3C-A9EE-AA4E6FABF1D0}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{A3EAA1F7-7D12-4D97-B80A-F7A51E4DE5C8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{A498A4C5-525B-4BA5-97D6-E89296F26DCB}" = dir=in | name=sonicwall mobile connect | "{A4E8A424-954D-4319-B020-682EA3CA2ACC}" = dir=out | name=@{microsoft.bingsports_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | "{A7F62AEF-A0E6-404F-9E31-F0956341F2D5}" = protocol=17 | dir=in | app=c:\users\norbert\appdata\roaming\utorrent\utorrent.exe | "{ABE4B7B8-0B86-4D7E-8577-8D5BA22FC381}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{AC28CDC3-2820-4F42-8CE1-446ADC095B2E}" = protocol=58 | dir=in | app=system | "{AD92D350-73E9-4667-B5D6-533FAE468880}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{AFA2D1DC-95E7-4D00-8ACF-703E70654F44}" = dir=out | name=@{microsoft.bingnews_3.0.4.336_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | "{B1BBFE37-EF56-4520-A03F-DD70427CBE02}" = dir=in | name=sonicwall mobile connect | "{B294FA3F-0641-46C6-8F29-3B84DC11C03B}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | "{B3BF0869-0756-443D-AEDF-E8215F05B219}" = dir=in | name=f5 vpn | "{B4CA5C0A-56BE-4D66-BB0C-933077C984B6}" = dir=out | name=skype | "{B62D469E-7117-46A2-B605-8317D59619E3}" = protocol=6 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\bf3.exe | "{B68DBF35-D0C0-46EB-ACDE-3DD8D959D58D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B7656236-D3F8-4DBC-A1B0-EE6C4670BFBE}" = dir=out | name=onenote | "{B8F80ECD-EDDE-41FB-BE82-1687D10BDC6E}" = dir=out | name=check point vpn | "{BA38FA28-AD80-4C90-99BB-4902E1EABB5E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{BA8B355C-3FC5-4B8E-9501-D789F7482BD8}" = dir=in | name=check point vpn | "{BB0A8AA5-B994-447F-9CE3-6C7DFD446E24}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{BDF7C975-6F88-492E-9AF5-3776EF8C0AAF}" = dir=out | name=sonicwall mobile connect | "{BEBEAF53-9BF0-46A1-BAAD-973D813C2EF1}" = dir=in | name=f5 vpn | "{BECBB15F-0E8B-4215-AA44-82ABCD4F5816}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | "{BFF556F0-6C34-470F-91D0-34F3C1E5A350}" = dir=out | name=@{microsoft.zunevideo_2.6.441.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | "{C069D6AF-B443-4E43-B984-FC81AD6CC9E7}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{C2CC3371-63A0-464B-9177-41E6CF032EFF}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C3E03319-241A-486B-8C59-F11304693F98}" = dir=out | name=sonicwall mobile connect | "{C47236A9-1A4B-4FDF-9273-1BB3A3BC7AC4}" = dir=out | name=juniper networks junos pulse | "{C4AADC76-1650-4BCB-9DC1-E28E7348BBC8}" = dir=in | name=skype | "{C5AAE2D3-3BEF-49B3-A5DA-821499CC758F}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{C5DF703E-29F2-4E6A-BE5B-40D2839CF1C7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{C93E4469-EFF4-4654-A505-EE9BC3EDA3BF}" = dir=out | name=ipla | "{C95311AC-6914-4F86-9007-5D21D52E1A66}" = protocol=17 | dir=in | app=d:\program files (x86)\origin games\battlefield 3\bf3.exe | "{C9AF4ECD-32C7-4624-B42D-F690EBA44C09}" = dir=in | name=skype | "{CA532115-5B25-4528-AA3B-036D6665B18E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{CB14E1E8-99EB-4F03-A64D-6AD4CF211A92}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{D01748D1-894B-445A-AFC2-2B33C145AE4A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{D6119114-E220-4930-AFC0-7E416954DA68}" = dir=out | name=f5 vpn | "{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | "{D712D847-6694-42C5-BD06-1AE257FA49CA}" = dir=in | name=juniper networks junos pulse | "{D92B36E3-A14A-471F-BB6B-1EA4753F5269}" = dir=out | name=electricpiano8 | "{D939CDFC-C16D-4A55-AE4D-EE4CFCAADFA2}" = dir=in | name=onenote | "{DA123DA1-7DA9-429A-BD4B-3C24793CB19F}" = protocol=6 | dir=in | app=c:\program