Rozłączanie sieci wi-fi

**Posty:** 1 · przez **Pasiak23** 08 Maj 2016, 17:52

Cześć, jak w temacie sięć Wi-Fi caly czas się rozłącza mimo wysokiej siły sygnału 4-5 kresek. W laptopie tej samej firmy (Dell) w tym samym pomieszczeniu działa bez zarzutu. Poniżej wklejam logi. Dziękuje za sprawdzenie.

Logi z FRST:

FRST:

Kod: Zaznacz wszystko: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016 Ran by Kacper (administrator) on KACPER-PC (08-05-2016 16:19:44) Running from C:\Users\Kacper\Desktop Loaded Profiles: Kacper (Available Profiles: Kacper) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (AMD) C:\Windows\System32\atiesrxx.exe (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (AMD) C:\Windows\System32\atieclxx.exe (Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe (Dassault Systemes) D:\Program Files\Dassault Systemes\B201\win_b64\code\bin\CATSysDemon.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (SafeNet Inc.) C:\Windows\System32\hasplms.exe (DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\loggingserver.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Piriform Ltd) D:\Program Files\CCleaner\CCleaner64.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Users\Kacper\Downloads\fzfc0eoz.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-05-14] (Brother Industries, Ltd.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2885704 2016-05-05] () HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [318248 2016-01-08] (Samsung Electronics Co., Ltd.) HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\...\Run: [GoogleChromeAutoLaunch_71CAF950143695B9CBC7992A0202B018] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [881304 2016-04-28] (Google Inc.) HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.) HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\...\Run: [CCleaner Monitoring] => D:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd) HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\...\Policies\Explorer: [] HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\...\MountPoints2: F - F:\Start.exe HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\...\MountPoints2: H - H:\setup.exe HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\...\MountPoints2: {3f6a6bc6-8a63-11e5-a38e-c01885be08cc} - H:\setup.exe HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\...\MountPoints2: {c25585a3-7c3a-11e5-a2d2-c01885be08cc} - F:\Start.exe HKU\S-1-5-18\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll [2013-02-08] (Autodesk, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-10-21] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{E9799578-E7F3-4489-90A3-75F5310E6E15}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\Software\Microsoft\Internet Explorer\Main,Search Page = www.bing.com HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={9591EFBC-3249-44CC-9F1F-C5A3977869B9}&mid=13aab01ea96647cc8c1c1151c35ae13f-c631a4dd210e35c9ffaae1291418dcb592aa65a5&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0316av&pr=fr&d=2016-03-14 19:21:43&v=4.2.9.726&pid=wtu&sg=&sap=hp SearchScopes: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={9591EFBC-3249-44CC-9F1F-C5A3977869B9}&mid=13aab01ea96647cc8c1c1151c35ae13f-c631a4dd210e35c9ffaae1291418dcb592aa65a5&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-14 19:21:43&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms} SearchScopes: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={9591EFBC-3249-44CC-9F1F-C5A3977869B9}&mid=13aab01ea96647cc8c1c1151c35ae13f-c631a4dd210e35c9ffaae1291418dcb592aa65a5&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-14 19:21:43&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms} BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-06] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-02-18] (AO Kaspersky Lab) BHO-x32: BitComet Helper -> {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} -> C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll [2013-11-29] (BitComet) BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.9.726\AVG Web TuneUp.dll [2016-05-05] (AVG) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-06] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-02-18] (AO Kaspersky Lab) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-06] (Google Inc.) Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-02-18] (AO Kaspersky Lab) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-06] (Google Inc.) Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll [2016-02-18] (AO Kaspersky Lab) FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File] FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [No File] FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.) FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-05-07] Chrome: ======= CHR HomePage: Default -> hxxps://www.google.pl/ CHR StartupUrls: Default -> "hxxp://www.gaytube.com/","hxxp://www.gazeta.pl/0,0.html?p=166","hxxp://www.oursurfing.com/?type=hp&ts=1444936854&z=0d298ef63ececa276ca283dgez5z9z7t0c2q2bdwbz&from=exp1&uid=st9500325as_5vesa3v7xxxx5vesa3v7" CHR Profile: C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Prezentacje Google) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-20] CHR Extension: (Dokumenty Google) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-20] CHR Extension: (Dysk Google) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-20] CHR Extension: (Adblock Plus) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-08] CHR Extension: (Adblock dla serwisu Youtube™) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-03-05] CHR Extension: (Google Search) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26] CHR Extension: (Kaspersky Protection) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\eahebamiopdhefndnmappcihfajigkka [2016-05-07] CHR Extension: (Arkusze Google) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-20] CHR Extension: (Dokumenty Google offline) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14] CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04] CHR Extension: (Gmail) - C:\Users\Kacper\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-20] CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka CHR HKLM-x32\...\Chrome\Extension: [dhigneefebkcagnpnpbibganpmfgebnk] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated) R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed] R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2016-02-18] (Kaspersky Lab ZAO) R2 BBDemon; d:\Program Files\Dassault Systemes\B201\win_b64\code\bin\CATSysDemon.exe [46592 2009-09-26] (Dassault Systemes) [File not signed] S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] (www.BitComet.com) S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed] S3 CoordinatorServiceHost; D:\Program Files\soldiworks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe [81400 2015-03-06] (Dassault Systèmes SolidWorks Corporation) R2 hasplms; C:\Windows\system32\hasplms.exe [4466120 2013-01-11] (SafeNet Inc.) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-06-04] (Intel Corporation) S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2015-10-22] (SolidWorks) [File not signed] R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.) S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab) R2 vToolbarUpdater40.2.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-12] (AVG Secure Search) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [6178304 2015-10-21] (Dell Inc.) [File not signed] R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1223752 2016-05-05] () ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [65248 2015-04-23] (Advanced Micro Devices, Inc.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2015-10-21] (Broadcom Corporation.) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO) S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-10-27] (Disc Soft Ltd) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [331144 2013-03-11] (SafeNet Inc.) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO) R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO) R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70000 2015-06-27] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [77728 2016-05-07] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [181640 2016-02-18] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [227000 2016-02-18] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934808 2016-05-07] (AO Kaspersky Lab) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39096 2015-06-11] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [41144 2015-06-06] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [41648 2015-06-07] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-02-18] (AO Kaspersky Lab) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-11] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [103096 2015-06-16] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO) S3 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM) S3 iscFlash; \??\C:\Users\Kacper\AppData\Local\Temp\7zSA0D0.tmp\iscflashx64.sys [X] U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] S4 sptd; \SystemRoot\System32\Drivers\sptd.sys [X] U3 ufdiipoc; \??\C:\Users\Kacper\AppData\Local\Temp\ufdiipoc.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-08 16:19 - 2016-05-08 16:20 - 00020855 _____ C:\Users\Kacper\Desktop\FRST.txt 2016-05-08 16:19 - 2016-05-08 16:19 - 00000000 ____D C:\FRST 2016-05-08 16:18 - 2016-05-08 16:18 - 02379264 _____ (Farbar) C:\Users\Kacper\Downloads\FRST64.exe 2016-05-08 16:18 - 2016-05-08 16:18 - 02379264 _____ (Farbar) C:\Users\Kacper\Desktop\FRST64.exe 2016-05-08 16:15 - 2016-05-08 16:15 - 02379264 _____ (Farbar) C:\Users\Kacper\Desktop\FRST64 (1).exe 2016-05-08 16:03 - 2016-05-08 16:03 - 00380928 _____ C:\Users\Kacper\Downloads\fzfc0eoz.exe 2016-05-08 15:47 - 2016-05-08 15:47 - 00593952 _____ (Duplex Secure Ltd) C:\Users\Kacper\Downloads\SPTDinst-v189-x64.exe 2016-05-08 15:36 - 2016-05-08 15:36 - 752171230 _____ C:\Windows\MEMORY.DMP 2016-05-08 15:36 - 2016-05-08 15:36 - 00310152 _____ C:\Windows\Minidump\050816-27580-01.dmp 2016-05-07 17:15 - 2016-05-07 17:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files 2016-05-07 17:10 - 2016-05-07 17:10 - 00002398 _____ C:\Users\Kacper\Desktop\Safe Money.lnk 2016-05-07 17:09 - 2016-05-07 17:09 - 00002132 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk 2016-05-07 17:09 - 2016-05-07 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2016-05-07 17:07 - 2016-05-08 15:55 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2016-05-07 17:07 - 2016-05-07 17:07 - 00000000 ____D C:\Windows\ELAMBKUP 2016-05-07 17:07 - 2016-05-07 17:07 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab 2016-05-07 17:07 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll 2016-05-07 17:06 - 2016-05-07 17:25 - 00934808 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys 2016-05-07 17:06 - 2016-02-18 23:37 - 00227000 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys 2016-05-07 17:06 - 2016-02-18 23:37 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys 2016-05-07 14:40 - 2016-05-07 14:40 - 03950679 _____ C:\Users\Kacper\Downloads\Joining-processes-project-2016.04.28-2.pptx 2016-05-07 14:35 - 2016-05-07 14:36 - 00000012 _____ C:\Users\Kacper\Desktop\New Text Document (2).txt 2016-05-06 18:09 - 2016-05-06 18:09 - 00000000 ____D C:\Users\Kacper\Desktop\PROJECT1 2016-05-06 15:01 - 2016-05-06 15:01 - 03293846 _____ C:\Users\Kacper\Downloads\Joining processes project 2016.04.28.pptx 2016-05-06 13:44 - 2016-05-06 13:44 - 00002774 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC 2016-05-06 13:44 - 2016-05-06 13:44 - 00000688 