Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 483

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: preg_replace(): The /e modifier is deprecated, use preg_replace_callback instead in /home/mati/domains/forum.programosy.pl/public_html/includes/bbcode.php on line 112

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 27

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 28

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 29

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 30

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 31

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 32

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 33

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 35

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 36

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 37

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 38

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 39

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 40

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 41

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 42

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 43

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 44

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 45

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 47

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 48

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 49

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 50

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 51

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 52

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 53

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 54

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 55

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 56

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 80

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 81

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 82

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 83

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 84

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 85

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 86

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 87

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 88

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 89

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 90

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 91

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 92

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 93

Deprecated: Function eregi() is deprecated in /home/mati/domains/forum.programosy.pl/public_html/includes/functions_gfxua.php on line 94

Strict Standards: Non-static method utf_normalizer::nfkc() should not be called statically in /home/mati/domains/forum.programosy.pl/public_html/includes/utf/utf_tools.php on line 1663
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3900: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3902: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3903: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
[phpBB Debug] PHP Notice: in file /includes/functions.php on line 3904: Cannot modify header information - headers already sent by (output started at /includes/bbcode.php:483)
Search.conduit + 4 strony startowe • programosy.pl

  • Ogłoszenie:

Search.conduit + 4 strony startowe

Bezpieczeństwo systemów, usuwanie wirusów, dobieranie programów antywirusowych. Obowiązkowe logi w tym dziale: trzy z FRST + Gmer.

Search.conduit + 4 strony startowe

Postprzez SnoopG 08 Wrz 2014, 11:14

reklama
Witam mam pewien problem, zainstalowało mi się jakieś dziadostwo o nazwie "search.conduit". Niestety nie jestem wstanie tego sam usunąć.
\co ciekawe gdy włączam przeglądarkę to są aż 4 strony startowe, jedna to search.conduit, druga to google.pl/?gws_rd=ssl a dwie pozostałe to również strony google tylko z różnymi linkami:
1.l/?gfe_rd=cr&ei=ol8NVPvCAYah8weunoGQCQ&gws_rd=ssl
2./?gfe_rd=cr&ei=ol8NVJyeNoah8weunoGQCQ&gws_rd=ssl

Logi z OTL

Kod: Zaznacz wszystko
OTL logfile created on: 2014-09-08 09:58:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dell\Desktop\!!!!Czysczenie
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,87 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 48,38% Memory free
7,73 Gb Paging File | 5,01 Gb Available in Paging File | 64,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 126,46 Gb Free Space | 64,75% Space Free | Partition Type: NTFS
Drive D: | 270,35 Gb Total Space | 112,80 Gb Free Space | 41,72% Space Free | Partition Type: NTFS

Computer Name: DELL-KOMPUTER | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014-09-08 09:54:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\!!!!Czysczenie\OTL.exe
PRC - [2014-08-30 04:49:43 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-08-22 23:56:19 | 000,196,504 | ---- | M] (APN LLC.) -- C:\Users\Dell\AppData\Local\VNT\vntldr.exe
PRC - [2014-08-22 23:56:12 | 001,942,424 | ---- | M] (APN) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
PRC - [2014-08-22 23:56:12 | 000,166,296 | ---- | M] (APN LLC.) -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
PRC - [2014-07-02 21:31:43 | 001,322,832 | ---- | M] (BitTorrent Inc.) -- C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2014-06-12 01:42:22 | 000,591,776 | ---- | M] (Fuyu LIMITED) -- C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
PRC - [2014-05-08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014-05-08 10:47:44 | 002,993,376 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2014-04-20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
PRC - [2014-04-20 16:15:18 | 000,192,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
PRC - [2014-04-20 01:41:12 | 000,860,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
PRC - [2014-04-20 01:41:10 | 000,359,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
PRC - [2014-03-11 07:04:00 | 006,033,408 | ---- | M] ( ) -- C:\Program Files (x86)\ChomikBox\chomikbox.exe
PRC - [2010-11-20 04:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009-11-04 13:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009-11-04 13:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014-08-30 04:49:41 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
MOD - [2014-08-30 04:49:38 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
MOD - [2014-08-30 04:49:33 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
MOD - [2014-08-30 04:49:31 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
MOD - [2014-08-30 04:49:30 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
MOD - [2014-04-23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014-04-23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014-03-03 23:05:14 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\tsplugins\integration\chomikbox_win7.tsp
MOD - [2014-01-21 20:07:52 | 008,878,248 | ---- | M] () -- C:\PROGRA~2\MICROS~1\Office15\1033\GrooveIntlResource.dll
MOD - [2011-12-02 14:15:16 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstcontroller-0.10.dll
MOD - [2011-12-02 14:15:16 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstpbutils-0.10.dll
MOD - [2011-12-02 14:15:16 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstinterfaces-0.10.dll
MOD - [2011-12-02 14:15:14 | 001,520,128 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libvorbisenc-2.dll
MOD - [2011-12-02 14:15:14 | 000,718,336 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgnutls-26.dll
MOD - [2011-12-02 14:15:14 | 000,699,392 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstreamer-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,604,160 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgcrypt-11.dll
MOD - [2011-12-02 14:15:14 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libFLAC-8.dll
MOD - [2011-12-02 14:15:14 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libvorbis-0.dll
MOD - [2011-12-02 14:15:14 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgsttag-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\avutil-lgpl-50.dll
MOD - [2011-12-02 14:15:14 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstaudio-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstrtp-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libbz2.dll
MOD - [2011-12-02 14:15:14 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstapp-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgpg-error-0.dll
MOD - [2011-12-02 14:15:14 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libogg-0.dll
MOD - [2011-12-02 14:15:06 | 000,228,864 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstdirectsound.dll
MOD - [2011-12-02 14:15:06 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstcoreelements.dll
MOD - [2011-12-02 14:15:06 | 000,197,632 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstplaybin.dll
MOD - [2011-12-02 14:15:06 | 000,180,736 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstffmpeg-lgpl.dll
MOD - [2011-12-02 14:15:06 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegdemux.dll
MOD - [2011-12-02 14:15:06 | 000,149,504 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstqtdemux.dll
MOD - [2011-12-02 14:15:06 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstogg.dll
MOD - [2011-12-02 14:15:06 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstqtmux.dll
MOD - [2011-12-02 14:15:06 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstasf.dll
MOD - [2011-12-02 14:15:06 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstdecodebin2.dll
MOD - [2011-12-02 14:15:06 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstaudioconvert.dll
MOD - [2011-12-02 14:15:06 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libtasn1-3.dll
MOD - [2011-12-02 14:15:06 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstflac.dll
MOD - [2011-12-02 14:15:06 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstasfmux.dll
MOD - [2011-12-02 14:15:06 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgsttypefindfunctions.dll
MOD - [2011-12-02 14:15:06 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegstream.dll
MOD - [2011-12-02 14:15:06 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstvorbis.dll
MOD - [2011-12-02 14:15:06 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstaudioresample.dll
MOD - [2011-12-02 14:15:06 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwavpack.dll
MOD - [2011-12-02 14:15:06 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegaudioparse.dll
MOD - [2011-12-02 14:15:06 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwavparse.dll
MOD - [2011-12-02 14:15:06 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegtsmux.dll
MOD - [2011-12-02 14:15:06 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstaiff.dll
MOD - [2011-12-02 14:15:06 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstrawparse.dll
MOD - [2011-12-02 14:15:06 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstinterleave.dll
MOD - [2011-12-02 14:15:06 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstreplaygain.dll
MOD - [2011-12-02 14:15:06 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstvolume.dll
MOD - [2011-12-02 14:15:06 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstdecodebin.dll
MOD - [2011-12-02 14:15:06 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstid3demux.dll
MOD - [2011-12-02 14:15:06 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstreal.dll
MOD - [2011-12-02 14:15:06 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegpsmux.dll
MOD - [2011-12-02 14:15:06 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstautodetect.dll
MOD - [2011-12-02 14:15:06 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstequalizer.dll
MOD - [2011-12-02 14:15:06 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstneonhttpsrc.dll
MOD - [2011-12-02 14:15:06 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstcdxaparse.dll
MOD - [2011-12-02 14:15:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgsttta.dll
MOD - [2011-12-02 14:15:06 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstaudiorate.dll
MOD - [2011-12-02 14:15:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwasapi.dll
MOD - [2011-12-02 14:15:06 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstlevel.dll
MOD - [2011-12-02 14:15:06 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstauparse.dll
MOD - [2011-12-02 14:15:06 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstalaw.dll
MOD - [2011-12-02 14:15:06 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstspeed.dll
MOD - [2011-12-02 14:15:06 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwaveformsink.dll
MOD - [2011-12-02 14:15:06 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgsticydemux.dll
MOD - [2011-12-02 14:15:06 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwaveenc.dll
MOD - [2011-12-02 14:15:06 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstapetag.dll
MOD - [2011-12-02 14:15:06 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstnetsim.dll
MOD - [2011-12-02 14:15:06 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstacmmp3dec.dll
MOD - [2011-12-02 14:15:06 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgststereo.dll
MOD - [2011-12-02 14:15:06 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstcoreindexers.dll
MOD - [2011-12-02 14:15:06 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstapp.dll
MOD - [2011-12-02 14:14:40 | 000,881,664 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\avformat-lgpl-52.dll
MOD - [2011-12-02 14:14:40 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libexpat-1.dll
MOD - [2011-12-02 14:14:40 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\z.dll
MOD - [2011-12-02 14:14:32 | 005,038,592 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\avcodec-lgpl-52.dll
MOD - [2011-12-02 14:14:32 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libxml2-2.dll
MOD - [2011-12-02 14:14:32 | 000,563,712 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\liborc-0.4-0.dll
MOD - [2011-12-02 14:14:32 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstbase-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libwavpack-1.dll
MOD - [2011-12-02 14:14:32 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libneon-27.dll
MOD - [2011-12-02 14:14:32 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstrtsp-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstriff-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstvideo-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstsdp-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\avcore-lgpl-0.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2014-06-25 18:41:47 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:[b]64bit:[/b] - [2014-06-21 00:19:27 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:[b]64bit:[/b] - [2010-04-07 04:35:04 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009-03-03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe -- (AESTFilters)
SRV - [2014-08-22 23:56:12 | 000,166,296 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)
SRV - [2014-07-09 02:58:36 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-06-12 01:42:22 | 000,591,776 | ---- | M] (Fuyu LIMITED) [Auto | Running] -- C:\ProgramData\WindowsProtectManger\wprotectmanager.exe -- (WindowsProtectManger)
SRV - [2014-05-08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014-04-20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe -- (AVP15.0.0)
SRV - [2014-04-03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-04-07 04:35:04 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe -- (STacSV)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-11-04 13:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009-11-04 13:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe -- (AESTFilters)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2014-09-08 00:38:36 | 000,792,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:[b]64bit:[/b] - [2014-09-08 00:38:36 | 000,140,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:[b]64bit:[/b] - [2014-06-21 00:19:27 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:[b]64bit:[/b] - [2014-06-21 00:19:26 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2014-06-13 13:36:28 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys -- ({57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64)
DRV:[b]64bit:[/b] - [2014-04-10 17:25:34 | 000,243,808 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)
DRV:[b]64bit:[/b] - [2014-03-28 17:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:[b]64bit:[/b] - [2014-03-26 17:05:28 | 000,179,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:[b]64bit:[/b] - [2014-03-25 16:26:04 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:[b]64bit:[/b] - [2014-02-25 13:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:[b]64bit:[/b] - [2014-02-20 12:59:04 | 000,457,824 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:[b]64bit:[/b] - [2013-08-08 17:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:[b]64bit:[/b] - [2013-04-12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:[b]64bit:[/b] - [2013-03-18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2010-11-20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010-11-20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010-04-07 04:35:04 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2010-03-04 21:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010-02-27 07:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2010-01-28 06:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2009-12-10 19:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2009-09-17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-29 00:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1403544030&from=smt&uid=HGSTXHTS545050A7E380_TM85014C03BTJL03BTJLX&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1403544030&from=smt&uid=HGSTXHTS545050A7E380_TM85014C03BTJL03BTJLX&q={searchTerms}
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1403544030&from=smt&uid=HGSTXHTS545050A7E380_TM85014C03BTJL03BTJLX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1403544030&from=smt&uid=HGSTXHTS545050A7E380_TM85014C03BTJL03BTJLX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-08 00:11:39 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-08 00:11:41 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-08 00:11:42 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-08 00:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-08 00:11:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-08 00:38:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-08 00:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-08 00:11:41 | 000,000,000 | ---D | M]