files (x86)\lg software\lg smart share\\dms\smartsharedms.exe | "{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | "{DB854EF3-B090-45BE-AC99-422C228014AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DCA1F7E8-9DFE-4E7E-AC89-3DBBD02666E0}" = protocol=17 | dir=in | app=c:\program files (x86)\lg software\lg smart share\\dms\smartsharedms.exe | "{DD0A900F-F20C-4C81-90E1-C850069D21DB}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{E1B841AD-67AB-4C30-BBD9-0671EE718AEE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E8106502-07D0-4BFD-91E5-1D416A53D641}" = dir=out | name=@{microsoft.bingnews_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | "{EA91FECC-248C-46FC-80DC-9ACE656A9361}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | "{F1210780-6DF5-4618-90C5-9C80ED24B658}" = protocol=17 | dir=in | app=c:\program files (x86)\napiprojekt\napisy.exe | "{F23588A3-5924-429B-B49D-9AF582F4FF99}" = dir=out | name=@{microsoft.bingtravel_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | "{F4CA05FA-3BC4-47D5-9CF6-9A6C46BE19FC}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20540_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | "{F4DE5EF0-E80B-41F0-9C57-90F285205647}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.4.322_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | "{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | "{F728D1B3-F64E-4D8F-A0E0-AB4E4A2E4032}" = dir=in | name=onenote | "{F7686735-1007-45C2-ADE1-0FE12459BEA2}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | "{F88BD9A1-EB6A-4603-9799-F1A6D6EA0BC4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{FEEC31B2-FE6C-4007-92AF-1DC9B21689C9}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "TCP Query User{03E42BB6-64C4-4099-99D9-BF95D4D0B400}D:\gry\counter-strike 1.6 windows 8\hl.exe" = protocol=6 | dir=in | app=d:\gry\counter-strike 1.6 windows 8\hl.exe | "TCP Query User{EEAAE772-E6EA-4D3C-9FA7-433F1CD35B70}D:\program files (x86)\need for speed rivals\nfs14.exe" = protocol=6 | dir=in | app=d:\program files (x86)\need for speed rivals\nfs14.exe | "UDP Query User{B690962E-9435-461D-88C0-9FBAB00FAAD3}D:\program files (x86)\need for speed rivals\nfs14.exe" = protocol=17 | dir=in | app=d:\program files (x86)\need for speed rivals\nfs14.exe | "UDP Query User{E3ABF07D-0393-414A-A953-9A2F7674C5E4}D:\gry\counter-strike 1.6 windows 8\hl.exe" = protocol=17 | dir=in | app=d:\gry\counter-strike 1.6 windows 8\hl.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 "{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel(R) Rapid Storage Technology "{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64) "{7629623D-F0D0-4AC6-A763-FBE06ED8288C}" = Intel(R) Rapid Storage Technology "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{90150000-0015-0415-1000-0000000FF1CE}" = Microsoft Access MUI (Polish) 2013 "{90150000-0016-0415-1000-0000000FF1CE}" = Microsoft Excel MUI (Polish) 2013 "{90150000-0018-0415-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (Polish) 2013 "{90150000-0019-0415-1000-0000000FF1CE}" = Microsoft Publisher MUI (Polish) 2013 "{90150000-001A-0415-1000-0000000FF1CE}" = Microsoft Outlook MUI (Polish) 2013 "{90150000-001B-0415-1000-0000000FF1CE}" = Microsoft Word MUI (Polish) 2013 "{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-0415-1000-0000000FF1CE}" = Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski "{90150000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2013 "{90150000-0044-0415-1000-0000000FF1CE}" = Microsoft InfoPath MUI (Polish) 2013 "{90150000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2013 "{90150000-0090-0415-1000-0000000FF1CE}" = Microsoft DCF MUI (Polish) 2013 "{90150000-00A1-0415-1000-0000000FF1CE}" = Microsoft OneNote MUI (Polish) 2013 "{90150000-00BA-0415-1000-0000000FF1CE}" = Microsoft Groove MUI (Polish) 2013 "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013 "{90150000-00C1-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2013 "{90150000-00E1-0415-1000-0000000FF1CE}" = Microsoft Office OSM MUI (Polish) 2013 "{90150000-00E2-0415-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Polish) 2013 "{90150000-012B-0415-1000-0000000FF1CE}" = Microsoft Lync MUI (Polish) 2013 "{9495AEB4-AB97-39DE-8C42-806EEF75ECA7}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 344.