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-05-06 13:44 - 2016-05-06 13:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-05-06 13:44 - 2016-05-06 13:44 - 00000000 ____D C:\ProgramData\Google 2016-05-06 13:44 - 2016-05-06 13:44 - 00000000 ____D C:\Program Files\Google 2016-05-06 13:41 - 2016-05-06 13:44 - 00000000 ____D C:\Users\Kacper\Downloads\CCleaner 5.02.5101 Professional [Full]_ PL 2016-05-06 13:41 - 2016-05-06 13:41 - 06116940 _____ C:\Users\Kacper\Downloads\! CCleaner 5.02.5101 Professional [Full]_ PL.rar 2016-04-24 19:43 - 2016-04-24 19:43 - 01490963 _____ C:\Users\Kacper\Downloads\video-1461076637.mp4 2016-04-24 19:30 - 2016-04-24 19:30 - 00000000 ____N C:\Users\Kacper\Desktop\1as.NC 2016-04-24 10:55 - 2016-04-24 23:07 - 00004076 ____N C:\Users\Kacper\Desktop\project1.NC 2016-04-23 22:07 - 2016-04-23 22:39 - 00000142 ____N C:\Users\Kacper\Desktop\PROGRAM.NC 2016-04-23 18:43 - 2016-04-23 18:43 - 00000611 _____ C:\Users\Public\Desktop\CIMCO Edit V6.lnk 2016-04-23 18:43 - 2016-04-23 18:43 - 00000600 _____ C:\Users\Public\Desktop\DNC-Max Client V6.lnk 2016-04-23 18:43 - 2016-04-23 18:43 - 00000592 _____ C:\Users\Public\Desktop\DNC-Max Server V6.lnk 2016-04-23 18:43 - 2016-04-23 18:43 - 00000000 ____D C:\Users\Kacper\AppData\Roaming\CIMCO Integration 2016-04-23 18:43 - 2016-04-23 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIMCO V6 2016-04-23 18:41 - 2016-04-23 18:42 - 00000000 ____D C:\Users\Kacper\Downloads\New folder (3) 2016-04-23 18:31 - 2016-04-23 18:31 - 00000760 _____ C:\Users\Public\Desktop\CutViewer Turn.lnk 2016-04-23 18:31 - 2016-04-23 18:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutViewer Turn 2016-04-23 18:30 - 2016-04-23 18:31 - 00000000 ____D C:\Users\Kacper\Downloads\New folder (2) 2016-04-23 18:27 - 2016-04-23 18:32 - 00000032 _____ C:\Users\Kacper\Desktop\CAM.nc.txt 2016-04-23 18:26 - 2016-04-23 18:27 - 00000032 _____ C:\Users\Kacper\Desktop\New Text Document.txt 2016-04-22 15:19 - 2016-04-22 15:19 - 00496802 _____ C:\Users\Kacper\Downloads\GCC_WAH_PL2.pdf 2016-04-22 13:26 - 2016-04-22 13:26 - 00087266 _____ C:\Users\Kacper\Downloads\005695387Z (2).pdf 2016-04-22 13:20 - 2016-04-22 13:20 - 00263902 _____ C:\Users\Kacper\Desktop\RFPS5R_Skrzyniarz.pdf 2016-04-21 19:01 - 2016-04-21 19:01 - 00001907 _____ C:\Users\Kacper\Desktop\CAMotics.lnk 2016-04-21 19:01 - 2016-04-21 19:01 - 00000000 ____D C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CAMotics 2016-04-21 19:01 - 2016-04-21 19:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAMotics 2016-04-21 19:01 - 2016-04-21 19:01 - 00000000 ____D C:\Program Files (x86)\CAMotics 2016-04-21 18:32 - 2016-04-21 18:32 - 00000000 ____D C:\WinNC32_2 2016-04-21 18:32 - 2016-04-21 18:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO (1) 2016-04-21 17:45 - 2016-04-21 17:45 - 00000000 ____D C:\Users\Kacper\Downloads\WinNC SINUMERIK 840D Pack Program + Pdfy 2016-04-21 17:34 - 2016-04-21 17:35 - 00000000 ____D C:\WinNC32 2016-04-21 17:34 - 2016-04-21 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO 2016-04-21 17:19 - 2016-04-21 17:19 - 00147456 _____ C:\Users\Kacper\Downloads\Czesc1.SLDPRT 2016-04-21 16:36 - 2016-04-21 16:36 - 06810129 _____ C:\Users\Kacper\Downloads\fanuc-instrukcja cz.1.pdf 2016-04-21 16:36 - 2016-04-21 16:36 - 00363186 _____ C:\Users\Kacper\Downloads\FANUC_podstawy_programowania.pdf 2016-04-20 22:43 - 2016-04-20 22:43 - 02290403 _____ C:\Users\Kacper\Downloads\Joining-processes-project.pptx 2016-04-17 23:33 - 2016-04-17 23:33 - 00000000 ____D C:\Program Files\SAMSUNG 2016-04-17 22:18 - 2016-04-17 22:18 - 00002825 _____ C:\Users\Kacper\Desktop\Kacper Skrzyniarz (Gal - Shortcut.lnk 2016-04-13 12:50 - 2016-03-18 00:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-04-13 12:50 - 2016-03-18 00:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2016-04-13 12:50 - 2016-03-18 00:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-04-13 12:50 - 2016-03-18 00:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2016-04-13 12:50 - 2016-03-17 23:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-04-13 12:50 - 2016-03-17 23:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-04-13 12:50 - 2016-03-17 23:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-04-13 12:50 - 2016-03-17 23:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-04-13 12:50 - 2016-03-17 23:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-04-13 12:50 - 2016-03-17 23:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-04-13 12:50 - 2016-03-16 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-04-13 12:50 - 2016-03-16 19:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-04-13 12:50 - 2016-03-16 19:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-04-13 12:50 - 2016-03-06 19:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2016-04-13 12:50 - 2016-03-06 19:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2016-04-13 12:50 - 2016-03-06 19:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2016-04-13 12:50 - 2016-03-06 19:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2016-04-13 12:50 - 2016-02-02 19:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2016-04-13 12:49 - 2016-04-04 19:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2016-04-13 12:49 - 2016-04-04 19:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2016-04-13 12:49 - 2016-04-02 14:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2016-04-13 12:49 - 2016-03-29 18:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2016-04-13 12:49 - 2016-03-23 15:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2016-04-13 12:49 - 2016-03-18 00:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-04-13 12:49 - 2016-03-18 00:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-04-13 12:49 - 2016-03-17 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-04-13 12:49 - 2016-03-17 23:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-04-13 12:49 - 2016-03-17 23:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-04-13 12:49 - 2016-03-17 23:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-04-13 12:49 - 2016-03-17 23:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-04-13 12:49 - 2016-03-17 23:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-04-13 12:49 - 2016-03-17 23:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-04-13 12:49 - 2016-03-17 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-04-13 12:49 - 2016-03-17 23:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-04-13 12:49 - 2016-03-17 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-04-13 12:49 - 2016-03-17 23:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-04-13 12:49 - 2016-03-17 23:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-04-13 12:49 - 2016-03-17 23:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2016-04-13 12:49 - 2016-03-17 23:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2016-04-13 12:49 - 2016-03-17 23:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-04-13 12:49 - 2016-03-17 23:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-04-13 12:49 - 2016-03-17 23:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-04-13 12:49 - 2016-03-17 23:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-04-13 12:49 - 2016-03-17 23:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-04-13 12:49 - 2016-03-17 23:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-04-13 12:49 - 2016-03-17 23:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-04-13 12:49 - 2016-03-17 23:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-04-13 12:49 - 2016-03-17 23:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-04-13 12:49 - 2016-03-17 23:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-04-13 12:49 - 2016-03-17 23:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-04-13 12:49 - 2016-03-17 23:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-04-13 12:49 - 2016-03-17 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-04-13 12:49 - 2016-03-17 23:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-04-13 12:49 - 2016-03-17 23:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-04-13 12:49 - 2016-03-17 23:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-04-13 12:49 - 2016-03-17 23:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-04-13 12:49 - 2016-03-17 23:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2016-04-13 12:49 - 2016-03-17 23:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-04-13 12:49 - 2016-03-17 23:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-04-13 12:49 - 2016-03-17 23:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-04-13 12:49 - 2016-03-17 23:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-04-13 12:49 - 2016-03-17 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-04-13 12:49 - 2016-03-17 23:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-04-13 12:49 - 2016-03-17 23:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 22:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2016-04-13 12:49 - 2016-03-17 22:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2016-04-13 12:49 - 2016-03-17 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2016-04-13 12:49 - 2016-03-17 22:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-04-13 12:49 - 2016-03-17 22:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-04-13 12:49 - 2016-03-17 22:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-04-13 12:49 - 2016-03-17 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-04-13 12:49 - 2016-03-17 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-04-13 12:49 - 2016-03-17 22:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-04-13 12:49 - 2016-03-17 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-04-13 12:49 - 2016-03-17 22:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-04-13 12:49 - 2016-03-17 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-04-13 12:49 - 2016-03-17 22:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-04-13 12:49 - 2016-03-17 22:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-04-13 12:49 - 2016-03-17 22:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-04-13 12:49 - 2016-03-17 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-04-13 12:49 - 2016-03-17 22:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-04-13 12:49 - 2016-03-17 22:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 22:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 22:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 22:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-04-13 12:49 - 2016-03-17 19:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2016-04-13 12:49 - 2016-03-17 19:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2016-04-13 12:49 - 2016-03-17 19:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2016-04-13 12:49 - 2016-03-17 19:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2016-04-13 12:49 - 2016-03-16 01:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2016-04-13 12:49 - 2016-03-16 01:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll 2016-04-13 12:49 - 2016-03-16 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll 2016-04-13 12:49 - 2016-02-05 19:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll 2016-04-13 12:49 - 2016-02-05 19:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll 2016-04-13 12:49 - 2016-02-05 18:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll 2016-04-13 12:49 - 2016-01-21 01:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys 2016-04-13 12:49 - 2015-06-03 21:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2016-04-13 12:40 - 2016-03-11 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2016-04-13 12:40 - 2016-03-11 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2016-04-13 