[2014-01-21 20:07:48 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchya.com/?s=0&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByD0EtB0F0C0E0CtBtDtBtN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1396349096
CHR - plugin: Error reading preferences file
CHR - Extension: KMP Media Toolbar = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaipkbmjkakicapiinmamgjlkaeehh\45.6_0\
CHR - Extension: Dokumenty Google = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Dysk Google = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Kingdom Rush = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.1.0.1_0\
CHR - Extension: Szukaj w Google = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky Protection = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho\4.0.9.130_0\
CHR - Extension: Ocean Pacific = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecaabliejjdikjnkahhikeelbblahgoi\3_0\
CHR - Extension: AdBlock = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: Rozszerzenie Subskrypcje RSS (od Google) = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.4_0\
CHR - Extension: Google Wallet = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [fst_pl_141]  File not found
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [VNT] C:\Program Files (x86)\VNT\vntldr.exe (APN LLC.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000..\Run: [ChomikBox] C:\Program Files (x86)\ChomikBox\chomikbox.exe ( )
O4 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000..\Run: [uTorrent] C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O8:[b]64bit:[/b] - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()
O9:[b]64bit:[/b] - Extra Button: Klawiatura wirtualna - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:[b]64bit:[/b] - Extra Button: Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Klawiatura wirtualna - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF4BDEC9-0547-4347-BFA5-6483D5BFD1BF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) -  File not found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014-06-25 17:58:08 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014-09-08 09:51:43 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\!!!!Czysczenie
[2014-09-08 00:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
[2014-09-08 00:10:35 | 000,792,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014-09-08 00:10:35 | 000,243,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klhk.sys
[2014-09-08 00:10:35 | 000,140,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014-09-02 18:18:23 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\ps_actions_12_by_blaxbla-d3fkia2
[2014-09-02 18:18:19 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\action_pack_4___free_by_lomita-d2h13uv
[2014-09-02 18:18:13 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\portrait_action_by_provity-d2trsx8
[2014-09-02 18:18:02 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\50_photoshop_portrait_actions
[2014-09-01 23:14:18 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\Adobe Acrobat XI Pro 11.0.0 RePack
[2014-09-01 23:06:08 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]
[2014-08-31 09:29:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014-08-31 09:03:01 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\PS

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014-09-08 10:02:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-09-08 09:58:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-09-08 09:55:07 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-09-08 09:55:07 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-09-08 09:47:59 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-09-08 09:47:21 | 3113,164,800 | -HS- | M] () -- C:\hiberfil.sys
[2014-09-08 09:45:41 | 000,002,330 | ---- | M] () -- C:\Users\Dell\Desktop\Bezpieczne pieniądze.lnk
[2014-09-08 09:32:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-09-08 00:38:36 | 000,792,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014-09-08 00:38:36 | 000,140,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014-09-08 00:12:08 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2014-09-08 00:04:25 | 000,000,163 | ---- | M] () -- C:\Users\Dell\Desktop\CBIT1-140905-12527-04.zip
[2014-09-06 08:16:23 | 005,754,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014-09-05 20:20:45 | 000,425,984 | ---- | M] () -- C:\Users\Dell\Documents\Untitled-1.indd
[2014-09-05 06:44:07 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-09-04 07:47:32 | 000,510,501 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 3.JPG
[2014-09-04 07:47:32 | 000,477,163 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 5.JPG
[2014-09-04 07:47:32 | 000,417,763 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 2.JPG
[2014-09-04 07:47:32 | 000,371,544 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 4.JPG
[2014-09-04 07:47:32 | 000,350,314 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 1.JPG
[2014-09-04 07:46:54 | 002,095,433 | ---- | M] () -- C:\Users\Dell\Desktop\Gmail.zip
[2014-09-03 18:41:55 | 001,201,894 | ---- | M] () -- C:\Users\Dell\Desktop\wq.pdf
[2014-09-02 22:26:25 | 003,203,763 | ---- | M] () -- C:\Users\Dell\Desktop\vxcvxcxvc.png
[2014-09-02 22:26:19 | 000,000,132 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe
[2014-09-02 22:25:51 | 000,241,309 | ---- | M] () -- C:\Users\Dell\Desktop\138234ef2d52e2caf6d5001a3736c207.png
[2014-09-02 22:25:07 | 000,252,640 | ---- | M] () -- C:\Users\Dell\Desktop\40706aa1b8b59c75c42089173fb0bce5.jpg
[2014-09-02 22:24:54 | 000,240,444 | ---- | M] () -- C:\Users\Dell\Desktop\8c88175f0873b3c59fcf9d21ef4bdda4.jpg
[2014-09-02 22:21:18 | 206,218,934 | ---- | M] () -- C:\Users\Dell\Desktop\IMG_0541.psd
[2014-09-02 22:17:20 | 000,236,588 | ---- | M] () -- C:\Users\Dell\Desktop\281d0fa23e3765b16c8cd1dacb82dde4.jpg
[2014-09-02 22:15:03 | 000,095,296 | ---- | M] () -- C:\Users\Dell\Desktop\tumblr_mx8v07youX1ry9ihzo1_500.jpg
[2014-09-02 22:14:09 | 000,117,208 | ---- | M] () -- C:\Users\Dell\Desktop\70ce197a10b42dc5cd84f6dd4ce6892d.jpg
[2014-09-02 22:13:19 | 000,030,455 | ---- | M] () -- C:\Users\Dell\Desktop\dolla-dolla-bill-yall-sloth-meme.jpg
[2014-09-02 22:13:08 | 000,320,860 | ---- | M] () -- C:\Users\Dell\Desktop\new_sloth_face_0914b.jpg
[2014-09-02 22:12:10 | 004,409,720 | ---- | M] () -- C:\Users\Dell\Desktop\santa_muerte__negra__by_sblokrew-d5agbuq (1).jpg
[2014-09-02 22:11:41 | 000,182,710 | ---- | M] () -- C:\Users\Dell\Desktop\santa_muerte__negra__by_sblokrew-d5agbuq.jpg
[2014-09-02 22:09:47 | 000,044,925 | ---- | M] () -- C:\Users\Dell\Desktop\SlothTShirt_PirateSloth_Black_1.jpg
[2014-09-02 21:58:37 | 000,192,045 | ---- | M] () -- C:\Users\Dell\Desktop\347-Men_Sloth.jpg
[2014-09-02 21:55:34 | 032,498,035 | ---- | M] () -- C:\Users\Dell\Desktop\fdggf.png
[2014-09-02 21:39:19 | 004,035,734 | ---- | M] () -- C:\Users\Dell\Desktop\IMG_054re1.png
[2014-09-02 21:34:07 | 003,398,006 | ---- | M] () -- C:\Users\Dell\Desktop\IMG_0541.png
[2014-09-02 21:16:00 | 025,419,924 | ---- | M] () -- C:\Users\Dell\Desktop\okladka.ai
[2014-09-02 20:00:51 | 006,558,343 | ---- | M] () -- C:\Users\Dell\Desktop\fgd.jpg
[2014-09-02 19:52:23 | 001,536,401 | ---- | M] () -- C:\Users\Dell\Desktop\fgd - Kopia.jpg
[2014-09-02 19:37:12 | 006,469,236 | ---- | M] () -- C:\Users\Dell\Desktop\_DSCd9339.jpg
[2014-09-02 18:14:25 | 000,000,505 | ---- | M] () -- C:\Users\Dell\Desktop\ps_actions_12_by_blaxbla-d3fkia2.rar
[2014-09-02 18:14:09 | 000,694,174 | ---- | M] () -- C:\Users\Dell\Desktop\portrait_action_by_provity-d2trsx8.zip
[2014-09-02 18:14:00 | 000,001,467 | ---- | M] () -- C:\Users\Dell\Desktop\action_pack_4___free_by_lomita-d2h13uv.zip
[2014-09-02 18:08:20 | 000,024,559 | ---- | M] () -- C:\Users\Dell\Desktop\caitlins_actions__by_mumbojumbo89.atn
[2014-09-02 18:06:34 | 000,008,673 | ---- | M] () -- C:\Users\Dell\Desktop\50_photoshop_portrait_actions.zip
[2014-09-02 17:14:32 | 011,743,431 | ---- | M] () -- C:\Users\Dell\Desktop\okadkafxmag.zip
[2014-09-02 17:13:40 | 004,043,973 | ---- | M] () -- C:\Users\Dell\Desktop\_DSC9339.jpg
[2014-09-02 17:13:40 | 003,088,694 | ---- | M] () -- C:\Users\Dell\Desktop\_DSC9408.jpg
[2014-09-02 17:13:40 | 002,832,451 | ---- | M] () -- C:\Users\Dell\Desktop\_DSC9369.jpg
[2014-09-02 17:13:40 | 001,841,814 | ---- | M] () -- C:\Users\Dell\Desktop\_DSC9884.jpg
[2014-09-02 17:13:40 | 000,002,858 | ---- | M] () -- C:\Users\Dell\Desktop\image001.jpg
[2014-09-01 23:10:21 | 000,019,143 | ---- | M] () -- C:\Users\Dell\Desktop\Adobe_Photoshop_CS6_Extended_Final_CS6_13 0_x86x64_[PL]_[Crack][Torrenty.org].torrent
[2014-09-01 23:08:52 | 000,014,730 | ---- | M] () -- C:\Users\Dell\Desktop\Adobe_Photoshop_CS6_v13 0_Extended_Final_x86_x64_[PL]_[Crack][Armaros-torrenty org][Torrenty.org].torrent
[2014-09-01 01:06:41 | 000,403,601 | ---- | M] () -- C:\Users\Dell\Desktop\158210_original.jpg
[2014-08-31 17:05:38 | 002,101,596 | ---- | M] () -- C:\Users\Dell\Desktop\IMG_0541.JPG
[2014-08-31 09:11:23 | 001,343,611 | ---- | M] () -- C:\Users\Dell\Desktop\tatuaz.ai
[2014-08-31 08:56:46 | 001,662,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-08-31 08:56:46 | 000,737,880 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2014-08-31 08:56:46 | 000,652,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-08-31 08:56:46 | 000,154,536 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2014-08-31 08:56:46 | 000,120,980 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-08-13 19:22:14 | 000,121,809 | ---- | M] () -- C:\Users\Dell\Desktop\jonathan-s-harris_praying-angel.zip
[2014-08-13 18:55:23 | 000,140,836 | ---- | M] () -- C:\Users\Dell\Desktop\Infinity_by_Tarin_Yuangtrakul.rar
[2014-08-13 18:48:29 | 000,187,146 | ---- | M] () -- C:\Users\Dell\Desktop\Nord™ Typefamily.zip
[2014-08-13 18:47:40 | 000,008,041 | ---- | M] () -- C:\Users\Dell\Desktop\Komoda.zip
[2014-08-13 18:47:09 | 000,048,546 | ---- | M] () -- C:\Users\Dell\Desktop\Elegant Lux Mager.zip
[2014-08-13 18:46:27 | 005,766,338 | ---- | M] () -- C:\Users\Dell\Desktop\futuracha.eps