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 344.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 2.1.4 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus Update 16.13.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.14.0702 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 16.13.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GfExperienceService" = NVIDIA GeForce Experience Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 16.13.65 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController" = SHIELD Wireless Controller Driver "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.26 "{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 "{D3415F15-8C15-328C-933C-9075E60843CA}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK "{DA2600C1-6BDF-4FD1-8F3D-148929CC1385}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{F3D78BA2-A8C6-40A3-AEBB-25D8FA49BB9A}" = ESET Smart Security "71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42" = Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) "8A223E56FB1ED4F697B54E5BF96F1EB63B512684" = Pakiet sterowników systemu Windows - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) "CCleaner" = CCleaner "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - PLK" = Polski pakiet językowy dla narzędzi Microsoft Visual Studio 2010 Tools for Office Runtime (x64) "Office15.PROPLUS" = Microsoft Office Professional Plus 2013 "SynTPDeinstKey" = Synaptics Pointing Device Driver "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR 5.11 (64-bitowy) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{04C6D5E8-3167-4EBE-93DA-BF60F469E33B}" = Azuon "{0A9DA353-D0CD-4922-A54B-2F5F4EC90986}" = Sound Blaster X-Fi Surround 5.1 Pro "{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}" = Intel(R) Update Manager "{146BDBDD-ACD9-4B04-A286-C27471841E8E}_is1" = ALLPlayer Pilot "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 7.5 "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 "{507C16D7-08B5-4FC7-88E5-F28B7AC01324}" = System Requirements Lab Detection "{5DE67937-45D5-45E4-923C-0B7F7EC929A7}" = League of Legends "{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}" = Google Update Helper "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6D1221A9-17BF-4EC0-81F2-27D30EC30701}" = Skype Click to Call "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{80EE9168-BB59-4F87-BF1A-57C137EAF714}" = LogMeIn Hamachi "{817750FA-EC6A-485D-9901-0683AE6FFDF1}" = Google Earth "{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play "{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 2.0.6 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-0804-1033-1959-001824147215}" = Adobe Refresh Manager "{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.12) - Polish "{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 "{B455E95A-B804-439F-B533-336B1635AE97}" = NVIDIA PhysX "{BAB337AE-DD9E-45C3-BED6-0EE4732AEC60}" = SmartShare "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 "{C515E2A3-4878-4C85-A519-52630C7AB08B}" = VirtualDJ PRO Full "{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D1985DBC-F09E-4317-91B8-932AD0FD4A27}_is1" = Napisy24 "{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera "{E55E04F1-7209-487F-968E-2B0F13617392}" = English for Law Enforcement "{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™ "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.245 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F410D073-4B65-4A7B-A343-A1ECDAA9E6F2}_is1" = Counter-Strike 1.6 Windows 8 "Adobe Flash Player NPAPI" = Adobe Flash Player 18 NPAPI "ALLPlayer_is1" = ALLPlayer V6.X "ASIO4ALL" = ASIO4ALL "Battlelog Web Plugins" = Battlelog Web Plugins "Creative_ASIO(USB)" = Creative ASIO (USB) "Crysis 3_is1" = Crysis 3 version 1.0.0.0 "Dolby Digital Live Pack" = Dolby Digital Live Pack "FL Studio 11" = FL Studio 11 "FlowStone" = FlowStone FL 3.0 "Free Hide Folder" = Free Hide Folder "Google Chrome" = Google Chrome "IL Download Manager" = IL Download Manager "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "League of Legends 3.0.1" = League of Legends "LogMeIn Hamachi" = LogMeIn Hamachi "MxNitro" = Maxthon Nitro "NapiProjekt_is1" = NapiProjekt (2.2.0.2399) "Need for Speed Rivals_is1" = Need for Speed Rivals wersja 1.2.0.0 "Opera 31.0.1889.99" = Opera Stable 31.0.1889.99 "Origin" = Origin "PLAY ONLINE" = PLAY ONLINE "PunkBusterSvc" = PunkBuster Services "Rockstar Games Social Club" = Rockstar Games Social Club "SysInfo" = Creative System Information "Tombraider_is1" = Tombraider "Update Engine" = Sony Mobile Update Engine "WiFi Password Revealer_is1" = WiFi Password Revealer [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-3598932418-1263865583-842487310-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "OpenFM" = OpenFM "uTorrent" = µTorrent [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2015-08-08 12:04:21 | Computer Name = Norek | Source = Application Hang | ID = 1002 Description = Program virtualdj_pro.exe w wersji 7.4.0.0 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania. Identyfikator procesu: 2268 Godzina rozpoczęcia: 01d0d1f3ba1acc6b Godzina zakończenia: 4 Ścieżka aplikacji: C:\Program Files (x86)\VirtualDJ\virtualdj_pro.exe Identyfikator raportu: 1f86eff7-3de7-11e5-bea1-f83cd43ff801 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error - 2015-08-08 12:13:09 | Computer Name = Norek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: backgroundTaskHost.exe, wersja: 6.3.9600.17415, sygnatura czasowa: 0x545042b7 Nazwa modułu powodującego błąd: twinapi.appcore.dll, wersja: 6.3.9600.17415, sygnatura czasowa: 0x54503c4d Kod wyjątku: 0xc000027b Przesunięcie błędu: 0x0000000000063c1f Identyfikator procesu powodującego błąd: 0x2264 Godzina uruchomienia aplikacji powodującej błąd: 0x01d0d1f51dac4995 Ścieżka aplikacji powodującej błąd: C:\WINDOWS\system32\backgroundTaskHost.exe Ścieżka modułu powodującego błąd: C:\Windows\System32\twinapi.appcore.dll Identyfikator raportu: 5b8ff211-3de8-11e5-bea1-f83cd43ff801 Pełna nazwa pakietu powodującego błąd: Redefine.ipla_3.1.6.0_x64__wezn46m95z9ge Identyfikator aplikacji względem pakietu powodującego błąd: App Error - 2015-08-08 12:28:09 | Computer Name = Norek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: backgroundTaskHost.exe, wersja: 6.3.9600.17415, sygnatura czasowa: 0x545042b7 Nazwa modułu powodującego błąd: twinapi.appcore.dll, wersja: 6.3.9600.17415, sygnatura czasowa: 0x54503c4d Kod wyjątku: 0xc000027b Przesunięcie błędu: 0x0000000000063c1f Identyfikator procesu powodującego błąd: 0x1a84 Godzina uruchomienia aplikacji powodującej błąd: 0x01d0d1f736229734 Ścieżka aplikacji powodującej błąd: C:\WINDOWS\system32\backgroundTaskHost.exe Ścieżka modułu powodującego błąd: C:\Windows\System32\twinapi.appcore.dll Identyfikator raportu: 73e1f66d-3dea-11e5-bea1-f83cd43ff801 Pełna nazwa pakietu powodującego błąd: Redefine.ipla_3.1.6.0_x64__wezn46m95z9ge Identyfikator aplikacji względem pakietu powodującego błąd: App Error - 2015-08-08 