12:36 - 2016-03-31 20:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-04-13 12:36 - 2016-03-31 19:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-04-13 12:36 - 2016-03-31 01:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-04-13 12:36 - 2016-03-31 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-04-13 12:36 - 2016-03-31 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-04-13 12:36 - 2016-03-31 01:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-04-13 12:36 - 2016-03-31 01:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-04-13 12:36 - 2016-03-31 01:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-04-13 12:36 - 2016-03-31 01:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-04-13 12:36 - 2016-03-31 01:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-04-13 12:36 - 2016-03-31 01:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-04-13 12:36 - 2016-03-31 01:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-04-13 12:36 - 2016-03-31 01:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-04-13 12:36 - 2016-03-31 01:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-04-13 12:36 - 2016-03-31 01:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-04-13 12:36 - 2016-03-31 01:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-04-13 12:36 - 2016-03-31 01:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-04-13 12:36 - 2016-03-31 01:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-04-13 12:36 - 2016-03-31 01:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-04-13 12:36 - 2016-03-31 01:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-04-13 12:36 - 2016-03-31 01:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-04-13 12:36 - 2016-03-31 01:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-04-13 12:36 - 2016-03-31 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-04-13 12:36 - 2016-03-31 01:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-04-13 12:36 - 2016-03-31 00:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-04-13 12:36 - 2016-03-31 00:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-04-13 12:36 - 2016-03-31 00:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-04-13 12:36 - 2016-03-31 00:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-04-13 12:36 - 2016-03-31 00:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-04-13 12:36 - 2016-03-31 00:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-04-13 12:36 - 2016-03-31 00:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-04-13 12:36 - 2016-03-31 00:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-04-13 12:36 - 2016-03-31 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-04-13 12:36 - 2016-03-31 00:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-04-13 12:36 - 2016-03-31 00:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-04-13 12:36 - 2016-03-31 00:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-04-13 12:36 - 2016-03-31 00:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-04-13 12:36 - 2016-03-31 00:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-04-13 12:36 - 2016-03-31 00:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-04-13 12:36 - 2016-03-31 00:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-04-13 12:36 - 2016-03-31 00:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-04-13 12:36 - 2016-03-31 00:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-04-13 12:36 - 2016-03-31 00:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-04-13 12:36 - 2016-03-31 00:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-04-13 12:36 - 2016-03-31 00:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-04-13 12:36 - 2016-03-31 00:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-04-13 12:36 - 2016-03-31 00:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-04-13 12:36 - 2016-03-31 00:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-04-13 12:36 - 2016-03-31 00:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-04-13 12:36 - 2016-03-31 00:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-04-13 12:36 - 2016-03-31 00:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-04-13 12:36 - 2016-03-31 00:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-04-13 12:36 - 2016-03-31 00:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-04-13 12:36 - 2016-03-31 00:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-04-13 12:36 - 2016-03-31 00:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-04-13 12:36 - 2016-03-31 00:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-04-13 12:36 - 2016-03-31 00:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-04-13 12:36 - 2016-03-31 00:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-04-13 12:36 - 2016-03-31 00:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-04-13 12:36 - 2016-03-31 00:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-04-13 12:36 - 2016-03-31 00:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-04-13 12:36 - 2016-03-31 00:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-04-13 12:36 - 2016-03-31 00:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-04-13 12:36 - 2016-03-31 00:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-04-13 12:36 - 2016-03-31 00:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-04-13 12:36 - 2016-03-31 00:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-04-13 12:09 - 2016-04-13 12:09 - 03894763 _____ C:\Users\Kacper\Desktop\16_Friction Stir Welding.pdf 2016-04-12 00:00 - 2016-04-20 22:00 - 02290403 _____ C:\Users\Kacper\Documents\Joining processes project.pptx 2016-04-12 00:00 - 2016-04-12 00:00 - 00000165 ____H C:\Users\Kacper\Documents\~$Joining processes project.pptx 2016-04-11 23:47 - 2016-04-11 23:47 - 00076494 _____ C:\Users\Kacper\Desktop\122145.SLDPRT 2016-04-11 22:27 - 2016-04-11 22:27 - 00000000 ____D C:\Users\Kacper\Desktop\weldingproject 2016-04-11 22:24 - 2016-04-11 22:24 - 00087266 _____ C:\Users\Kacper\Downloads\005695387Z (1).pdf 2016-04-11 21:42 - 2016-04-17 21:34 - 00000000 ____D C:\Users\Kacper\Documents\SelfMV 2016-04-11 21:42 - 2016-04-11 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec 2016-04-11 21:42 - 2016-04-11 21:42 - 00000000 ____D C:\Program Files (x86)\MyFree Codec 2016-04-11 21:41 - 2016-04-11 21:41 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log 2016-04-11 21:41 - 2016-04-11 21:41 - 00000000 ____D C:\Users\Kacper\Documents\samsung 2016-04-11 21:41 - 2016-04-11 21:41 - 00000000 ____D C:\Users\Kacper\AppData\Roaming\Samsung 2016-04-11 21:41 - 2016-04-11 21:41 - 00000000 ____D C:\Users\Kacper\AppData\Local\Samsung 2016-04-11 21:38 - 2016-04-11 21:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2016-04-11 21:38 - 2013-12-30 10:53 - 04659712 _____ (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll 2016-04-11 21:38 - 2013-12-30 10:53 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\Windows\SysWOW64\secman.dll 2016-04-11 21:37 - 2016-04-11 21:39 - 00000000 ____D C:\ProgramData\Samsung 2016-04-11 21:37 - 2016-04-11 21:39 - 00000000 ____D C:\Program Files (x86)\Samsung 2016-04-11 21:37 - 2016-04-11 21:37 - 00000000 ____D C:\Users\Kacper\AppData\Local\Downloaded Installations 2016-04-09 01:03 - 2016-04-09 01:03 - 03412410 _____ C:\Users\Kacper\Downloads\Presentation E BRUN.ppt 2016-04-09 01:01 - 2016-04-09 01:01 - 00229888 _____ C:\Users\Kacper\Downloads\Nano-Technology (1).ppt 2016-04-08 01:33 - 2016-04-08 01:33 - 00047259 _____ C:\Users\Kacper\Downloads\fundamentals_of_fiber_science (1).pdf 2016-04-08 01:27 - 2016-04-08 01:27 - 08666559 _____ C:\Users\Kacper\Downloads\Fundamentals_of_Composite_Materials[1].pdf 2016-04-08 01:26 - 2016-04-08 01:26 - 00047260 _____ C:\Users\Kacper\Downloads\fundamentals_of_fiber_science.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-05-08 16:11 - 2016-02-09 19:54 - 00000000 ____D C:\Users\Kacper\AppData\Roaming\Skype 2016-05-08 16:04 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-05-08 16:04 - 2009-07-14 05:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-05-08 15:56 - 2015-10-20 21:58 - 00000000 __SHD C:\Users\Kacper\IntelGraphicsProfiles 2016-05-08 15:55 - 2015-10-20 19:25 - 00001044 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-08 15:55 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-05-08 15:42 - 2015-10-20 19:25 - 00001048 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-05-08 15:36 - 2016-02-07 18:32 - 00000000 ____D C:\Windows\Minidump 2016-05-08 11:32 - 2015-10-21 19:32 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2016-05-08 11:32 - 2015-10-21 19:32 - 00000000 ___SD C:\Windows\system32\GWX 2016-05-08 00:08 - 2015-10-20 19:34 - 00000000 ____D C:\Users\Kacper\AppData\Roaming\BitComet 2016-05-07 17:25 - 2015-06-06 08:51 - 00077728 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\kldisk.sys 2016-05-07 17:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf 2016-05-07 17:00 - 2015-10-20 19:53 - 00000000 ____D C:\ProgramData\MFAData 2016-05-07 17:00 - 2015-10-20 19:51 - 00000000 ____D C:\Users\Kacper\AppData\Local\Avg 2016-05-07 16:58 - 2015-10-20 19:54 - 00000000 ___HD C:\$AVG 2016-05-07 16:58 - 2015-10-20 19:51 - 00000000 ____D C:\Users\Kacper\AppData\Local\AvgSetupLog 2016-05-07 05:16 - 2015-10-21 19:32 - 00000000 ____D C:\Windows\system32\appraiser 2016-05-06 13:51 - 2015-10-27 15:34 - 00000000 ____D C:\Users\Kacper\AppData\Roaming\DAEMON Tools Lite 2016-05-06 13:46 - 2015-10-21 04:12 - 00000000 ____D C:\Windows\Panther 2016-05-06 13:44 - 2015-10-20 19:25 - 00000000 ____D C:\Program Files (x86)\Google 2016-05-06 13:39 - 2015-10-21 03:50 - 00000000 ____D C:\Users\Kacper 2016-05-05 07:01 - 2016-03-14 20:21 - 00000000 ____D C:\ProgramData\AVG Web TuneUp 2016-05-05 07:01 - 2016-03-14 20:21 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp 2016-05-03 15:42 - 2015-10-20 19:26 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-05-03 15:42 - 2015-10-20 19:26 - 00002189 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-04-24 11:00 - 2015-10-21 03:53 - 00000000 ____D C:\Users\Kacper\AppData\Local\VirtualStore 2016-04-21 18:42 - 2016-03-13 18:59 - 00000000 ____D C:\ProgramData\TEMP 2016-04-21 18:32 - 2015-11-17 12:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-04-21 15:05 - 2010-11-21 04:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-04-20 18:25 - 2016-02-09 19:53 - 00000000 ___RD C:\Program Files (x86)\Skype 2016-04-20 18:25 - 2016-02-09 19:53 - 00000000 ____D C:\ProgramData\Skype 2016-04-18 13:53 - 2009-07-14 06:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI 2016-04-18 02:03 - 2009-07-14 05:45 - 00518144 _____ C:\Windows\system32\FNTCACHE.DAT 2016-04-17 21:37 - 2015-10-21 17:48 - 00000000 ____D C:\Windows\system32\MRT 2016-04-17 21:31 - 2015-10-21 17:47 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2016-04-12 15:49 - 2015-10-20 20:11 - 00000000 ____D C:\Users\Kacper\AppData\Roaming\SOLIDWORKS 2016-04-12 15:47 - 2015-10-27 16:45 - 00000000 ____D C:\Users\Kacper\AppData\Local\TempSW Katalog dla kopii zapasowych 2016-04-11 23:46 - 2015-10-27 20:07 - 00000000 _____ C:\Users\Kacper\AppData\Local\Temptable.xml 2016-04-11 00:12 - 2016-03-24 18:44 - 01091920 ____H C:\Users\Kacper\Documents\~WRL1250.tmp 2016-04-11 00:01 - 2016-03-27 00:34 - 00067631 _____ C:\Users\Kacper\Desktop\rurka.SLDPRT 2016-04-09 01:57 - 2016-03-24 18:44 - 00568047 ____H C:\Users\Kacper\Documents\~WRL1292.tmp ==================== Files in the root of some directories ======= 2015-10-27 20:07 - 2016-04-11 23:46 - 0000000 _____ () C:\Users\Kacper\AppData\Local\Temptable.xml 2016-01-12 17:11 - 2016-01-12 17:11 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-04-11 15:26 ==================== End of FRST.txt ============================