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014-09-08 00:16:22 | 000,002,330 | ---- | C] () -- C:\Users\Dell\Desktop\Bezpieczne pieniądze.lnk
[2014-09-08 00:13:08 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2014-09-08 00:04:24 | 000,000,163 | ---- | C] () -- C:\Users\Dell\Desktop\CBIT1-140905-12527-04.zip
[2014-09-05 20:20:43 | 000,425,984 | ---- | C] () -- C:\Users\Dell\Documents\Untitled-1.indd
[2014-09-04 07:50:28 | 000,510,501 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 3.JPG
[2014-09-04 07:50:28 | 000,477,163 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 5.JPG
[2014-09-04 07:50:28 | 000,417,763 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 2.JPG
[2014-09-04 07:50:28 | 000,371,544 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 4.JPG
[2014-09-04 07:50:28 | 000,350,314 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 1.JPG
[2014-09-04 07:46:48 | 002,095,433 | ---- | C] () -- C:\Users\Dell\Desktop\Gmail.zip
[2014-09-03 18:41:47 | 001,201,894 | ---- | C] () -- C:\Users\Dell\Desktop\wq.pdf
[2014-09-02 22:26:17 | 003,203,763 | ---- | C] () -- C:\Users\Dell\Desktop\vxcvxcxvc.png
[2014-09-02 22:25:49 | 000,241,309 | ---- | C] () -- C:\Users\Dell\Desktop\138234ef2d52e2caf6d5001a3736c207.png
[2014-09-02 22:25:05 | 000,252,640 | ---- | C] () -- C:\Users\Dell\Desktop\40706aa1b8b59c75c42089173fb0bce5.jpg
[2014-09-02 22:24:47 | 000,240,444 | ---- | C] () -- C:\Users\Dell\Desktop\8c88175f0873b3c59fcf9d21ef4bdda4.jpg
[2014-09-02 22:20:48 | 206,218,934 | ---- | C] () -- C:\Users\Dell\Desktop\IMG_0541.psd
[2014-09-02 22:17:20 | 000,236,588 | ---- | C] () -- C:\Users\Dell\Desktop\281d0fa23e3765b16c8cd1dacb82dde4.jpg
[2014-09-02 22:14:59 | 000,095,296 | ---- | C] () -- C:\Users\Dell\Desktop\tumblr_mx8v07youX1ry9ihzo1_500.jpg
[2014-09-02 22:14:08 | 000,117,208 | ---- | C] () -- C:\Users\Dell\Desktop\70ce197a10b42dc5cd84f6dd4ce6892d.jpg
[2014-09-02 22:13:18 | 000,030,455 | ---- | C] () -- C:\Users\Dell\Desktop\dolla-dolla-bill-yall-sloth-meme.jpg
[2014-09-02 22:13:07 | 000,320,860 | ---- | C] () -- C:\Users\Dell\Desktop\new_sloth_face_0914b.jpg
[2014-09-02 22:12:06 | 004,409,720 | ---- | C] () -- C:\Users\Dell\Desktop\santa_muerte__negra__by_sblokrew-d5agbuq (1).jpg
[2014-09-02 22:11:39 | 000,182,710 | ---- | C] () -- C:\Users\Dell\Desktop\santa_muerte__negra__by_sblokrew-d5agbuq.jpg
[2014-09-02 22:09:43 | 000,044,925 | ---- | C] () -- C:\Users\Dell\Desktop\SlothTShirt_PirateSloth_Black_1.jpg
[2014-09-02 21:58:26 | 000,192,045 | ---- | C] () -- C:\Users\Dell\Desktop\347-Men_Sloth.jpg
[2014-09-02 21:46:11 | 032,498,035 | ---- | C] () -- C:\Users\Dell\Desktop\fdggf.png
[2014-09-02 21:39:08 | 004,035,734 | ---- | C] () -- C:\Users\Dell\Desktop\IMG_054re1.png
[2014-09-02 21:33:47 | 003,398,006 | ---- | C] () -- C:\Users\Dell\Desktop\IMG_0541.png
[2014-09-02 21:28:04 | 002,101,596 | ---- | C] () -- C:\Users\Dell\Desktop\IMG_0541.JPG
[2014-09-02 21:15:59 | 025,419,924 | ---- | C] () -- C:\Users\Dell\Desktop\okladka.ai
[2014-09-02 20:00:16 | 001,536,401 | ---- | C] () -- C:\Users\Dell\Desktop\fgd - Kopia.jpg
[2014-09-02 19:52:14 | 006,558,343 | ---- | C] () -- C:\Users\Dell\Desktop\fgd.jpg
[2014-09-02 19:37:02 | 006,469,236 | ---- | C] () -- C:\Users\Dell\Desktop\_DSCd9339.jpg
[2014-09-02 18:14:23 | 000,000,505 | ---- | C] () -- C:\Users\Dell\Desktop\ps_actions_12_by_blaxbla-d3fkia2.rar
[2014-09-02 18:14:06 | 000,694,174 | ---- | C] () -- C:\Users\Dell\Desktop\portrait_action_by_provity-d2trsx8.zip
[2014-09-02 18:13:57 | 000,001,467 | ---- | C] () -- C:\Users\Dell\Desktop\action_pack_4___free_by_lomita-d2h13uv.zip
[2014-09-02 18:08:19 | 000,024,559 | ---- | C] () -- C:\Users\Dell\Desktop\caitlins_actions__by_mumbojumbo89.atn
[2014-09-02 18:06:21 | 000,008,673 | ---- | C] () -- C:\Users\Dell\Desktop\50_photoshop_portrait_actions.zip
[2014-09-02 17:35:46 | 004,043,973 | ---- | C] () -- C:\Users\Dell\Desktop\_DSC9339.jpg
[2014-09-02 17:35:46 | 003,088,694 | ---- | C] () -- C:\Users\Dell\Desktop\_DSC9408.jpg
[2014-09-02 17:35:46 | 002,832,451 | ---- | C] () -- C:\Users\Dell\Desktop\_DSC9369.jpg
[2014-09-02 17:35:46 | 001,841,814 | ---- | C] () -- C:\Users\Dell\Desktop\_DSC9884.jpg
[2014-09-02 17:35:46 | 000,002,858 | ---- | C] () -- C:\Users\Dell\Desktop\image001.jpg
[2014-09-02 17:13:39 | 011,743,431 | ---- | C] () -- C:\Users\Dell\Desktop\okadkafxmag.zip
[2014-09-02 16:55:26 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2014-09-02 16:54:36 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2014-09-02 16:53:35 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2014-09-01 23:10:19 | 000,019,143 | ---- | C] () -- C:\Users\Dell\Desktop\Adobe_Photoshop_CS6_Extended_Final_CS6_13 0_x86x64_[PL]_[Crack][Torrenty.org].torrent
[2014-09-01 23:08:42 | 000,014,730 | ---- | C] () -- C:\Users\Dell\Desktop\Adobe_Photoshop_CS6_v13 0_Extended_Final_x86_x64_[PL]_[Crack][Armaros-torrenty org][Torrenty.org].torrent
[2014-09-01 01:06:38 | 000,403,601 | ---- | C] () -- C:\Users\Dell\Desktop\158210_original.jpg
[2014-08-13 19:25:16 | 001,343,611 | ---- | C] () -- C:\Users\Dell\Desktop\tatuaz.ai
[2014-08-13 19:22:12 | 000,121,809 | ---- | C] () -- C:\Users\Dell\Desktop\jonathan-s-harris_praying-angel.zip
[2014-08-13 18:55:22 | 000,140,836 | ---- | C] () -- C:\Users\Dell\Desktop\Infinity_by_Tarin_Yuangtrakul.rar
[2014-08-13 18:48:26 | 000,187,146 | ---- | C] () -- C:\Users\Dell\Desktop\Nord™ Typefamily.zip
[2014-08-13 18:47:39 | 000,008,041 | ---- | C] () -- C:\Users\Dell\Desktop\Komoda.zip
[2014-08-13 18:47:02 | 000,048,546 | ---- | C] () -- C:\Users\Dell\Desktop\Elegant Lux Mager.zip
[2014-08-13 18:46:23 | 005,766,338 | ---- | C] () -- C:\Users\Dell\Desktop\futuracha.eps
[2014-06-29 18:31:45 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2014-06-25 18:43:20 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2014-06-25 18:12:59 | 001,637,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014-06-25 13:05:23 | 000,000,132 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe
[2014-06-21 00:13:48 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-11-20 05:27:26 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-11-20 04:21:20 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]