12:43:10 | Computer Name = Norek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: backgroundTaskHost.exe, wersja: 6.3.9600.17415, sygnatura czasowa: 0x545042b7 Nazwa modułu powodującego błąd: twinapi.appcore.dll, wersja: 6.3.9600.17415, sygnatura czasowa: 0x54503c4d Kod wyjątku: 0xc000027b Przesunięcie błędu: 0x0000000000063c1f Identyfikator procesu powodującego błąd: 0x1a98 Godzina uruchomienia aplikacji powodującej błąd: 0x01d0d1f94e8f136b Ścieżka aplikacji powodującej błąd: C:\WINDOWS\system32\backgroundTaskHost.exe Ścieżka modułu powodującego błąd: C:\Windows\System32\twinapi.appcore.dll Identyfikator raportu: 8d524ddb-3dec-11e5-bea1-f83cd43ff801 Pełna nazwa pakietu powodującego błąd: Redefine.ipla_3.1.6.0_x64__wezn46m95z9ge Identyfikator aplikacji względem pakietu powodującego błąd: App Error - 2015-08-08 12:58:10 | Computer Name = Norek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: backgroundTaskHost.exe, wersja: 6.3.9600.17415, sygnatura czasowa: 0x545042b7 Nazwa modułu powodującego błąd: twinapi.appcore.dll, wersja: 6.3.9600.17415, sygnatura czasowa: 0x54503c4d Kod wyjątku: 0xc000027b Przesunięcie błędu: 0x0000000000063c1f Identyfikator procesu powodującego błąd: 0x1a30 Godzina uruchomienia aplikacji powodującej błąd: 0x01d0d1fb67001772 Ścieżka aplikacji powodującej błąd: C:\WINDOWS\system32\backgroundTaskHost.exe Ścieżka modułu powodującego błąd: C:\Windows\System32\twinapi.appcore.dll Identyfikator raportu: a5cdf0c9-3dee-11e5-bea1-f83cd43ff801 Pełna nazwa pakietu powodującego błąd: Redefine.ipla_3.1.6.0_x64__wezn46m95z9ge Identyfikator aplikacji względem pakietu powodującego błąd: App Error - 2015-08-08 13:03:18 | Computer Name = Norek | Source = Application Hang | ID = 1002 Description = Program LiveComm.exe w wersji 17.5.9600.20911 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania. Identyfikator procesu: 1640 Godzina rozpoczęcia: 01d0d1f736229734 Godzina zakończenia: 4294967295 Ścieżka aplikacji: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe Identyfikator raportu: 5a845b30-3def-11e5-bea1-f83cd43ff801 Pełna nazwa pakietu powodującego błąd: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe Identyfikator aplikacji względem pakietu powodującego błąd: ppleae38af2e007f4358a809ac99a64a67c1 Error - 2015-08-08 13:09:30 | Computer Name = Norek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: pm0hfxt9.exe, wersja: 2.1.19357.0, sygnatura czasowa: 0x52e7ea83 Nazwa modułu powodującego błąd: pm0hfxt9.exe, wersja: 2.1.19357.0, sygnatura czasowa: 0x52e7ea83 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000011aa Identyfikator procesu powodującego błąd: 0xad4 Godzina uruchomienia aplikacji powodującej błąd: 0x01d0d1fcef613aed Ścieżka aplikacji powodującej błąd: D:\pm0hfxt9.exe Ścieżka modułu powodującego błąd: D:\pm0hfxt9.exe Identyfikator raportu: 3b357aae-3df0-11e5-bea1-f83cd43ff801 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error - 2015-08-08 13:11:04 | Computer Name = Norek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: pm0hfxt9.exe, wersja: 2.1.19357.0, sygnatura czasowa: 0x52e7ea83 Nazwa modułu powodującego błąd: pm0hfxt9.exe, wersja: 2.1.19357.0, sygnatura czasowa: 0x52e7ea83 Kod wyjątku: 0xc0000005 Przesunięcie błędu: 0x000011aa Identyfikator procesu powodującego błąd: 0x1c80 Godzina uruchomienia aplikacji powodującej błąd: 0x01d0d1fd3380e089 Ścieżka aplikacji powodującej błąd: D:\pm0hfxt9.exe Ścieżka modułu powodującego błąd: D:\pm0hfxt9.exe Identyfikator raportu: 72e2e9b9-3df0-11e5-bea1-f83cd43ff801 Pełna nazwa pakietu powodującego błąd: Identyfikator aplikacji względem pakietu powodującego błąd: Error - 2015-08-08 13:13:10 | Computer Name = Norek | Source = Application Error | ID = 1000 Description = Nazwa aplikacji powodującej błąd: backgroundTaskHost.exe, wersja: 