ADDITION

Kod: Zaznacz wszystko: Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-05-2016 Ran by Kacper (2016-05-08 16:20:40) Running from C:\Users\Kacper\Desktop Windows 7 Home Premium Service Pack 1 (X64) (2015-10-21 02:50:52) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3882396738-2429366467-2688263373-500 - Administrator - Disabled) Guest (S-1-5-21-3882396738-2429366467-2688263373-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-3882396738-2429366467-2688263373-1002 - Limited - Enabled) Kacper (S-1-5-21-3882396738-2429366467-2688263373-1000 - Administrator - Enabled) => C:\Users\Kacper ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98} AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.1.102.64 - Adobe Systems Incorporated) ALLPlayer V6.X (HKLM-x32\...\ALLPlayer_is1) (Version: - ALLPlayer Group, Ltd.) AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.) AutoCAD 2014 — Polski (Polish) (Version: 19.1.18.0 - Autodesk) Hidden AutoCAD 2014 Language Pack – Polski (Polish) (Version: 19.1.18.0 - Autodesk) Hidden Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk) Autodesk AutoCAD 2014 — Polski (Polish) (HKLM\...\AutoCAD 2014 — Polski (Polish)) (Version: 19.1.18.0 - Autodesk) Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk) Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk) Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk) Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk) Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk) Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.9.726 - AVG Technologies) BitComet 1.40 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.40 - CometNetwork) Brother MFL-Pro Suite DCP-J100 (HKLM-x32\...\{B742757A-7658-4E09-A51A-085CF0F7F4D3}) (Version: 1.0.0.0 - Brother Industries, Ltd.) CAMotics (HKLM-x32\...\CAMotics) (Version: 1.0.6 - Cauldron Development LLC) CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform) ChilliTorrent 1.06 (HKLM-x32\...\ChilliTorrent) (Version: 1.06 - Affsbay) CIMCO Software V6 (HKLM-x32\...\CIMCO Software V6) (Version: - CIMCO Integration I/S) Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden CutViewer Turn (HKLM-x32\...\CutViewer Turn v3.2_is1) (Version: - ) Dassault Systemes Software B20 (HKLM\...\Dassault Systemes B20_0) (Version: - ) Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes) DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.30.223.228 - Dell Inc.) EuroTalk Talk Now Plus! (HKLM-x32\...\EuroTalk Talk Now Plus!) (Version: 1.6.4.1 - EuroTalk Ltd.) EuroTalk Talk Now! (HKLM-x32\...\{90258B0C-1C5F-493A-98E9-E514B4406407}) (Version: 2.5.6.1 - EuroTalk Interactive) FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production) FARO LS 1.1.501.0 (HKLM-x32\...\{8F196892-666A-4A40-8587-6AE38F78A5C2}) (Version: 5.1.0.30630 - FARO Scanner Production) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Icy Tower v1.5.1 (HKLM-x32\...\Icy Tower v1.5.1_is1) (Version: - Free Lunch Design) IGS Viewer 2.3 (HKLM-x32\...\{37614826-F9EE-4674-A060-3F447C4788E6}_is1) (Version: - IdeaMK) <==== ATTENTION Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4226 - Intel Corporation) Kalkulator Elementów Stalowych v.4.2 - wersja demonstracyjna (HKLM-x32\...\Kalkulator Elementów Stalowych - DEMO_is1) (Version: 11.0.0.127 - SPECBUD s.c.) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26}) (Version: 16.0.0.614 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 16.0.0.614 - Kaspersky Lab) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft .NET Framework 4.6.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation) Microsoft Office Standard 2010 (HKLM-x32\...\Office14.STANDARD) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\...\MyFreeCodec) (Version: - ) NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - ) qBittorrent 3.3.3 (HKLM-x32\...\qBittorrent) (Version: 3.3.3 - The qBittorrent project) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.6.3.16011.2 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARD_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk) Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.) SOLIDWORKS 2015 x64 Edition SP02.1 (HKLM-x32\...\SolidWorks Installation Manager 20150-40201-1100-100) (Version: 23.2.1.1 - SolidWorks Corporation) SOLIDWORKS 2015 x64 Edition SP02.1 (Version: 23.121.1 - Dassault Systemes SolidWorks Corp) Hidden SOLIDWORKS 2015 x64 Polish Resources (Version: 23.121.1 - Dassault Systemes SolidWorks Corp) Hidden VBA (3821b) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.6000 - Broadcom Corporation) WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{2B663ECE-5770-491c-A474-F98603C40681}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{2B93DB32-8D98-4438-93B5-5C2CC3441999}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{6813A122-4BBF-4408-8C87-07176246B992}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{697DE5F4-0D13-4608-9728-7539F704E51C}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> d:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{70A294B3-FE6F-4af9-9395-CFC58FC07C30}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{74562BED-63D6-4234-A386-937DB6FA38AE}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{7C90F737-950A-49eb-B6C1-EE1744C75E97}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{7DE1BE5C-CEBA-4F1D-ACBC-9CE11EE9A2A1}\localserver32 -> d:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{868D9612-74A1-405b-9758-369138103193}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{BB9F1D04-94AB-40b7-ABAE-33D2637F6340}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> d:\Program Files\Autodesk\AutoCAD 2014\acad.exe (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{CC3BE603-926A-40ae-9570-4258474F0364}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{DD0B2199-F2FD-41eb-B744-B06B100B9A43}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{DFAB83E9-EBA6-4425-928B-B15A57F39469}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{E27473C6-A63D-4b85-95FC-C7DE20306C0D}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> d:\Program Files\Autodesk\AutoCAD 2014\pl-PL\acadficn.dll (Autodesk, Inc.) CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{F5756047-E218-465a-AC4C-FD04238C4896}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{F9748CB6-1CCB-4557-905E-8D42C83AAEB6}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File CustomCLSID: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000_Classes\CLSID\{FC072C1A-25CB-49e7-8F79-F2A8B8C3289D}\InprocServer32 -> c:\program files (x86)\adobe\acrobat dc\pdfmaker\autocad\2014\64\acrobatacadic.dbx => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0CCB38C9-B09C-4037-A778-199A8B3168D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-20] (Google Inc.) Task: {14228093-3273-45B7-8043-10CF7826A995} - System32\Tasks\{37214D15-48AE-46A2-906D-55CBB63F4BBD} => pcalua.exe -a D:\Pobrane\win64_153336.exe -d D:\Pobrane Task: {14AD63B0-05E2-403B-9CD7-F3C45225D2E4} - System32\Tasks\Microsoft\Windows\Setup\gwx\rundetector => C:\Windows\system32\GWX\GWXDetector.exe [2016-04-24] (Microsoft Corporation) Task: {6853FF6B-444F-4A0E-9AE2-389211D21405} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd) Task: {6AD108BC-085A-4B86-A3AE-E9103323DCF3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-20] (Google Inc.) Task: {7087344D-368C-4A51-A67E-6FCA97519BE2} - System32\Tasks\XboxStatTask => C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe [2009-09-30] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-03-14 20:21 - 2016-05-05 07:00 - 01223752 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe 2016-04-12 15:40 - 2016-04-12 15:39 - 00192584 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\loggingserver.exe 2016-03-14 20:21 - 2016-05-05 07:00 - 02885704 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe 2015-01-06 14:18 - 2015-01-06 14:18 - 00039192 _____ () D:\Program Files\CCleaner\branding.dll 2016-05-08 16:03 - 2016-05-08 16:03 - 00380928 _____ () C:\Users\Kacper\Downloads\fzfc0eoz.exe 2015-07-08 23:18 - 2015-07-08 23:18 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kpcengine.2.3.dll 2016-04-12 15:40 - 2016-04-12 15:39 - 00533576 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\log4cplusU.dll 2015-11-17 12:43 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2016-05-03 15:42 - 2016-04-28 00:25 - 01738904 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libglesv2.dll 2016-05-03 15:42 - 2016-04-28 00:25 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:63F6D532 [144] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SOLIDWORKS 2015 Fast Start.lnk => C:\Windows\pss\SOLIDWORKS 2015 Fast Start.lnk.CommonStartup MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Adobe Acrobat Synchronizer => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: Akamai NetSession Interface => "C:\Users\Kacper\AppData\Local\Akamai\netsession_win.exe" MSCONFIG\startupreg: ALLUpdate => "C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe" "sleep" MSCONFIG\startupreg: Autodesk Sync => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe MSCONFIG\startupreg: BrHelp => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe /AUTORUN MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN MSCONFIG\startupreg: DAEMON Tools Lite Automount => "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{3389F1D6-06C4-41D3-88D5-49306E9A2800}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{E81BEAD6-EB0C-4EE3-B009-158E8047A41E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe FirewallRules: [{696CA9FE-EA55-45EC-926B-CF8DA9685633}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{E18E5377-7898-4283-9474-64F53DC85C57}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe FirewallRules: [{598D0EF7-828C-4D87-879D-BCBDB30F9A51}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [{86A0ADAF-1FF6-41E2-A994-F4CCD8F7CA37}] => (Allow) C:\Program Files\BitComet\BitComet.exe FirewallRules: [{34937CF4-3E69-4C33-A34C-CDE2275F8D9F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{72749D1F-30F4-4499-BC67-EC14488C406D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe FirewallRules: [{E24FB85B-9D03-49F4-8216-D1646A35D1D3}] => (Allow) D:\Program Files\soldiworks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe FirewallRules: [{0D17F0B6-1F6E-41D7-98D5-F652734B9CAB}] => (Allow) D:\Program Files\soldiworks\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe FirewallRules: [TCP Query User{FF65E461-7544-44DA-B072-C8E48AB3D5B3}C:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) C:\program files (x86)\origin games\fifa 16\fifa16.exe FirewallRules: [UDP Query User{CB9526C7-87AA-4025-B106-E8ACD914B356}C:\program files (x86)\origin games\fifa 16\fifa16.exe] => (Allow) C:\program files (x86)\origin games\fifa 16\fifa16.exe FirewallRules: [TCP Query User{90C2D36C-9BAE-4F6C-A46D-0B89F07FF48E}D:\program files\dassault systemes\b20\win_b64\code\bin\cnext.exe] => (Allow) D:\program files\dassault systemes\b20\win_b64\code\bin\cnext.exe FirewallRules: [UDP Query User{170F44EB-4481-40A8-AFA8-E5399477E04B}D:\program files\dassault systemes\b20\win_b64\code\bin\cnext.exe] => (Allow) D:\program files\dassault systemes\b20\win_b64\code\bin\cnext.exe FirewallRules: [{22CE8B8F-8660-446D-B085-1E9B253DFA39}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{CE36450E-765E-4B09-9535-B5F7C394A88F}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe FirewallRules: [{4ABF8104-44E7-439F-B1CE-AE4EB4FE258D}] => (Allow) C:\Windows\system32\hasplms.exe FirewallRules: [{572C103B-E65D-46BD-9527-B181D3A62B99}] => (Allow) C:\Windows\system32\hasplms.exe FirewallRules: [TCP Query User{65BB0492-F252-4AD3-9346-3198CA054324}D:\program files\dassault systemes\b201\win_b64\code\bin\cnext.exe] => (Allow) D:\program files\dassault systemes\b201\win_b64\code\bin\cnext.exe FirewallRules: [UDP Query User{A81CC368-AB8C-4DD3-940A-6E851D2E112B}D:\program files\dassault systemes\b201\win_b64\code\bin\cnext.exe] => (Allow) D:\program files\dassault systemes\b201\win_b64\code\bin\cnext.exe FirewallRules: [TCP Query User{CC4D4C1E-06D2-4086-8ADF-826CBF7D99AD}D:\program files\dassault systemes\b201\win_b64\code\bin\cnext.exe] => (Block) D:\program files\dassault systemes\b201\win_b64\code\bin\cnext.exe FirewallRules: [UDP Query User{A5A31A3F-3554-472E-81EB-7C4C7D2014B1}D:\program files\dassault systemes\b201\win_b64\code\bin\cnext.exe] => (Block) D:\program files\dassault systemes\b201\win_b64\code\bin\cnext.exe FirewallRules: [TCP Query User{21B2CFFB-8AF9-40A2-B96F-B0A8BA7938F7}D:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) D:\program files\matlab\r2014b\bin\win64\matlab.exe FirewallRules: [UDP Query User{E82322AB-39E6-4266-ACC4-36B957E5D26F}D:\program files\matlab\r2014b\bin\win64\matlab.exe] => (Allow) D:\program files\matlab\r2014b\bin\win64\matlab.exe FirewallRules: [{1E737BDB-2D73-4B06-BFEE-FDFD59C04070}] => (Block) D:\program files\matlab\r2014b\bin\win64\matlab.exe FirewallRules: [{4CA5D338-BC05-4598-80FD-66471F371F07}] => (Block) D:\program files\matlab\r2014b\bin\win64\matlab.exe FirewallRules: [TCP Query User{6562BB83-131F-46F3-B2AE-8237616583B3}C:\users\kacper\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kacper\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{73991BFF-5FC4-4DA3-8907-C132B602C6D4}C:\users\kacper\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\kacper\appdata\local\akamai\netsession_win.exe FirewallRules: [{720D0BD8-4D6D-470F-84E3-A96BB8D782B4}] => (Allow) LPort=50248 FirewallRules: [TCP Query User{7C570E42-4089-4B4D-B290-479D6C87131B}C:\users\kacper\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\kacper\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{0D8A663C-1708-470D-9290-CDAD1B0EB520}C:\users\kacper\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\kacper\appdata\local\akamai\netsession_win.exe FirewallRules: [{B327BC36-B44C-43C3-88D1-9DE848A46ED0}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{96A49A98-405A-4057-9558-7E3F70FFE910}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [{969E1BE3-D888-45AC-B8FF-B8D6505B501E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe FirewallRules: [TCP Query User{47529A0D-2E64-415F-8B94-1CA13CB1F5C9}C:\program files (x86)\chillitorrent\chillitorrent.exe] => (Allow) C:\program files (x86)\chillitorrent\chillitorrent.exe FirewallRules: [UDP Query User{093E82FB-0865-4BD1-919A-DDAB57940715}C:\program files (x86)\chillitorrent\chillitorrent.exe] => (Allow) C:\program files (x86)\chillitorrent\chillitorrent.exe FirewallRules: [{A610BC88-5906-49B3-9C54-6C22A8DBF85E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 08-05-2016 11:32:06 Windows Update 08-05-2016 15:47:52 SPTD setup V1.89 ==================== Faulty Device Manager Devices ============= Name: Ethernet Controller Description: Ethernet Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: SM Bus Controller Description: SM Bus Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Universal Serial Bus (USB) Controller Description: Universal Serial Bus (USB) Controller Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: USB2.0-CRW Description: USB2.0-CRW Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (05/08/2016 03:56:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/08/2016 03:51:38 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/08/2016 03:47:52 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {8a635f15-3e0b-42af-a71c-fe69c8dc2a73} Error: (05/08/2016 03:38:08 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/08/2016 11:28:10 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/08/2016 11:24:47 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\Windows\Prefetch\AgRobust.db for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgRobust.db The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 Error: (05/08/2016 11:24:42 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1 Faulting module name: sysmain.dll, version: 6.1.7601.18933, time stamp: 0x55a6a1d1 Exception code: 0xc0000006 Fault offset: 0x000000000001d176 Faulting process id: 0x1f1c Faulting application start time: 0xsvchost.exe_SysMain0 Faulting application path: svchost.exe_SysMain1 Faulting module path: svchost.exe_SysMain2 Report Id: svchost.exe_SysMain3 Error: (05/08/2016 11:23:33 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\servicing\TrustedInstaller.exe; Description = Windows Modules Installer; Error = 0x81000101). Error: (05/08/2016 11:11:58 AM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101). Error: (05/08/2016 08:28:49 AM) (Source: Application Error) (EventID: 1005) (User: ) Description: Windows cannot access the file C:\Windows\Prefetch\AgCx_SC2.db for one of the following reasons: there is a problem with the network connection, the disk that the file is stored on, or the storage drivers installed on this computer; or the disk is missing. Windows closed the program Host Process for Windows Services because of this error. Program: Host Process for Windows Services File: C:\Windows\Prefetch\AgCx_SC2.db The error value is listed in the Additional Data section. User Action 1. Open the file again. This situation might be a temporary problem that corrects itself when the program runs again. 2. If the file still cannot be accessed and - It is on the network, your network administrator should verify that there is not a problem with the network and that the server can be contacted. - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer. 3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER. 4. If the problem persists, restore the file from a backup copy. 5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for further assistance. Additional Data Error value: C0000185 Disk type: 3 System errors: ============= Error: (05/08/2016 03:54:16 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (05/08/2016 03:54:14 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF} Error: (05/08/2016 03:48:57 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E} Error: (05/08/2016 03:36:44 PM) (Source: BugCheck) (EventID: 1001) (User: ) Description: 0x0000007a (0xfffff6fb40000420, 0xffffffffc0000185, 0x0000000244043884, 0xfffff68000084000)C:\Windows\MEMORY.DMP050816-27580-01 Error: (05/08/2016 03:36:38 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 15:35:20 on ‎2016-‎05-‎08 was unexpected. Error: (05/08/2016 03:34:27 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WerSvc service. Error: (05/08/2016 03:31:23 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (05/08/2016 03:31:23 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (05/08/2016 03:31:23 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. Error: (05/08/2016 03:31:23 PM) (Source: atapi) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Ide\IdePort0. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz Percentage of memory in use: 52% Total physical RAM: 8067.35 MB Available physical RAM: 3807.33 MB Total Virtual: 16132.89 MB Available Virtual: 11390.23 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:97.12 GB) (Free:37.85 GB) NTFS Drive d: () (Fixed) (Total:368.1 GB) (Free:120.87 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BCC80286) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=97.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) Partition 4: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