[color=#E56717]========== Purity Check ==========[/color]



< End of report >


Extras
Kod: Zaznacz wszystko
OTL Extras logfile created on: 2014-09-08 09:58:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dell\Desktop\!!!!Czysczenie
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,87 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 48,38% Memory free
7,73 Gb Paging File | 5,01 Gb Available in Paging File | 64,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 126,46 Gb Free Space | 64,75% Space Free | Partition Type: NTFS
Drive D: | 270,35 Gb Total Space | 112,80 Gb Free Space | 41,72% Space Free | Partition Type: NTFS

Computer Name: DELL-KOMPUTER | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [ChomikBox.Upload] -- "C:\Program Files (x86)\ChomikBox\\ChomikBox.exe" -u"%1" ( )
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [napiprojekt] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" ()
Directory [napiprojekt0] -- "C:\Program Files (x86)\NapiProjekt\napisy.exe" "%1" -pobierz_ang ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5BF8399C-5286-4F1D-A339-B1418B09759A}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{84BFE9E8-10D2-4BBE-B1FF-AD648E185804}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03260C4F-527C-4204-B7D6-C066B38197DE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{1540C57A-DEEB-420C-B5FE-D6D31927857D}" = protocol=17 | dir=in | app=c:\program files (x86)\napiprojekt\napisy.exe |
"{1B16FA1A-9208-4B5B-A6BD-CF42B8E43DB5}" = protocol=6 | dir=in | app=c:\program files (x86)\napiprojekt\napisy.exe |
"{1C974472-B603-4340-A42C-316D27B8E477}" = protocol=17 | dir=in | app=c:\users\dell\appdata\roaming\utorrent\utorrent.exe |
"{597AC82D-F092-46F0-B01A-E63A6923E16B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5B1CB9DE-958B-43D8-B326-C2F5BB61F4A1}" = protocol=6 | dir=in | app=c:\users\dell\appdata\roaming\utorrent\utorrent.exe |
"{6C7009E4-7DDD-4AC1-8B9C-78C0D4448FCD}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{746DC671-006E-4CE6-99D4-4797A4548B29}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{781F0394-8CA2-4BA5-AF4C-1C0F1AB7B201}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{96A83176-7A0E-4E7F-96AA-5FB7A2CE66C9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{9B49B961-CB48-4B36-BC3C-FEFB6556761A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D782DFE0-4E70-4D65-AC80-7C6B32EDF88D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{E9D6EAAF-BBCE-4135-ADE9-E7DF5F0D89C9}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{ED678125-8C56-4DFB-8E16-52E8F58EA82C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"TCP Query User{74F29A7F-FF97-429B-9E4F-F82B27A0BA4C}C:\users\dell\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dell\appdata\roaming\spotify\spotify.exe |
"TCP Query User{9FE0C869-FE2C-42CA-8F34-8118559A5447}C:\users\dell\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\dell\appdata\roaming\spotify\spotify.exe |
"UDP Query User{83AB0CDC-B8FE-4F6A-8716-59C54ACD8ECE}C:\users\dell\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dell\appdata\roaming\spotify\spotify.exe |
"UDP Query User{CBCC5596-BD8B-4AFF-91FA-17E9071B23D8}C:\users\dell\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\dell\appdata\roaming\spotify\spotify.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86418005FF}" = Java 8 Update 5 (64-bit)
"{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}" = iTunes
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack
"{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{90150000-0015-0409-1000-0000000FF1CE}" = Microsoft Access MUI (English) 2013
"{90150000-0016-0409-1000-0000000FF1CE}" = Microsoft Excel MUI (English) 2013
"{90150000-0018-0409-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (English) 2013
"{90150000-0019-0409-1000-0000000FF1CE}" = Microsoft Publisher MUI (English) 2013
"{90150000-001A-0409-1000-0000000FF1CE}" = Microsoft Outlook MUI (English) 2013
"{90150000-001B-0409-1000-0000000FF1CE}" = Microsoft Word MUI (English) 2013
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office - Français
"{90150000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Español
"{90150000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2013
"{90150000-0044-0409-1000-0000000FF1CE}" = Microsoft InfoPath MUI (English) 2013
"{90150000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2013
"{90150000-0090-0409-1000-0000000FF1CE}" = Microsoft DCF MUI (English) 2013
"{90150000-00A1-0409-1000-0000000FF1CE}" = Microsoft OneNote MUI (English) 2013
"{90150000-00BA-0409-1000-0000000FF1CE}" = Microsoft Groove MUI (English) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2013
"{90150000-00E1-0409-1000-0000000FF1CE}" = Microsoft Office OSM MUI (English) 2013
"{90150000-00E2-0409-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (English) 2013
"{90150000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2013
"{90150000-0117-0409-1000-0000000FF1CE}" = Microsoft Access Setup Metadata MUI (English) 2013
"{90150000-012B-0409-1000-0000000FF1CE}" = Microsoft Lync MUI (English) 2013
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DW WLAN Card Utility" = DW WLAN Card Utility
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"Office15.PROPLUS" = Microsoft Office Professional Plus 2013
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR 5.01 (64-bitowy)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}" = Obsługa programów Apple
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4D5056-3700-A76A-76A7-A758B70C1001}" = KMP Media Toolbar
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{653C1B5A-3287-47B1-8613-0745D4E771C4}" = Kaspersky Internet Security
"{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1" = Gyazo 2.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{857CC5F0-040E-1016-A173-D55ADD80C260}" = Adobe InDesign CS5.5
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9B97EC91-B3FD-4BFF-88FC-5345A26AC2E7}" = Adobe Illustrator CS5
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1045-7B44-AB0000000001}" = Adobe Reader XI (11.0.08) - Polish
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C7B52FAF-58D8-438C-B810-F78C3C927504}" = ChomikBox
"{CFB770D7-8D43-1014-922B-CC2715FADE3F}" = Adobe InDesign CS6
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"Google Chrome" = Google Chrome
"InstallWIX_{653C1B5A-3287-47B1-8613-0745D4E771C4}" = Kaspersky Internet Security
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.5.5 Full
"NapiProjekt_is1" = NapiProjekt (2.2.0.2399)
"Samsung ML-1660 Series" = Konserwacja programu Samsung ML-1660 Series
"The KMPlayer" = The KMPlayer (remove only)
"WindowsProtectManger" = WindowsProtectManger20.0.0.401

[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color]

[HKEY_USERS\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 2014-09-08 04:00:45 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1092

Error - 2014-09-08 04:00:46 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2014-09-08 04:00:46 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2122

Error - 2014-09-08 04:00:46 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2122

Error - 2014-09-08 04:00:47 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2014-09-08 04:00:47 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3136

Error - 2014-09-08 04:00:47 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3136

Error - 2014-09-08 04:00:49 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 2014-09-08 04:00:49 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4306

Error - 2014-09-08 04:00:49 | Computer Name = Dell-Komputer | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4306