6.3.9600.17415, sygnatura czasowa: 0x545042b7 Nazwa modułu powodującego błąd: twinapi.appcore.dll, wersja: 6.3.9600.17415, sygnatura czasowa: 0x54503c4d Kod wyjątku: 0xc000027b Przesunięcie błędu: 0x0000000000063c1f Identyfikator procesu powodującego błąd: 0x21c0 Godzina uruchomienia aplikacji powodującej błąd: 0x01d0d1fd7f717cc9 Ścieżka aplikacji powodującej błąd: C:\WINDOWS\system32\backgroundTaskHost.exe Ścieżka modułu powodującego błąd: C:\Windows\System32\twinapi.appcore.dll Identyfikator raportu: be43d980-3df0-11e5-bea1-f83cd43ff801 Pełna nazwa pakietu powodującego błąd: Redefine.ipla_3.1.6.0_x64__wezn46m95z9ge Identyfikator aplikacji względem pakietu powodującego błąd: App Error - 2015-08-08 13:21:36 | Computer Name = Norek | Source = Application Hang | ID = 1002 Description = Program LiveComm.exe w wersji 17.5.9600.20911 przestał współpracować z systemem Windows i został zamknięty. Aby sprawdzić, czy jest dostępnych więcej informacji na temat tego problemu, sprawdź historię problemu w aplecie Centrum akcji w Panelu sterowania. Identyfikator procesu: 2cc Godzina rozpoczęcia: 01d0d1fc1f98ce09 Godzina zakończenia: 4294967295 Ścieżka aplikacji: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\LiveComm.exe Identyfikator raportu: ea3d1441-3df1-11e5-bea1-f83cd43ff801 Pełna nazwa pakietu powodującego błąd: microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe Identyfikator aplikacji względem pakietu powodującego błąd: ppleae38af2e007f4358a809ac99a64a67c1 [ System Events ] Error - 2015-08-08 13:20:15 | Computer Name = Norek | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Harmonogram klas multimediów z powodu następującego błędu: %%1053 Error - 2015-08-08 13:20:15 | Computer Name = Norek | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Harmonogram klas multimediów z powodu następującego błędu: %%1053 Error - 2015-08-08 13:20:15 | Computer Name = Norek | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Harmonogram klas multimediów z powodu następującego błędu: %%1053 Error - 2015-08-08 13:20:15 | Computer Name = Norek | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Harmonogram klas multimediów z powodu następującego błędu: %%1053 Error - 2015-08-08 13:20:15 | Computer Name = Norek | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Harmonogram klas multimediów z powodu następującego błędu: %%1053 Error - 2015-08-08 13:20:15 | Computer Name = Norek | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Harmonogram klas multimediów z powodu następującego błędu: %%1053 Error - 2015-08-08 13:20:15 | Computer Name = Norek | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Harmonogram klas multimediów z powodu następującego błędu: %%1053 Error - 2015-08-08 13:20:15 | Computer Name = Norek | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Harmonogram klas multimediów z powodu następującego błędu: %%1053 Error - 2015-08-08 13:21:02 | Computer Name = Norek | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Asystent logowania za pomocą konta Microsoft z powodu następującego błędu: %%1053 Error - 2015-08-08 13:21:37 | Computer Name = Norek | Source = Service Control Manager | ID = 7000 Description = Nie można uruchomić usługi Klient zasad grupy z powodu następującego błędu: %%1053 < End of report >

**Posty:** 4765 · przez **ordynat** 08 Sie 2015, 21:39

W logach nie ma niczego podejrzanego.

Kosmetyka:
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
O4 - Startup: C:\Users\Norbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wysyłanie do programu OneNote.lnk = File not found

:Reg
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt.
.

Powolne otwieranie aplikacji/zwiechy

Powolne otwieranie aplikacji/zwiechy

Powolne otwieranie aplikacji/zwiechy

Kto jest na forum