SHORTCUT:

Kod: Zaznacz wszystko: Users shortcut scan result (x64) Version:07-05-2016 Ran by Kacper (2016-05-08 16:21:38) Running from C:\Users\Kacper\Desktop Boot Mode: Normal ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files (x86)\WinRAR\WhatsNew.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\SOLIDWORKS 2015 x64 Edition.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\i386_SldWorks.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\Narzędzia SOLIDWORKS\Edytor szablonu kalkulacji kosztów Costing 2015.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\CostgTemplateEdito_137D8099937742FFB4518D04D5BEA705.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\Narzędzia SOLIDWORKS\Generator karty właściwości 2015.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\PropertyTabBuilder_1F40E9F3993E4F02B14BAC3E685DC9D3.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\Narzędzia SOLIDWORKS\Harmonogram zadań SOLIDWORKS 2015.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\i386_SwScheduler_5F527AA89BD74B82AA633F386F129FA3.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\Narzędzia SOLIDWORKS\Kreator kopiowania ustawień 2015.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\CopyOptWiz_6FEB7F8E7C4D4368B04FF4F6C1DAEF89.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\Narzędzia SOLIDWORKS\Moje produkty.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut10_09C97FE55E424E9E878903842FA26A35.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\Narzędzia SOLIDWORKS\SolidNetWork License Manager2015.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\swlmwizard_6FEB7F8E7C4D4368B04FF4F6C1DAEF89.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\Narzędzia SOLIDWORKS\SOLIDWORKS 2015 Routing Library Manager.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut6_09A22F17AFFA435086E910433E69F955.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\Narzędzia SOLIDWORKS\SOLIDWORKS Network Monitor 2015.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\SolidWorksNetworkM_A6340B1E7C4A432C8947F93CD36D44D4.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\Narzędzia SOLIDWORKS\SOLIDWORKS Rx 2015.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\i386_SldRxexe_6FEB7F8E7C4D4368B04FF4F6C1DAEF89.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\Narzędzia SOLIDWORKS\SOLIDWORKS Treehouse 2015.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_9B0E37ED3B134323BADA48059EE62D25.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\Narzędzia SOLIDWORKS\Ustawienia Toolbox 2015.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut9_C067992FA31C4389965004A38F805658.exe (Flexera Software LLC) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies.lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pakiet SPECBUD 11 DEMO\SPECBUD PN\Kalkulator Elementów Stalowych.lnk -> D:\Program Files (x86)\Pakiet SPECBUD-DEMO\Kes_demo.exe (SPECBUD s.c. Gliwice) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pakiet SPECBUD 11 DEMO\Dodatki\Deinstalacja programu Kalkulator Elementów Stalowych v.4.2 - DEMO.lnk -> D:\Program Files (x86)\Pakiet SPECBUD-DEMO\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt\Informacje o zmianach.lnk -> C:\Program Files (x86)\NapiProjekt\changelog.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt\NapiProjekt.lnk -> C:\Program Files (x86)\NapiProjekt\napisy.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt\Strona domowa NapiProjekt.lnk -> C:\Program Files (x86)\NapiProjekt\www.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec\1.0b beta\Uninstall.lnk -> C:\Program Files (x86)\MyFree Codec\1.0b beta\uninstall.exe (Freeware) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Microsoft Xbox 360 Accessories Help.lnk -> C:\Program Files\Microsoft Xbox 360 Accessories\Xboxhelp.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Microsoft Xbox 360 Accessories Status.lnk -> C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005\Visual Studio Tools\Visual Studio 2005 Remote Debugger (x64).lnk -> C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005\Visual Studio Tools\Visual Studio 2005 Remote Debugger Configuration Wizard.lnk -> C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\rdbgwiz.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk -> C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\xlicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk -> C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\joticon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk -> C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\outicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk -> C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\pptico.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk -> C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\pubs.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk -> C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\wordicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Narzędzia pakietu Microsoft Office 2010\Centrum Microsoft Office 2010 Upload Center.lnk -> C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\msouc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Narzędzia pakietu Microsoft Office 2010\Certyfikat cyfrowy dla projektów VBA.lnk -> C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\misc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Narzędzia pakietu Microsoft Office 2010\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\cagicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Narzędzia pakietu Microsoft Office 2010\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\oisicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Narzędzia pakietu Microsoft Office 2010\Preferencje językowe pakietu Microsoft Office 2010.lnk -> C:\Windows\Installer\{90140000-0012-0000-0000-0000000FF1CE}\misc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\End User License Agreement.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\Doc\en\license.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Internet Security Help.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\Doc\en-AE\kis\context.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Internet Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe (Kaspersky Lab ZAO) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Visit Kaspersky Lab on the Web.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\kl.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IGSViewer\IGS Viewer.lnk -> D:\Program Files (x86)\IGSViewer\IGSViewer.exe (IdeaMk) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Lunch Design\Icy Tower 1.5.1\ Play Icy Tower v1.5.1.lnk -> D:\Games\icytower151\icytower15.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Lunch Design\Icy Tower 1.5.1\Icy Tower Instructions.lnk -> D:\Games\icytower151\readme.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Lunch Design\Icy Tower 1.5.1\Icy Tower on the Web.lnk -> D:\Games\icytower151\icytower.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Lunch Design\Icy Tower 1.5.1\Uninstall Icy Tower.lnk -> D:\Games\icytower151\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EuroTalk Talk Now!\Talk Now!.lnk -> C:\Program Files (x86)\EuroTalk Interactive\EuroTalk Talk Now!\TalkNow.exe (EuroTalk Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EuroTalk Interactive\Talk Now Plus!.lnk -> C:\Program Files (x86)\EuroTalk\TalkNowPlus\TalkNow.exe (EuroTalk Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO (1)\EMCO License Manager.lnk -> C:\WinNC32_2\BIN\LicMngr.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO (1)\WinNC - Launch.lnk -> C:\WinNC32_2\BIN\emlaunch.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO\EMCO License Manager.lnk -> C:\WinNC32\BIN\LicMngr.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO\EMCO Remote Monitoring.lnk -> C:\WinNC32\BIN\EMCO_Remote_Monitoring-idcs5v58vh.exe (TeamViewer) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO\WinNC - EMConfig.lnk -> C:\WinNC32\BIN\EmConfigu.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO\WinNC - Launch.lnk -> C:\WinNC32\BIN\emlaunch.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN\DW WLAN Card Readme.lnk -> C:\Program Files\Dell\DW WLAN Card\Readme.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutViewer Turn\CutViewer Turn Help.lnk -> D:\Program Files (x86)\CutViewer Turn\Help\index.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutViewer Turn\Cutviewer Turn User Guide V3.lnk -> D:\Program Files (x86)\CutViewer Turn\Cutviewer Turn User Guide V3.doc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutViewer Turn\CutViewer Turn.lnk -> D:\Program Files (x86)\CutViewer Turn\CutViewer_Turn.exe (LAMSON GLOBAL CORPORATION) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIMCO V6\CIMCO DNC-Max Help.lnk -> D:\CIMCO\DNCMax6\Help\dncmax_us.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIMCO V6\CIMCO Edit Help.lnk -> D:\CIMCO\CIMCOEdit6\Help\edit_us.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIMCO V6\CIMCO Edit V6.lnk -> D:\CIMCO\CIMCOEdit6\CIMCOEdit.exe (CIMCO Integration) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIMCO V6\CIMCO Remote Support.lnk -> D:\CIMCO\DNCMax6\Sys\nvClient.exe (Netviewer AG) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIMCO V6\DNC-Max Client V6.lnk -> D:\CIMCO\DNCMax6\DNCAdmin6.exe (CIMCO Integration) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIMCO V6\DNC-Max Server V6.lnk -> D:\CIMCO\DNCMax6\DNCMax6.exe (CIMCO Integration) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIMCO V6\DNC-Max Service Manager V6.lnk -> D:\CIMCO\DNCMax6\DNCMaxServiceManager.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CIMCO V6\Help - Running DNC-Max as a Service.lnk -> D:\CIMCO\DNCMax6\Help\dncmaxservice.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChilliTorrent\ChilliTorrent.lnk -> C:\Program Files (x86)\ChilliTorrent\ChilliTorrent.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChilliTorrent\Website.lnk -> C:\Program Files (x86)\ChilliTorrent\ChilliTorrent.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> D:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA\Tools\Batch Management V5R20.lnk -> D:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATUTIL.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA\Tools\Environment Editor V5R20.lnk -> D:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATIAENV.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA\Tools\Nodelock Key Management V5R20.lnk -> D:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATNodelockMgt.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA\Tools\Printers V5R20.lnk -> D:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATPrinterManager.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA\Tools\Settings Management V5R20.lnk -> D:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATOptionsMgt.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA\Tools\Software Management V5R20.lnk -> D:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSoftwareMgt.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA\Tools\Vault Client Setup V5R20.lnk -> D:\Program Files\Dassault Systemes\B20\win_b64\code\bin\CATSTART.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAMotics\CAMotics.lnk -> C:\Program Files (x86)\CAMotics\camotics.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CAMotics\Uninstall.lnk -> C:\Program Files (x86)\CAMotics\Uninstall.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Podręczniki użytkownika.lnk -> C:\Program Files (x86)\Brother\Brmfl13a\DCP-J100\top.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Read Me.lnk -> C:\Program Files (x86)\Brother\Brmfl13a\readmepol.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Ustawienia skanera\Read Me.lnk -> C:\Program Files (x86)\Brother\Brmfl13a\ScanRead.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Ustawienia skanera\Scanner Utility.lnk -> C:\Program Files (x86)\Brother\Brmfl13a\BrScUtil.exe (Brother Industries Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Uninstall Tool.lnk -> C:\Program Files (x86)\Common Files\Autodesk Shared\Uninstall Tool\R1\UninstallTool.exe (Autodesk, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Content Service\Content Service — konsola konfiguracji.lnk -> C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.Admin.exe (Autodesk, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk ReCap\Autodesk ReCap.lnk -> D:\Program Files\Autodesk\Autodesk ReCap\recap.exe (Autodesk) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 — Polski (Polish)\Dołącz podpisy cyfrowe.lnk -> D:\Program Files\Autodesk\AutoCAD 2014\AcSignApply.exe (Autodesk, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 — Polski (Polish)\Menedżer odnośników.lnk -> D:\Program Files\Autodesk\AutoCAD 2014\AdRefMan.exe (Autodesk, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 — Polski (Polish)\Wsadowy kontroler standardów.lnk -> D:\Program Files\Autodesk\AutoCAD 2014\DwgCheckStandards.exe (Autodesk, Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk -> C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe (Advanced Micro Devices Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer\ALLPlayer V6.X on the Web.lnk -> C:\Program Files (x86)\ALLPlayer\ALLPlayerENG.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer\ALLPlayer.lnk -> C:\Program Files (x86)\ALLPlayer\ALLPlayer.exe (ALLPlayer Group Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 2.0 Configuration.lnk -> C:\Program Files (x86)\Microsoft Visual Studio 8\SDK\v2.0\Bin\mscorcfg.