[ Broadcom Wireless LAN Events ]
Error - 2014-06-24 04:42:54 | Computer Name = Dell-Komputer | Source = WLAN-Tray | ID = 0
Description = 10:42:54, Tue, Jun 24, 14 Error - Error in WNetOpenEnum trying to disconnect
drives

Error - 2014-06-24 04:42:54 | Computer Name = Dell-Komputer | Source = WLAN-Tray | ID = 0
Description = 10:42:54, Tue, Jun 24, 14 Error - Error in WNetOpenEnum trying to disconnect
drives

Error - 2014-06-26 01:42:57 | Computer Name = Dell-Komputer | Source = WLAN-Tray | ID = 0
Description = 07:42:57, Thu, Jun 26, 14 Error - Error in WNetOpenEnum trying to disconnect
drives

Error - 2014-06-26 01:42:57 | Computer Name = Dell-Komputer | Source = WLAN-Tray | ID = 0
Description = 07:42:57, Thu, Jun 26, 14 Error - Error in WNetOpenEnum trying to disconnect
drives

Error - 2014-08-10 03:42:04 | Computer Name = Dell-Komputer | Source = WLAN-Tray | ID = 0
Description = 09:42:02, Sun, Aug 10, 14 Error - Unable to gain access to user store


[ System Events ]
Error - 2014-09-02 10:18:28 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu:   %%2

Error - 2014-09-02 10:18:28 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu:   %%2

Error - 2014-09-06 02:16:36 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu:   %%2

Error - 2014-09-06 02:16:36 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu:   %%2

Error - 2014-09-07 18:15:04 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu:   %%2

Error - 2014-09-07 18:15:07 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu:   %%2

Error - 2014-09-08 03:43:28 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu:   %%2

Error - 2014-09-08 03:43:30 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu:   %%2

Error - 2014-09-08 03:47:38 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi DgiVecp z powodu następującego błędu:   %%2

Error - 2014-09-08 03:47:44 | Computer Name = Dell-Komputer | Source = Service Control Manager | ID = 7000
Description = Nie można uruchomić usługi SSPORT z powodu następującego błędu:   %%2


< End of report >


Gmer log.

Kod: Zaznacz wszystko
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-08 11:13:17
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 HGST_HTS545050A7E380 rev.GG2OAC90 465,76GB
Running: 3u102nqp.exe; Driver: C:\Users\Dell\AppData\Local\Temp\aftciaob.sys


---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                 00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                               0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                      000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                      000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                              000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                              0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                             0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                    0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                   0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                  0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                          0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                      0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                      0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                           0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                  00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                        0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                        0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                    000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                    00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                   0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                   0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                       0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                       0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                          00000000774813e0 2 bytes [FF, 25]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                                                      00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                        0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                              0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                            00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                              0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                              0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                            00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                            00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                         00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                           00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                      00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                      00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                  00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\ChomikBox\chomikbox.exe[3324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                     00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                     00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                   0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                          000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                          000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                  000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                  0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                    0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                    0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                        0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                       0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                      0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                              0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                          0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                          0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                               0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                      00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                    00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                     000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                    0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                            0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                            0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                    0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                        000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                        00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                       0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                       0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                           0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                           0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                    0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                              00000000774813e0 2 bytes [FF, 25]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                                                          00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                            0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                  0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                    0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                    0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                  0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                  0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                             00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                               00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                          00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                          00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                    00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                      00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                    00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Gyazo\GyStation.exe[3804] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                         00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                              0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                     000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                     000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                             000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                             0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                            0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                               0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                               0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                   0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                  0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                 0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                         0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                     0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                     0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                          0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                 00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                               00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                               0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                       0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                       0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                               0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                   000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                   00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                  0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                  0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                      0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                      0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                               0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                         00000000774813e0 2 bytes [FF, 25]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                                     00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                       0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                             0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                           00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                               0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                               0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                             0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                             0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                           00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                           00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                        00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                          00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                     00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                     00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                               00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                 00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                               00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[504] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                    00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                 00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                               0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                      000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                      000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                              000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                              0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                             0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                    0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                   0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                  0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                          0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                      0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                      0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                           0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                  00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                        0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                        0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                    000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                    00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                   0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                   0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                       0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                       0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                          00000000774813e0 2 bytes [FF, 25]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                                                      00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                        0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                              0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                            00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                              0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                              0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                            00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                            00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                         00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                           00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                      00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                      00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                  00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iTunes\iTunesHelper.exe[5092] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                     00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                        00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                      0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                             000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                             000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                     000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                     0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                    0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                       0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                       0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                           0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                          0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                         0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                 0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                             0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                             0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                  0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                         00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                       00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                        000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                       0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                               0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                               0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                       0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                           000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                           00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                          0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                          0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                              0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                              0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                       0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                 00000000774813e0 2 bytes [FF, 25]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                             00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                               0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                     0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                   00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                       0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                       0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                     0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                     0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                   00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                   00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                  00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                             00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                             00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                       00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                         00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                       00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                            00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                              0000000075891465 2 bytes [89, 75]
.text    C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe[5104] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                             00000000758914bb 2 bytes [89, 75]
.text    ...                                                                                                                                                                                * 2
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                     00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                   0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                          000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                          000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                  000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                  0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                    0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                    0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                        0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                       0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                      0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                              0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                          0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                          0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                               0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                      00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                    00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                     000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                    0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                            0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                            0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                    0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                        000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                        00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                       0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                       0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                           0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                           0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                    0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                              00000000774813e0 2 bytes [FF, 25]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                                                          00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                            0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                  0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                    0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                    0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                  0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                  0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                             00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                               00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                          00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                          00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                    00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                      00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                    00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                         00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                           0000000075891465 2 bytes [89, 75]
.text    C:\Users\Dell\AppData\Local\VNT\vntldr.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                          00000000758914bb 2 bytes [89, 75]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                    00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                  0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                         000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                         000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                   0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                   0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                       0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                      0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                     0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                             0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                         0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                         0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                              0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                     00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                   00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                    000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                   0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                           0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                           0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                   0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                       000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                       00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                      0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                      0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                          0000000077433b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                          0000000077433d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                   0000000077434190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                             00000000774813e0 2 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                                         00000000774813e3 5 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                           0000000077481560 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                 0000000077481590 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                               00000000774816b0 8 bytes JMP 3f30953f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                   0000000077481760 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                   0000000077481d90 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                 0000000077481fe0 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 0000000077482840 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                               00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                               00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                            00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                              00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                         00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                         00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                   00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                     00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                   00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4796] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                        00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                    00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                  0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                         000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                         000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                   0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                   0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                       0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                      0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                     0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                             0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                         0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                         0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                              0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                     00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                   00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                    000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                   0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                           0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                           0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                   0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                       000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                       00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                      0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                      0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                          0000000077433b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                          0000000077433d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                   0000000077434190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                             00000000774813e0 2 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                                         00000000774813e3 5 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                           0000000077481560 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                 0000000077481590 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                               00000000774816b0 8 bytes JMP 3f30953f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                   0000000077481760 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                   0000000077481d90 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                 0000000077481fe0 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 0000000077482840 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                               00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                               00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                            00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                              00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                         00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                         00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                   00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                     00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                   00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4876] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                        00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                    00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                  0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                         000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                         000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                 000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                 0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                   0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                   0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                       0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                      0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                     0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                             0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                         0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                         0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                              0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                     00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                   00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                    000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                   0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                           0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                           0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                   0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                       000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                       00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                      0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                      0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                          0000000077433b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                          0000000077433d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                   0000000077434190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                             00000000774813e0 2 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                                         00000000774813e3 5 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                           0000000077481560 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                 0000000077481590 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                               00000000774816b0 8 bytes JMP 3f30953f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                   0000000077481760 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                   0000000077481d90 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                 0000000077481fe0 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                 0000000077482840 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                               00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                               00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                            00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                              00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                         00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                         00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                   00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                     00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                   00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2548] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                        00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                     00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                   0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                          000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                          000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                  000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                  0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                    0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                    0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                        0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                       0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                      0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                              0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                          0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                          0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                               0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                      00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                    00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                     000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                    0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                            0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                            0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                    0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                        000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                        00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                       0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                       0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                           0000000077433b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                           0000000077433d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                    0000000077434190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                              00000000774813e0 2 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                                          00000000774813e3 5 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                            0000000077481560 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                  0000000077481590 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                00000000774816b0 8 bytes JMP 3f30953f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                    0000000077481760 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                    0000000077481d90 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                  0000000077481fe0 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                  0000000077482840 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                             00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                               00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                          00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                          00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                    00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                      00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                    00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[216] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                         00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                                     00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                                   0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                          000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                          000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                  000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                                  0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                                 0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                    0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                                    0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                        0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                                       0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                                      0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                              0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                          0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                          0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                               0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                      00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                    00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                     000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                                    0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                            0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                            0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                                    0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                        000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                        00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                       0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                       0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                           0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                           0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                    0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                              00000000774813e0 2 bytes [FF, 25]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                                                                          00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                            0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                  0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                    0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                    0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                  0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                  0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                             00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                               00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                          00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                          00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                                    00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                                      00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                    00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[784] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                         00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                   00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                 0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                        000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                        000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                               0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                  0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                  0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                      0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                     0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                    0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                            0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                        0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                        0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578             0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                    00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                  00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79   000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176  0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299          0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367          0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                  0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                      000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                      00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                     0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                     0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197         0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611         0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                  0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                            00000000774813e0 2 bytes [FF, 25]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                        00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                          0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                              00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                  0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                  0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312              00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471              00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                           00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                             00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                        00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                        00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                  00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                    00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                  00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe[5160] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                       00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                           00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                         0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                        000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                        0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                       0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                          0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                          0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                              0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                             0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                            0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                    0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                     0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                            00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                          00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79           000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176          0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                  0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                  0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                          0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                              000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                              00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                             0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                             0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                 0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                 0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                          0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                    00000000774813e0 2 bytes [FF, 25]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                  0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                        0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                      00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                          0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                          0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                        0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                        0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                      00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                      00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                   00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                     00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                          00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                            00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                          00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe[5204] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                               00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                 00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                               0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                      000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                      000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                              000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                              0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                             0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                    0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                   0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                  0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                          0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                      0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                      0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                           0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                  00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                 000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                        0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                        0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                    000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                    00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                   0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                   0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                       0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                       0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                          00000000774813e0 2 bytes [FF, 25]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                      00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                        0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                              0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                            00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                              0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                              0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                            00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                            00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                         00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                           00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                      00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                      00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                  00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5404] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                     00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                              00000000774311f5 8 bytes {JMP 0xd}
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                            0000000077431390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                   000000007743143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                   000000007743158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                           000000007743191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                           0000000077431b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                          0000000077431bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                             0000000077431d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                             0000000077431eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                 0000000077431edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                0000000077431f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                               0000000077431fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                       0000000077431fd7 8 bytes {JMP 0xb}
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                   0000000077432272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                   0000000077432301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                        0000000077432792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                               00000000774327b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                             00000000774327d2 8 bytes {JMP 0x10}
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                              000000007743282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                             0000000077432890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 2
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                     0000000077432d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                     0000000077432d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                * 3
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                             0000000077433023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                 000000007743323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                 00000000774333c0 16 bytes {JMP 0x4e}
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                0000000077433a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                0000000077433ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                    0000000077433b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                    0000000077433d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                             0000000077434190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                       00000000774813e0 2 bytes [FF, 25]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread + 3                                                                   00000000774813e3 5 bytes [2A, FB, FF, 90, 90]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                     0000000077481560 8 bytes {JMP QWORD [RIP-0x4d4f8]}
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                           0000000077481590 8 bytes {JMP QWORD [RIP-0x4da11]}
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                         00000000774816b0 8 bytes {JMP QWORD [RIP-0x4d807]}
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                             0000000077481760 8 bytes {JMP QWORD [RIP-0x4da43]}
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                             0000000077481d90 8 bytes {JMP QWORD [RIP-0x4dc06]}
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                           0000000077481fe0 8 bytes {JMP QWORD [RIP-0x4deb5]}
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                           0000000077482840 8 bytes {JMP QWORD [RIP-0x4e7d0]}
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                         00000000735c13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                         00000000735c146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                      00000000735c16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                        00000000735c16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                   00000000735c19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                   00000000735c19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                             00000000735c1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                               00000000735c1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                             00000000735c1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Dell\Desktop\!!!!Czysczenie\3u102nqp.exe[5800] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                  00000000735c1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- Kernel IAT/EAT - GMER 2.1 ----

IAT      C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback]                                                                                                                    [fffff880046a2ec0] \SystemRoot\system32\DRIVERS\klif.sys [PAGE]

---- Threads - GMER 2.1 ----

Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [4044:3932]                                                                                                                     000007fefb862ab8
Thread   C:\Program Files\Windows Media Player\wmpnetwk.exe [4044:4472]                                                                                                                     000007fef7f75124
Thread   C:\Windows\System32\svchost.exe [5488:5676]                                                                                                                                        000007feee719688
---- Processes - GMER 2.1 ----

Library  C:\Users\Dell\AppData\Local\VNT\vntsrv.dll (*** suspicious ***) @ C:\Users\Dell\AppData\Local\VNT\vntldr.exe [4404] (Virtual New Tab Server/APN LLC.)(2014-07-18 05:36:53)         0000000066f10000

---- EOF - GMER 2.1 ----
SnoopG
~user
 
Posty: 4
Dołączenie: 22 Kwi 2013, 14:20



Search.conduit + 4 strony startowe

Postprzez ordynat 08 Wrz 2014, 13:06

1) Odinstaluj:
"WindowsProtectManger" = WindowsProtectManger20.0.0.401

2) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ, a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ, to kliknij na niego.
Daj z tego raport C:\AdwCleaner\AdwCleaner[S].txt.

3) Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:
:OTL
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~2.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SupTab\SEARCH~1.DLL) - File not found
O4 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000..\Run: [AdobeBridge] File not found
O4 - HKLM..\Run: [VNT] C:\Program Files (x86)\VNT\vntldr.exe (APN LLC.)
O4 - HKLM..\Run: [ApnTBMon] C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [fst_pl_141] File not found
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
CHR - homepage: http://www.searchya.com/?s=0&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByD0EtB0F0C0E0CtBtDtBtN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1396349096
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1403544030&from=smt&uid=HGSTXHTS545050A7E380_TM85014C03BTJL03BTJLX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1403544030&from=smt&uid=HGSTXHTS545050A7E380_TM85014C03BTJL03BTJLX&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1403544030&from=smt&uid=HGSTXHTS545050A7E380_TM85014C03BTJL03BTJLX&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1403544030&from=smt&uid=HGSTXHTS545050A7E380_TM85014C03BTJL03BTJLX&q={searchTerms}
DRV:64bit: - [2014-06-13 13:36:28 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys -- ({57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64)
SRV - [2014-06-12 01:42:22 | 000,591,776 | ---- | M] (Fuyu LIMITED) [Auto | Running] -- C:\ProgramData\WindowsProtectManger\wprotectmanager.exe -- (WindowsProtectManger)
SRV - [2014-08-22 23:56:12 | 000,166,296 | ---- | M] (APN LLC.) [Auto | Running] -- C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe -- (APNMCP)

:Files
C:\Program Files (x86)\AskPartnerNetwork

:Reg
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.
.
ordynat
~user
 
Posty: 4765
Dołączenie: 02 Kwi 2010, 11:18
Pochwały: 866



Search.conduit + 4 strony startowe

Postprzez SnoopG 08 Wrz 2014, 16:22

WindowsProtectManger20.0.0.401 z poziomu panelu sterowania nie da się usunąć. Gdy klikam Odinstaluj/zmień to wyskakuje komunikat Program WindowsProtectManger przestał działać i albo mogę zamknąć albo szukać rozwiązania online lecz to też nie skuteczne

to wyskoczyło po restarcie komputera po użyciu AdwCCleaner
Kod: Zaznacz wszystko
# AdwCleaner v3.309 - Log utworzony 08/09/2014 o 15:56:50
# Aktualizacja 02/09/2014 przez Xplode
# System operacyjny : Windows 7 Professional Service Pack 1 (64 bits)
# Użytkownik : Dell - DELL-KOMPUTER
# Ścieżka : C:\Users\Dell\Desktop\!!!!Czysczenie\AdwCleaner.exe
# Opcja : Usuń

***** [ Usługi ] *****

Usługa Usunięto : APNMCP
Usługa Usunięto : WindowsProtectManger
Usługa Usunięto : {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64

***** [ Pliki / Foldery ] *****

Folder Usunięto : C:\ProgramData\apn
Folder Usunięto : C:\ProgramData\AskPartnerNetwork
Folder Usunięto : C:\ProgramData\IePluginServices
Folder Usunięto : C:\ProgramData\WindowsProtectManger
Folder Usunięto : C:\Program Files (x86)\AskPartnerNetwork
Folder Usunięto : C:\Program Files (x86)\predm
Folder Usunięto : C:\Program Files (x86)\SupTab
Folder Usunięto : C:\Program Files (x86)\VNT
Folder Usunięto : C:\Users\Dell\AppData\Local\AskPartnerNetwork
Folder Usunięto : C:\Users\Dell\AppData\Local\VNT
Folder Usunięto : C:\Users\Dell\AppData\Local\Temp\apn
Folder Usunięto : C:\Users\Dell\AppData\Local\Temp\NetCrawl
Plik Usunięto : C:\Windows\System32\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys

***** [ Zadania ] *****


***** [ Skróty ] *****


***** [ Rejestr ] *****

Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASAPI32
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASMANCS
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Wartość Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [VNT]
Klucz Usunięto : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Klucz Usunięto : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klucz Usunięto : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Klucz Usunięto : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Klucz Usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Klucz Usunięto : HKCU\Software\AskPartnerNetwork
Klucz Usunięto : HKCU\Software\FreeSoftToday
Klucz Usunięto : HKCU\Software\InstallCore
Klucz Usunięto : HKCU\Software\TutoTag
Klucz Usunięto : HKLM\SOFTWARE\AskPartnerNetwork
Klucz Usunięto : HKLM\SOFTWARE\free_softtoday
Klucz Usunięto : HKLM\SOFTWARE\omiga-plusSoftware
Klucz Usunięto : HKLM\SOFTWARE\SupDp
Klucz Usunięto : HKLM\SOFTWARE\SupTab
Klucz Usunięto : HKLM\SOFTWARE\supWindowsProtectManger
Klucz Usunięto : HKLM\SOFTWARE\Tutorials
Klucz Usunięto : HKLM\SOFTWARE\Wpm
Klucz Usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsProtectManger
Dane Usunięto : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Dane Usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL

***** [ Przeglądarki internetowe ] *****

-\\ Internet Explorer v8.0.7601.17514

Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Ustawienie Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Ustawienie Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Ustawienie Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v37.0.2062.103

[ Plik : C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Usunięto [Search Provider] : hxxp://search.sweetim.com/search.asp?src=6&crg=3.09010003&st=12&q={searchTerms}&barid={12AB83A0-71E8-11E2-9749-E8113220C6CF}
Usunięto [Search Provider] : hxxp://search.v9.com/web/?q={searchTerms}
Usunięto [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=29CCBD86-9BF4-472E-8E64-0BC2D03268BE&apn_ptnrs=U3&apn_sauid=5035B0ED-BA02-4F47-9B23-8EDFC2778242&apn_dtid=OSJ000YYPL&q={searchTerms}
Usunięto [Search Provider] : hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
Usunięto [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3176921&SearchSource=48&CUI=UN30941257362372921&UM=2&sspv=SP_CHNSP08
Usunięto [Homepage] : hxxp://www.searchya.com/?s=0&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByD0EtB0F0C0E0CtBtDtBtN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1396349096