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Kacper\Links\Desktop.lnk -> C:\Users\Kacper\Desktop () Shortcut: C:\Users\Kacper\Links\Downloads.lnk -> C:\Users\Kacper\Downloads () Shortcut: C:\Users\Kacper\Documents\SOLIDWORKS Downloads\SOLIDWORKS 2015 x64 SP02.1\Czytaj.lnk -> D:\New folder\sldim\lang\polish\sldIM_Download.chm () Shortcut: C:\Users\Kacper\Desktop\ALLPlayer.lnk -> C:\Program Files (x86)\ALLPlayer\ALLPlayer.exe (ALLPlayer Group Ltd.) Shortcut: C:\Users\Kacper\Desktop\CAMotics.lnk -> C:\Program Files (x86)\CAMotics\camotics.exe () Shortcut: C:\Users\Kacper\Desktop\ChilliTorrent.lnk -> C:\Program Files (x86)\ChilliTorrent\ChilliTorrent.exe () Shortcut: C:\Users\Kacper\Desktop\Icy Tower.lnk -> D:\Games\icytower151\icytower15.exe () Shortcut: C:\Users\Kacper\Desktop\Kalkulator Elementów Stalowych - DEMO.lnk -> D:\Program Files (x86)\Pakiet SPECBUD-DEMO\Kes_demo.exe (SPECBUD s.c. Gliwice) Shortcut: C:\Users\Kacper\Desktop\NapiProjekt.lnk -> C:\Program Files (x86)\NapiProjekt\napisy.exe () Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt () Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files (x86)\WinRAR\WhatsNew.txt () Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm () Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe (Alexander Roshal) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ALLPlayer.lnk -> C:\Program Files (x86)\ALLPlayer\ALLPlayer.exe (ALLPlayer Group Ltd.) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\IGS Viewer.lnk -> D:\Program Files (x86)\IGSViewer\IGSViewer.exe (IdeaMk) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\NapiProjekt.lnk -> C:\Program Files (x86)\NapiProjekt\napisy.exe () Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe () Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SOLIDWORKS 2015 x64 Edition.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\i386_SldWorks.exe (Flexera Software LLC) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\63a5f7c94ba4e9ce\MATLAB R2014b.lnk -> D:\Program Files\MATLAB\R2014b\bin\matlab.exe (No File) Shortcut: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\2e9b73709efe5cec\MATLAB R2011a.lnk -> D:\Program Files\MATLAB\R2011a\bin\matlab.exe (The MathWorks Inc.) Shortcut: C:\Users\Kacper\AppData\Roaming\Autodesk\AutoCAD 2014\R19.1\plk\Plotters\Plot Styles\Dodaj tabelę stylów wydruku.lnk -> D:\Program Files\Autodesk\AutoCAD 2014\styshwiz.exe (Autodesk, Inc.) Shortcut: C:\Users\Public\Desktop\Brother Creative Center.lnk -> C:\Program Files (x86)\Brother\CreativeCenter\Brother Creative Center.url () Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> D:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd) Shortcut: C:\Users\Public\Desktop\CIMCO Edit V6.lnk -> D:\CIMCO\CIMCOEdit6\CIMCOEdit.exe (CIMCO Integration) Shortcut: C:\Users\Public\Desktop\CutViewer Turn.lnk -> D:\Program Files (x86)\CutViewer Turn\CutViewer_Turn.exe (LAMSON GLOBAL CORPORATION) Shortcut: C:\Users\Public\Desktop\DNC-Max Client V6.lnk -> D:\CIMCO\DNCMax6\DNCAdmin6.exe (CIMCO Integration) Shortcut: C:\Users\Public\Desktop\DNC-Max Server V6.lnk -> D:\CIMCO\DNCMax6\DNCMax6.exe (CIMCO Integration) Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Public\Desktop\IGS Viewer.lnk -> D:\Program Files (x86)\IGSViewer\IGSViewer.exe (IdeaMk) Shortcut: C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk -> C:\Windows\System32\GfxUIEx.exe (Intel Corporation) Shortcut: C:\Users\Public\Desktop\Kaspersky Internet Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe (Kaspersky Lab ZAO) Shortcut: C:\Users\Public\Desktop\OmniJoin — okres próbny.lnk -> C:\Program Files (x86)\Brother\OmniJoin\OmniJoin.url () Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe () Shortcut: C:\Users\Public\Desktop\SOLIDWORKS 2015 x64 Edition.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\i386_SldWorks.exe (Flexera Software LLC) ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\Narzędzia SOLIDWORKS\Test wydajności SOLIDWORKS 2015.lnk -> C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut8_5A81956D53B84FDF978DC28E95329263.exe (Flexera Software LLC) -> "-bm" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies (Lite).lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe () -> /lite ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Uninstall Kies.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe (Samsung Electronics Co., Ltd.) -> /removeonly ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NapiProjekt\Napisy oczekujące na pobranie.lnk -> C:\Program Files (x86)\NapiProjekt\napisy.exe () -> -kolejka ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories\Check For Updates.lnk -> C:\Program Files\Microsoft Xbox 360 Accessories\AUSetting.exe (Microsoft Corporation) -> -forcecheck ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Remove Kaspersky Internet Security.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i{77E7AE5C-181C-4CAF-ADBF-946F11C1CE26} REMOVE=ALL ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EuroTalk Talk Now!\Talk Now! - Full Screen.lnk -> C:\Program Files (x86)\EuroTalk Interactive\EuroTalk Talk Now!\TalkNow.exe (EuroTalk Ltd.) -> force ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EuroTalk Interactive\Talk Now Plus! 1024 x 768.lnk -> C:\Program Files (x86)\EuroTalk\TalkNowPlus\TalkNow.exe (EuroTalk Ltd.) -> force ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO (1)\WinNC - Fanuc Series 21 MILL singlelicense (external programming station).lnk -> C:\WinNC32_2\BIN\FANUC21.EXE () -> /s:'GE Fanuc Series 21 M' ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EMCO (1)\WinNC - Fanuc Series 21 TURN singlelicense (external programming station).lnk -> C:\WinNC32_2\BIN\FANUC21.EXE () -> /s:'GE Fanuc Series 21 T' ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN\DW WLAN Card Utility.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> shell32.dll,,Control_RunDLL C:\Windows\system32\bcmwlcpl.CPL ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CATIA\CATIA V5R20.lnk -> D:\Program Files\Dassault Systemes\B201\win_b64\code\bin\CATSTART.exe (Dassault Systemes) -> -run "CNEXT.EXE" -env CATIA.V5R20.B20 -direnv "d:\ProgramData\DassaultSystemes\CATEnv" -nowindow ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Brother Help.lnk -> C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe (Brother Industries, Ltd.) -> /MODEL=DCP-J100 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\ControlCenter4.lnk -> C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) -> /model="DCP-J100" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Instalowanie diagnostyki.lnk -> C:\Program Files (x86)\Brother\Brmfl13a\Brinstck.exe (Brother Industries, Ltd.) -> -R DCP-J100 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Odinstaluj.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{B742757A-7658-4E09-A51A-085CF0F7F4D3}\setup.exe (Macrovision Corporation) -> -runfromtemp -l0x0015 UNINSTALL Reg=BHmini13_C2,Brother DCP-J100,USB ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Rejestracja online.lnk -> C:\Program Files (x86)\Brother\Brmfl13a\Brolink\Brolink0.exe (Brother Industories, Ltd.) -> OLR_URL /mDCP-J100 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Status Monitor.lnk -> C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) -> DCP-J100 /BRINFOSHOW ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Ustawienia skanera\Skanery i aparaty fotograficzne.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ScannersAndCameras ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk 360.lnk -> C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.) -> /browseLocal ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 — Polski (Polish)\AutoCAD 2014 — Polski (Polish).lnk -> C:\Windows\Installer\{5783F2D7-D001-0000-0102-0060B0CE6BBA}\Acad162_icon.exe () -> /product "ACAD" /language "pl-PL" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 — Polski (Polish)\Narzędzie transferu licencji — AutoCAD 2014.lnk -> C:\Program Files\Common Files\Autodesk Shared\AdLM\R7\LTU.exe (Autodesk, Inc.) -> 001F1 2014.0.0.F -d SA -l pl-PL ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 — Polski (Polish)\Przywróć ustawienia domyślne.lnk -> D:\Program Files\Autodesk\AutoCAD 2014\AdMigrator.exe (Autodesk, Inc.) -> /reset /product "ACAD" /language "pl-PL" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 — Polski (Polish)\Migracja ustawień niestandardowych\Eksportuj ustawienia programu AutoCAD 2014.lnk -> D:\Program Files\Autodesk\AutoCAD 2014\AdMigrator.exe (Autodesk, Inc.) -> /e /product "ACAD" /language "pl-PL" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 — Polski (Polish)\Migracja ustawień niestandardowych\Importuj ustawienia programu AutoCAD 2014.lnk -> D:\Program Files\Autodesk\AutoCAD 2014\AdMigrator.exe (Autodesk, Inc.) -> /i /product "ACAD" /language "pl-PL" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\AutoCAD 2014 — Polski (Polish)\Migracja ustawień niestandardowych\Migracja z poprzedniej wersji.lnk -> D:\Program Files\Autodesk\AutoCAD 2014\AdMigrator.exe (Autodesk, Inc.) -> /product "ACAD" /language "pl-PL" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Pomoc.lnk -> C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CLI.exe (Advanced Micro Devices Inc.) -> Start Help -help ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALLPlayer\ALLPlayer.Radio.lnk -> C:\Program Files (x86)\ALLPlayer\ALLPlayer.exe (ALLPlayer Group Ltd.) -> Radio ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Kacper\Desktop\ALLPlayer Radio.lnk -> C:\Program Files (x86)\ALLPlayer\ALLPlayer.exe (ALLPlayer Group Ltd.) -> Radio ShortcutWithArgument: C:\Users\Kacper\Desktop\Safe Money.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe (Kaspersky Lab ZAO) -> -safebanking ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Windows\SendTo\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.) -> /sendto: ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\PowerPoint\Joining-processes-project-2016.04.28-2305173633941127308\Joining-processes-project-2016.04.28-2.pptx.lnk -> C:\Users\Kacper\Downloads\Joining-processes-project-2016.04.28-2.pptx () -> 27 ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ALLPlayer.Radio.lnk -> C:\Program Files (x86)\ALLPlayer\ALLPlayer.exe (ALLPlayer Group Ltd.) -> Radio ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) -> /recycle ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk -> C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe () -> /lite ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\Users\Kacper\AppData\Roaming\Autodesk\AutoCAD 2014\R19.1\plk\Plotters\Dodaj ploter.lnk -> D:\Program Files\Autodesk\AutoCAD 2014\addplwiz.exe (Autodesk, Inc.) -> /LANGUAGE pl-PL InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> hxxp://www.piriform.com/ccleaner InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Brother Creative Center.url -> "hxxp://www.brother.com/creativecenter/?WT.mc_id=AF" InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Usługi biznesowe online\Brother Online.url -> "hxxp://www.brother.com/product/brotheronline" InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J100\Usługi biznesowe online\OmniJoin — okres próbny.url -> "hxxp://www.brother.com/product/webconferencing" InternetURL: C:\Users\Kacper\Favorites\Windows Live\Get Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=69172 InternetURL: C:\Users\Kacper\Favorites\Windows Live\Windows Live Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=70742 InternetURL: C:\Users\Kacper\Favorites\Windows Live\Windows Live Mail.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68925 InternetURL: C:\Users\Kacper\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68927 InternetURL: C:\Users\Kacper\Favorites\MSN Websites\MSN Autos.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143 InternetURL: C:\Users\Kacper\Favorites\MSN Websites\MSN Entertainment.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924 InternetURL: C:\Users\Kacper\Favorites\MSN Websites\MSN Money.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923 InternetURL: C:\Users\Kacper\Favorites\MSN Websites\MSN Sports.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921 InternetURL: C:\Users\Kacper\Favorites\MSN Websites\MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729 InternetURL: C:\Users\Kacper\Favorites\MSN Websites\MSNBC News.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922 InternetURL: C:\Users\Kacper\Favorites\Microsoft Websites\IE Add-on site.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893 InternetURL: C:\Users\Kacper\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> hxxp://go.microsoft.com/fwlink/?linkid=44661 InternetURL: C:\Users\Kacper\Favorites\Microsoft Websites\Microsoft At Home.url -> hxxp://go.microsoft.com/fwlink/?linkid=55424 InternetURL: C:\Users\Kacper\Favorites\Microsoft Websites\Microsoft At Work.url -> hxxp://go.microsoft.com/fwlink/?linkid=68920 InternetURL: C:\Users\Kacper\Favorites\Microsoft Websites\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813 InternetURL: C:\Users\Kacper\Favorites\Links\Suggested Sites.url -> hxxps://ieonline.microsoft.com/#ieslice InternetURL: C:\Users\Kacper\Favorites\Links\Web Slice Gallery.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315 InternetURL: C:\Users\Kacper\Downloads\Napisy24.pl.url -> hxxp://napisy24.pl/ ==================== End of Shortcut.txt =============================