*************************

AdwCleaner[R0].txt - [5790 octets] - [08/09/2014 15:53:51]
AdwCleaner[S0].txt - [5242 octets] - [08/09/2014 15:56:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5302 octets] ##########


raport po wykonaniu skryptu :

Kod: Zaznacz wszystko
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SupTab\SEARCH~2.DLL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\SupTab\SEARCH~1.DLL deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2264383906-2646881478-72513527-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\VNT not found.
File C:\Program Files (x86)\VNT\vntldr.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnTBMon not found.
File C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\fst_pl_141 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Use Chrome's Settings page to change the HomePage.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Error: No service named {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64 was found to stop!
Service\Driver key {57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64 not found.
File C:\Windows\SysNative\drivers\{57f143ae-1ecd-493d-9ddb-32c45a3cecd5}Gw64.sys not found.
Error: No service named WindowsProtectManger was found to stop!
Service\Driver key WindowsProtectManger not found.
File C:\ProgramData\WindowsProtectManger\wprotectmanager.exe not found.
Error: No service named APNMCP was found to stop!
Service\Driver key APNMCP not found.
File C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\AskPartnerNetwork not found.
========== REGISTRY ==========
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Dell
->Temp folder emptied: 421531370 bytes
->Temporary Internet Files folder emptied: 12077069 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 452554878 bytes
->Flash cache emptied: 57485 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9302839 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50735 bytes
RecycleBin emptied: 7105961992 bytes

Total Files Cleaned = 7 631,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09082014_160302

Files\Folders moved on Reboot...
C:\Users\Dell\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Dell\AppData\Local\Temp\JET11BB.tmp not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


Nowe logi otl
Kod: Zaznacz wszystko
OTL logfile created on: 2014-09-08 16:07:57 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Dell\Desktop\!!!!Czysczenie
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

3,87 Gb Total Physical Memory | 2,39 Gb Available Physical Memory | 61,82% Memory free
7,73 Gb Paging File | 5,69 Gb Available in Paging File | 73,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,31 Gb Total Space | 132,48 Gb Free Space | 67,83% Space Free | Partition Type: NTFS
Drive D: | 270,35 Gb Total Space | 113,28 Gb Free Space | 41,90% Space Free | Partition Type: NTFS

Computer Name: DELL-KOMPUTER | User Name: Dell | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2014-09-08 09:54:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Dell\Desktop\!!!!Czysczenie\OTL.exe
PRC - [2014-08-30 04:49:43 | 000,852,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014-05-08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014-05-08 10:47:44 | 002,993,376 | ---- | M] (Nota Inc.) -- C:\Program Files (x86)\Gyazo\GyStation.exe
PRC - [2014-04-20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
PRC - [2014-04-20 16:15:18 | 000,192,160 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
PRC - [2014-04-20 01:41:12 | 000,860,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\plugin-nm-server.exe
PRC - [2014-04-20 01:41:10 | 000,359,104 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\klwtblfs.exe
PRC - [2014-03-11 07:04:00 | 006,033,408 | ---- | M] ( ) -- C:\Program Files (x86)\ChomikBox\chomikbox.exe
PRC - [2010-11-20 04:17:02 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
PRC - [2009-11-04 13:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009-11-04 13:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2014-08-30 04:49:41 | 000,331,592 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
MOD - [2014-08-30 04:49:38 | 008,577,864 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
MOD - [2014-08-30 04:49:33 | 001,098,056 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
MOD - [2014-08-30 04:49:31 | 000,174,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
MOD - [2014-08-30 04:49:30 | 001,660,232 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
MOD - [2014-04-23 16:05:12 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014-04-23 16:04:54 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2014-03-03 23:05:14 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\tsplugins\integration\chomikbox_win7.tsp
MOD - [2011-12-02 14:15:16 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstcontroller-0.10.dll
MOD - [2011-12-02 14:15:16 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstpbutils-0.10.dll
MOD - [2011-12-02 14:15:16 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstinterfaces-0.10.dll
MOD - [2011-12-02 14:15:14 | 001,520,128 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libvorbisenc-2.dll
MOD - [2011-12-02 14:15:14 | 000,718,336 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgnutls-26.dll
MOD - [2011-12-02 14:15:14 | 000,699,392 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstreamer-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,604,160 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgcrypt-11.dll
MOD - [2011-12-02 14:15:14 | 000,331,264 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libFLAC-8.dll
MOD - [2011-12-02 14:15:14 | 000,162,304 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libvorbis-0.dll
MOD - [2011-12-02 14:15:14 | 000,133,120 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgsttag-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,111,104 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\avutil-lgpl-50.dll
MOD - [2011-12-02 14:15:14 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstaudio-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,070,656 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstrtp-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,067,584 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libbz2.dll
MOD - [2011-12-02 14:15:14 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstapp-0.10.dll
MOD - [2011-12-02 14:15:14 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgpg-error-0.dll
MOD - [2011-12-02 14:15:14 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libogg-0.dll
MOD - [2011-12-02 14:15:06 | 000,228,864 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstdirectsound.dll
MOD - [2011-12-02 14:15:06 | 000,212,992 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstcoreelements.dll
MOD - [2011-12-02 14:15:06 | 000,197,632 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstplaybin.dll
MOD - [2011-12-02 14:15:06 | 000,180,736 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstffmpeg-lgpl.dll
MOD - [2011-12-02 14:15:06 | 000,151,040 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegdemux.dll
MOD - [2011-12-02 14:15:06 | 000,149,504 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstqtdemux.dll
MOD - [2011-12-02 14:15:06 | 000,132,608 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstogg.dll
MOD - [2011-12-02 14:15:06 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstqtmux.dll
MOD - [2011-12-02 14:15:06 | 000,095,232 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstasf.dll
MOD - [2011-12-02 14:15:06 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstdecodebin2.dll
MOD - [2011-12-02 14:15:06 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstaudioconvert.dll
MOD - [2011-12-02 14:15:06 | 000,077,312 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libtasn1-3.dll
MOD - [2011-12-02 14:15:06 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstflac.dll
MOD - [2011-12-02 14:15:06 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstasfmux.dll
MOD - [2011-12-02 14:15:06 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgsttypefindfunctions.dll
MOD - [2011-12-02 14:15:06 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegstream.dll
MOD - [2011-12-02 14:15:06 | 000,053,760 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstvorbis.dll
MOD - [2011-12-02 14:15:06 | 000,052,224 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstaudioresample.dll
MOD - [2011-12-02 14:15:06 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwavpack.dll
MOD - [2011-12-02 14:15:06 | 000,047,616 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegaudioparse.dll
MOD - [2011-12-02 14:15:06 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwavparse.dll
MOD - [2011-12-02 14:15:06 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegtsmux.dll
MOD - [2011-12-02 14:15:06 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstaiff.dll
MOD - [2011-12-02 14:15:06 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstrawparse.dll
MOD - [2011-12-02 14:15:06 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstinterleave.dll
MOD - [2011-12-02 14:15:06 | 000,035,328 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstreplaygain.dll
MOD - [2011-12-02 14:15:06 | 000,034,304 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstvolume.dll
MOD - [2011-12-02 14:15:06 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstdecodebin.dll
MOD - [2011-12-02 14:15:06 | 000,032,256 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstid3demux.dll
MOD - [2011-12-02 14:15:06 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstreal.dll
MOD - [2011-12-02 14:15:06 | 000,030,208 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstmpegpsmux.dll
MOD - [2011-12-02 14:15:06 | 000,029,184 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstautodetect.dll
MOD - [2011-12-02 14:15:06 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstequalizer.dll
MOD - [2011-12-02 14:15:06 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstneonhttpsrc.dll
MOD - [2011-12-02 14:15:06 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstcdxaparse.dll
MOD - [2011-12-02 14:15:06 | 000,022,016 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgsttta.dll
MOD - [2011-12-02 14:15:06 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstaudiorate.dll
MOD - [2011-12-02 14:15:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwasapi.dll
MOD - [2011-12-02 14:15:06 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstlevel.dll
MOD - [2011-12-02 14:15:06 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstauparse.dll
MOD - [2011-12-02 14:15:06 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstalaw.dll
MOD - [2011-12-02 14:15:06 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstspeed.dll
MOD - [2011-12-02 14:15:06 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwaveformsink.dll
MOD - [2011-12-02 14:15:06 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgsticydemux.dll
MOD - [2011-12-02 14:15:06 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstwaveenc.dll
MOD - [2011-12-02 14:15:06 | 000,015,360 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstapetag.dll
MOD - [2011-12-02 14:15:06 | 000,014,336 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstnetsim.dll
MOD - [2011-12-02 14:15:06 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstacmmp3dec.dll
MOD - [2011-12-02 14:15:06 | 000,012,288 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgststereo.dll
MOD - [2011-12-02 14:15:06 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstcoreindexers.dll
MOD - [2011-12-02 14:15:06 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\gplugins\libgstapp.dll
MOD - [2011-12-02 14:14:40 | 000,881,664 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\avformat-lgpl-52.dll
MOD - [2011-12-02 14:14:40 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libexpat-1.dll
MOD - [2011-12-02 14:14:40 | 000,085,504 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\z.dll
MOD - [2011-12-02 14:14:32 | 005,038,592 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\avcodec-lgpl-52.dll
MOD - [2011-12-02 14:14:32 | 001,396,736 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libxml2-2.dll
MOD - [2011-12-02 14:14:32 | 000,563,712 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\liborc-0.4-0.dll
MOD - [2011-12-02 14:14:32 | 000,253,440 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstbase-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libwavpack-1.dll
MOD - [2011-12-02 14:14:32 | 000,125,952 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libneon-27.dll
MOD - [2011-12-02 14:14:32 | 000,070,144 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstrtsp-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,041,984 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstriff-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,038,912 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstvideo-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\libgstsdp-0.10.dll
MOD - [2011-12-02 14:14:32 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\ChomikBox\avcore-lgpl-0.dll