GMER

Kod: Zaznacz wszystko: GMER 2.2.19882 - http://www.gmer.net Rootkit scan 2016-05-08 16:51:49 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9500325AS rev.D005DEM1 465,76GB Running: fzfc0eoz.exe; Driver: C:\Users\Kacper\AppData\Local\Temp\ufdiipoc.sys ---- User code sections - GMER 2.2 ---- .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075571401 2 bytes JMP 7595b263 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075571419 2 bytes JMP 7595b38e C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075571431 2 bytes JMP 759d90f1 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007557144a 2 bytes CALL 759348ad C:\Windows\syswow64\KERNEL32.dll .text ... * 9 .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000755714dd 2 bytes JMP 759d89ea C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000755714f5 2 bytes JMP 759d8bc0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007557150d 2 bytes JMP 759d88e0 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075571525 2 bytes JMP 759d8caa C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007557153d 2 bytes JMP 7594fce8 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075571555 2 bytes JMP 75956937 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007557156d 2 bytes JMP 759d91a9 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075571585 2 bytes JMP 759d8d0a C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007557159d 2 bytes JMP 759d88a4 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000755715b5 2 bytes JMP 7594fd81 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000755715cd 2 bytes JMP 7595b324 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000755716b2 2 bytes JMP 759d906c C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1800] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000755716bd 2 bytes JMP 759d8839 C:\Windows\syswow64\KERNEL32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 00000000777efab8 5 bytes JMP 000000006fec28e0 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe[1944] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 00000000777f0048 5 bytes JMP 000000006fec28a0 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 2B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [2B, F3, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 2B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, 2B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 2B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, 2B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, 2B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, 2B, F3, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075571401 2 bytes JMP 7595b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075571419 2 bytes JMP 7595b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075571431 2 bytes JMP 759d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007557144a 2 bytes CALL 759348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755714dd 2 bytes JMP 759d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755714f5 2 bytes JMP 759d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007557150d 2 bytes JMP 759d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075571525 2 bytes JMP 759d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007557153d 2 bytes JMP 7594fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075571555 2 bytes JMP 75956937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007557156d 2 bytes JMP 759d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075571585 2 bytes JMP 759d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007557159d 2 bytes JMP 759d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755715b5 2 bytes JMP 7594fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755715cd 2 bytes JMP 7595b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755716b2 2 bytes JMP 759d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755716bd 2 bytes JMP 759d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 35 0000000073b011a8 2 bytes [B0, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 248 0000000073b0127d 2 bytes CALL 759314c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SysWOW64\ksuser.dll!KsCreatePin + 395 0000000073b01310 2 bytes CALL 759314c9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SysWOW64\ksuser.dll!KsCreateAllocator + 21 0000000073b013a8 2 bytes [B0, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SysWOW64\ksuser.dll!KsCreateClock + 21 0000000073b01422 2 bytes [B0, 73] .text C:\Program Files (x86)\Skype\Phone\Skype.exe[3660] C:\Windows\SysWOW64\ksuser.dll!KsCreateTopologyNode + 19 0000000073b01498 2 bytes [B0, 73] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, EB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes {JMP 0xfffffffffffffff7} .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, EB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, EB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, EB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes {PUSH RAX; JMP 0xfffffffffffffff8} .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes {JMP 0xfffffffffffffff8} .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, EB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075571401 2 bytes JMP 7595b263 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075571419 2 bytes JMP 7595b38e C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075571431 2 bytes JMP 759d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007557144a 2 bytes CALL 759348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755714dd 2 bytes JMP 759d89ea C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755714f5 2 bytes JMP 759d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007557150d 2 bytes JMP 759d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075571525 2 bytes JMP 759d8caa C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007557153d 2 bytes JMP 7594fce8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075571555 2 bytes JMP 75956937 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007557156d 2 bytes JMP 759d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075571585 2 bytes JMP 759d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007557159d 2 bytes JMP 759d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755715b5 2 bytes JMP 7594fd81 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755715cd 2 bytes JMP 7595b324 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755716b2 2 bytes JMP 759d906c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\AVG Web TuneUp\vprot.exe[3776] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755716bd 2 bytes JMP 759d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, DB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [DB, F5, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, DB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, DB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, DB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, DB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, DB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, DB, F5, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3856] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, AB, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [AB, F6, 7E, 00, 00, 00, 00] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, AB, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, AB, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, AB, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, AB, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, AB, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, AB, F6, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe[3976] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, EB, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes {JMP 0xfffffffffffffff4} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, EB, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, EB, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, EB, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes {PUSH RAX; JMP 0xfffffffffffffff5} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes {JMP 0xfffffffffffffff5} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, EB, F2, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe[4052] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, FB, F1, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [FB, F1, 7E, 00, 00, 00, 00] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, FB, F1, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, FB, F1, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, FB, F1, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, FB, F1, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, FB, F1, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, FB, F1, 7E, 00, 00, 00, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075571401 2 bytes JMP 7595b263 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075571419 2 bytes JMP 7595b38e C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075571431 2 bytes JMP 759d90f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007557144a 2 bytes CALL 759348ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755714dd 2 bytes JMP 759d89ea C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755714f5 2 bytes JMP 759d8bc0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007557150d 2 bytes JMP 759d88e0 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075571525 2 bytes JMP 759d8caa C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007557153d 2 bytes JMP 7594fce8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075571555 2 bytes JMP 75956937 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007557156d 2 bytes JMP 759d91a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075571585 2 bytes JMP 759d8d0a C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007557159d 2 bytes JMP 759d88a4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755715b5 2 bytes JMP 7594fd81 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755715cd 2 bytes JMP 7595b324 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755716b2 2 bytes JMP 759d906c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\RunDll32.exe[4384] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755716bd 2 bytes JMP 759d8839 C:\Windows\syswow64\kernel32.dll .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [FB, EC, 7E, 00, 00, 00, 00] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, FB, EC, 7E, 00, 00, 00, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files\WIDCOMM\Bluetooth Software\Bluetooth Headset Helper.exe[2272] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 8B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [8B, EE, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 8B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, 8B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 8B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, 8B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, 8B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, 8B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [3B, EA, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, 3B, EA, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 0B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [0B, F6, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 0B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, 0B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 0B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, 0B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, 0B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, 0B, F6, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3828] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 7B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [7B, EE, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 7B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, 7B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 7B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, 7B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, 7B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, 7B, EE, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3200] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 6B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [6B, E9, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 6B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes {JO 0x6d; JMP 0x106} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 6B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, 6B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, 6B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, 6B, E9, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2392] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 2B, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [2B, F8, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 2B, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, 2B, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 2B, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, 2B, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, 2B, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, 2B, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 5B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [5B, F1, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 5B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, 5B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 5B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, 5B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, 5B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, 5B, F1, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5228] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 4B, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [4B, ED, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 4B, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, 4B, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 4B, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, 4B, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, 4B, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, 4B, ED, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4652] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 5B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes {POP RBX; JMP 0x2} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 5B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes {JO 0x5d; JMP 0x3} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 5B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes {PUSH RAX; POP RBX; JMP 0x3} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes {POP RBX; JMP 0x3} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, 5B, EB, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6496] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 4B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [4B, F4, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 4B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, 4B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 4B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, 4B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, 4B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, 4B, F4, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6836] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 9B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [9B, F5, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 9B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, 9B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 9B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, 9B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, 9B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, 9B, F5, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[6344] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, FB, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [FB, EC, FF, 00, 00, 00, 00] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, FB, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes [70, FB, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, FB, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, FB, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, FB, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes [30, FB, EC, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5756] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 388 00000000775f1234 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000775f12df 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 00000000775f1434 8 bytes [A0, 0B, E9, 7E, 00, 00, 00, ...] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 127 00000000775f17bf 7 bytes [0B, E9, 7E, 00, 00, 00, 00] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 00000000775f19c4 8 bytes [80, 0B, E9, 7E, 00, 00, 00, ...] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 00000000775f1aa4 8 bytes {JO 0xd; JMP 0x85} .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000775f1c25 8 bytes [60, 0B, E9, 7E, 00, 00, 00, ...] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000775f1d8f 8 bytes [50, 0B, E9, 7E, 00, 00, 00, ...] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 00000000775f1e75 8 bytes [40, 0B, E9, 7E, 00, 00, 00, ...] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 584 00000000775f20d8 8 bytes {XOR [RBX], CL; JMP 0x85} .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007763bc00 8 bytes {JMP QWORD [RIP-0x4a162]} .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007763bd80 8 bytes {JMP QWORD [RIP-0x4a161]} .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007763bdb0 8 bytes {JMP QWORD [RIP-0x4a982]} .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007763bed0 8 bytes {JMP QWORD [RIP-0x4a512]} .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007763bf80 8 bytes {JMP QWORD [RIP-0x4a7c8]} .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007763c5b0 8 bytes {JMP QWORD [RIP-0x4a4de]} .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007763c800 8 bytes {JMP QWORD [RIP-0x4a991]} .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007763d060 8 bytes {JMP QWORD [RIP-0x4b2d7]} .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074f713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074f7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074f716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074f719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074f719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Kacper\Downloads\fzfc0eoz.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074f71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff88004785ad8] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- User IAT/EAT - GMER 2.2 ---- IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[msvcrt.dll!memset] [10000000000] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[msvcrt.dll!free] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[msvcrt.dll!_XcptFilter] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[msvcrt.dll!_initterm] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[msvcrt.dll!_amsg_exit] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[msvcrt.dll!malloc] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[msvcrt.dll!memcpy] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!DbgPrint] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!EtwGetTraceLoggerHandle] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!EtwUnregisterTraceGuids] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!EtwRegisterTraceGuidsW] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!EtwTraceMessage] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!RtlVirtualUnwind] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!NtCreateFile] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!NtWaitForSingleObject] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!EtwGetTraceEnableFlags] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!RtlInitUnicodeString] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!EtwGetTraceEnableLevel] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!NtDeviceIoControlFile] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!RtlLookupFunctionEntry] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!RtlCaptureContext] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!NtClose] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[ntdll.dll!NtWaitForMultipleObjects] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[IPHLPAPI.DLL!IcmpCreateFile] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[IPHLPAPI.DLL!GetCurrentThreadCompartmentId] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[IPHLPAPI.DLL!SetCurrentThreadCompartmentId] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[IPHLPAPI.DLL!IcmpCloseHandle] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[IPHLPAPI.DLL!IcmpSendEcho] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[WS2_32.dll!FreeAddrInfoW] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[WS2_32.dll!GetAddrInfoW] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[nrpsrv.DLL!NrpStartRpcServer] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\lmhsvc.dll[nrpsrv.DLL!NrpStopRpcServer] [0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[msvcrt.dll!_XcptFilter] [4c00004f01258d4c] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[msvcrt.dll!_initterm] [bc800000314a3d8d] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[msvcrt.dll!free] [117500000000c024] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[msvcrt.dll!_amsg_exit] [30f815ffcb8b] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[msvcrt.dll!memset] [1597840ffffb83d8] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[msvcrt.dll!malloc] [59f53d80ed330000] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[msvcrt.dll!memcpy] [15e4850f000000] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[ntdll.dll!RtlLookupFunctionEntry] [8d48000007d03824] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[ntdll.dll!RtlVirtualUnwind] [f8302444c7502444] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[ntdll.dll!RtlCaptureContext] [20b94100001f] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!NdrServerCall2] [1638840ffff883] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!NdrServerCallAll] [210bb8d4800] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!RpcRevertToSelf] [1636850fe48445] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!RpcRaiseException] [319715ff0f8b00] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!RpcServerInqCallAttributesW] [4d078941e4334500] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!RpcEpUnregister] [909090c48b45ce8b] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!RpcServerUnregisterIfEx] [9090909090909090] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!RpcBindingVectorFree] [e0f741b21642c9b8] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!RpcEpRegisterW] [8aeaf604eac117b0] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!RpcServerInqBindings] [2ac0ff41c08a41c8] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!RpcServerRegisterIfEx] [ff490188414104c1] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!RpcImpersonateClient] [4cd97220f88341c1] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[RPCRT4.dll!RpcServerUseProtseqW] [2464884458246489] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[WS2_32.dll!GetNameInfoW] [c8b8b0000074be8] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[WS2_32.dll!FreeAddrInfoExW] [c13be88b44000002] IAT C:\Windows\System32\svchost.exe[524] @ c:\windows\system32\nrpsrv.DLL[WS2_32.dll!GetAddrInfoExW] [d7840fdc3b41] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\system32\AUDIODG.EXE[ntdll.dll!NtAlpcSendWaitReceivePort] [777a0000] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\System32\kernel32.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\System32\KERNELBASE.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\System32\RPCRT4.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [777a0000] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\System32\RPCRT4.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\System32\USER32.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\System32\GDI32.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\System32\ole32.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [777a0000] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\system32\MSCTF.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\system32\ADVAPI32.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\system32\CRYPTBASE.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\system32\RpcRtRemote.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\system32\ntmarta.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\system32\CRYPTSP.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\system32\rsaenh.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\System32\audioses.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [777a0000] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\System32\AVRT.dll[ntdll.dll!NtAlpcSendWaitReceivePort] [777a0000] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\system32\SETUPAPI.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\System32\CRYPT32.dll[ntdll.dll!NtClose] [777a0010] IAT C:\Windows\system32\AUDIODG.EXE[1116] @ C:\Windows\system32\WS2_32.dll[ntdll.dll!NtClose] [777a0010] ---- Threads - GMER 2.2 ---- Thread C:\Windows\system32\svchost.exe [1248:2264] 000007fef4cbbd70 Thread C:\Windows\system32\svchost.exe [1248:3816] 000007fef4ec5170 Thread C:\Windows\system32\svchost.exe [1248:5464] 000007fef4c55124 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3240:5544] 000007fefb5f2af4 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3240:5616] 000007feeacb8f70 Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3240:5820] 000007fef4c55124 Thread C:\Windows\System32\svchost.exe [4060:5960] 000007fef27a9688 ---- Registry - GMER 2.2 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885be08cc Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c01885be08cc@8cbfa69e3c34 0xEE 0x86 0x15 0x05 ... Reg HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch@Epoch 12735 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E9799578-E7F3-4489-90A3-75F5310E6E15}@LeaseObtainedTime 1462720377 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E9799578-E7F3-4489-90A3-75F5310E6E15}@T1 1462722177 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E9799578-E7F3-4489-90A3-75F5310E6E15}@T2 1462723527 Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{E9799578-E7F3-4489-90A3-75F5310E6E15}@LeaseTerminatesTime 1462723977 Reg HKLM\SYSTEM\CurrentControlSet\services\{E9799578-E7F3-4489-90A3-75F5310E6E15}\Parameters\Tcpip@LeaseObtainedTime 1462720377 Reg HKLM\SYSTEM\CurrentControlSet\services\{E9799578-E7F3-4489-90A3-75F5310E6E15}\Parameters\Tcpip@T1 1462722177 Reg HKLM\SYSTEM\CurrentControlSet\services\{E9799578-E7F3-4489-90A3-75F5310E6E15}\Parameters\Tcpip@T2 1462723527 Reg HKLM\SYSTEM\CurrentControlSet\services\{E9799578-E7F3-4489-90A3-75F5310E6E15}\Parameters\Tcpip@LeaseTerminatesTime 1462723977 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885be08cc (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c01885be08cc@8cbfa69e3c34 0xEE 0x86 0x15 0x05 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ ---- Files - GMER 2.2 ---- File C:\Users\Kacper\AppData\Local\Temp\WERC75C.tmp.resp.erc.xml 0 bytes File C:\Windows\Temp\WERC0D2.tmp.resp 0 bytes ---- EOF - GMER 2.2 ----

**Posty:** 4765 · przez **ordynat** 08 Maj 2016, 18:30

W sprawie WIfI nie pomogę, bo nie znam się na tym.Poza tym taki problem to nie do tego działu forum.

Co do logów:
Otwórz Notatnik i wklej w nim:

S3 iscFlash; \??\C:\Users\Kacper\AppData\Local\Temp\7zSA0D0.tmp\iscflashx64.sys [X]
R2 vToolbarUpdater40.2.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.9\ToolbarUpdater.exe [1964616 2016-04-12] (AVG Secure Search)
C:\Program Files (x86)\Common Files\AVG Secure Search
CHR StartupUrls: Default -> "hxxp://www.gaytube.com/","hxxp://www.gazeta.pl/0,0.html?p=166","hxxp://www.oursurfing.com/?type=hp&ts=1444936854&z=0d298ef63ececa276ca283dgez5z9z7t0c2q2bdwbz&from=exp1&uid=st9500325as_5vesa3v7xxxx5vesa3v7"
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.9\\npsitesafety.dll [No File]
HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={9591EFBC-3249-44CC-9F1F-C5A3977869B9}&mid=13aab01ea96647cc8c1c1151c35ae13f-c631a4dd210e35c9ffaae1291418dcb592aa65a5&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0316av&pr=fr&d=2016-03-14 19:21:43&v=4.2.9.726&pid=wtu&sg=&sap=hp
SearchScopes: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={9591EFBC-3249-44CC-9F1F-C5A3977869B9}&mid=13aab01ea96647cc8c1c1151c35ae13f-c631a4dd210e35c9ffaae1291418dcb592aa65a5&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-14 19:21:43&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3882396738-2429366467-2688263373-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={9591EFBC-3249-44CC-9F1F-C5A3977869B9}&mid=13aab01ea96647cc8c1c1151c35ae13f-c631a4dd210e35c9ffaae1291418dcb592aa65a5&lang=pl&ds=AVG&coid=avgtbavg&cmpid=0516tb&pr=fr&d=2016-03-14 19:21:43&v=4.2.9.726&pid=wtu&sg=&sap=dsp&q={searchTerms}
HKU\S-1-5-21-3882396738-2429366467-2688263373-1000\...\Policies\Explorer: []
C:\Users\Kacper\AppData\Local\Akamai\netsession_win.exe
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix (NAPRAW).
.