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:[b]64bit:[/b] - [2014-06-25 18:41:47 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:[b]64bit:[/b] - [2014-06-21 00:19:27 | 000,033,280 | ---- | M] () [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:[b]64bit:[/b] - [2010-04-07 04:35:04 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\stacsv64.exe -- (STacSV)
SRV:[b]64bit:[/b] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2009-07-14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009-03-03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe -- (AESTFilters)
SRV - [2014-07-09 02:58:36 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014-05-08 15:48:38 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014-04-20 16:15:58 | 000,233,552 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe -- (AVP15.0.0)
SRV - [2014-04-03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010-04-07 04:35:04 | 000,247,808 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\STacSV64.exe -- (STacSV)
SRV - [2010-03-18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010-02-19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009-11-04 13:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009-11-04 13:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009-03-03 02:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d550fa1f2cf8996d\AESTSr64.exe -- (AESTFilters)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:[b]64bit:[/b] - [2014-09-08 00:38:36 | 000,792,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:[b]64bit:[/b] - [2014-09-08 00:38:36 | 000,140,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt)
DRV:[b]64bit:[/b] - [2014-06-21 00:19:27 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:[b]64bit:[/b] - [2014-06-21 00:19:26 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2014-04-10 17:25:34 | 000,243,808 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk)
DRV:[b]64bit:[/b] - [2014-03-28 17:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:[b]64bit:[/b] - [2014-03-26 17:05:28 | 000,179,296 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:[b]64bit:[/b] - [2014-03-25 16:26:04 | 000,055,904 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:[b]64bit:[/b] - [2014-02-25 13:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:[b]64bit:[/b] - [2014-02-20 12:59:04 | 000,457,824 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:[b]64bit:[/b] - [2013-08-08 17:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:[b]64bit:[/b] - [2013-04-12 15:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd)
DRV:[b]64bit:[/b] - [2013-03-18 16:51:08 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2012-08-21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2010-11-20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010-11-20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010-11-20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010-11-20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010-11-20 01:37:44 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:[b]64bit:[/b] - [2010-04-07 04:35:04 | 000,505,344 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:[b]64bit:[/b] - [2010-03-04 21:43:00 | 000,346,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2010-02-27 07:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:[b]64bit:[/b] - [2010-01-28 06:25:04 | 000,086,120 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:[b]64bit:[/b] - [2009-12-10 19:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2009-09-17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009-07-14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009-07-29 00:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[color=#E56717]========== FireFox ==========[/color]

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.5.2: C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-08 00:11:39 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-08 00:11:41 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-08 00:11:42 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-09-08 00:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-09-08 00:11:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-09-08 00:38:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-09-08 00:11:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-09-08 00:11:41 | 000,000,000 | ---D | M]

[2014-01-21 20:07:48 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll

[color=#E56717]========== Chrome  ==========[/color]

CHR - default_search_provider:  (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.searchya.com/?s=0&a=foxtab&chnl=ft-100&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByD0EtB0F0C0E0CtBtDtBtN0D0Tzu0CtBtBtAtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1396349096
CHR - plugin: Error reading preferences file
CHR - Extension: KMP Media Toolbar = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaipkbmjkakicapiinmamgjlkaeehh\45.6_0\
CHR - Extension: Dokumenty Google = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: Dysk Google = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Kingdom Rush = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckmfhhjalnddapegkbbohfaodgbnocim\1.1.0.1_0\
CHR - Extension: Szukaj w Google = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Kaspersky Protection = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho\4.0.9.130_0\
CHR - Extension: Ocean Pacific = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecaabliejjdikjnkahhikeelbblahgoi\3_0\
CHR - Extension: AdBlock = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.7.13_0\
CHR - Extension: Rozszerzenie Subskrypcje RSS (od Google) = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.4_0\
CHR - Extension: Google Wallet = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Dell\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O4:[b]64bit:[/b] - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000..\Run: [ChomikBox] C:\Program Files (x86)\ChomikBox\chomikbox.exe ( )
O4 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000..\Run: [Gyazo] C:\Program Files (x86)\Gyazo\GyStation.exe (Nota Inc.)
O4 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000..\Run: [uTorrent] C:\Users\Dell\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2264383906-2646881478-72513527-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:  =
O8:[b]64bit:[/b] - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()
O8 - Extra context menu item: Dodaj do listy blokowanych banerów - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\ie_banner_deny.htm ()
O9:[b]64bit:[/b] - Extra Button: Klawiatura wirtualna - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:[b]64bit:[/b] - Extra Button: Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Klawiatura wirtualna - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Sprawdzanie adresów internetowych - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF4BDEC9-0547-4347-BFA5-6483D5BFD1BF}: DhcpNameServer = 192.168.1.1 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2014-06-25 17:58:08 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2014-09-08 16:03:02 | 000,000,000 | ---D | C] -- C:\_OTL
[2014-09-08 15:54:25 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\SysWow64\sqlite3.dll
[2014-09-08 15:53:48 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014-09-08 09:51:43 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\!!!!Czysczenie
[2014-09-08 00:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
[2014-09-08 00:10:35 | 000,792,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014-09-08 00:10:35 | 000,243,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klhk.sys
[2014-09-08 00:10:35 | 000,140,352 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014-09-02 18:18:23 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\ps_actions_12_by_blaxbla-d3fkia2
[2014-09-02 18:18:19 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\action_pack_4___free_by_lomita-d2h13uv
[2014-09-02 18:18:13 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\portrait_action_by_provity-d2trsx8
[2014-09-02 18:18:02 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\50_photoshop_portrait_actions
[2014-09-01 23:14:18 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\Adobe Acrobat XI Pro 11.0.0 RePack
[2014-09-01 23:06:08 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\Adobe Photoshop CS6 13.0.1 Final  Multilanguage (cracked dll) [ChingLiu]
[2014-08-31 09:29:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2014-08-31 09:03:01 | 000,000,000 | ---D | C] -- C:\Users\Dell\Desktop\PS

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2014-09-08 16:12:05 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014-09-08 16:12:05 | 000,020,688 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014-09-08 16:05:05 | 000,001,040 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014-09-08 16:04:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014-09-08 16:04:43 | 3113,164,800 | -HS- | M] () -- C:\hiberfil.sys
[2014-09-08 15:58:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014-09-08 15:32:00 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014-09-08 09:45:41 | 000,002,330 | ---- | M] () -- C:\Users\Dell\Desktop\Bezpieczne pieniądze.lnk
[2014-09-08 00:38:36 | 000,792,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2014-09-08 00:38:36 | 000,140,352 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2014-09-08 00:12:08 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2014-09-08 00:04:25 | 000,000,163 | ---- | M] () -- C:\Users\Dell\Desktop\CBIT1-140905-12527-04.zip
[2014-09-06 08:16:23 | 005,754,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014-09-05 20:20:45 | 000,425,984 | ---- | M] () -- C:\Users\Dell\Documents\Untitled-1.indd
[2014-09-05 06:44:07 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014-09-04 07:47:32 | 000,510,501 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 3.JPG
[2014-09-04 07:47:32 | 000,477,163 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 5.JPG
[2014-09-04 07:47:32 | 000,417,763 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 2.JPG
[2014-09-04 07:47:32 | 000,371,544 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 4.JPG
[2014-09-04 07:47:32 | 000,350,314 | ---- | M] () -- C:\Users\Dell\Desktop\zdjęcie 1.JPG
[2014-09-04 07:46:54 | 002,095,433 | ---- | M] () -- C:\Users\Dell\Desktop\Gmail.zip
[2014-09-03 18:41:55 | 001,201,894 | ---- | M] () -- C:\Users\Dell\Desktop\wq.pdf
[2014-09-02 22:26:25 | 003,203,763 | ---- | M] () -- C:\Users\Dell\Desktop\vxcvxcxvc.png
[2014-09-02 22:26:19 | 000,000,132 | ---- | M] () -- C:\Users\Dell\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe
[2014-09-02 22:25:51 | 000,241,309 | ---- | M] () -- C:\Users\Dell\Desktop\138234ef2d52e2caf6d5001a3736c207.png
[2014-09-02 22:25:07 | 000,252,640 | ---- | M] () -- C:\Users\Dell\Desktop\40706aa1b8b59c75c42089173fb0bce5.jpg
[2014-09-02 22:24:54 | 000,240,444 | ---- | M] () -- C:\Users\Dell\Desktop\8c88175f0873b3c59fcf9d21ef4bdda4.jpg
[2014-09-02 22:21:18 | 206,218,934 | ---- | M] () -- C:\Users\Dell\Desktop\IMG_0541.psd
[2014-09-02 22:17:20 | 000,236,588 | ---- | M] () -- C:\Users\Dell\Desktop\281d0fa23e3765b16c8cd1dacb82dde4.jpg
[2014-09-02 22:15:03 | 000,095,296 | ---- | M] () -- C:\Users\Dell\Desktop\tumblr_mx8v07youX1ry9ihzo1_500.jpg
[2014-09-02 22:14:09 | 000,117,208 | ---- | M] () -- C:\Users\Dell\Desktop\70ce197a10b42dc5cd84f6dd4ce6892d.jpg
[2014-09-02 22:13:19 | 000,030,455 | ---- | M] () -- C:\Users\Dell\Desktop\dolla-dolla-bill-yall-sloth-meme.jpg
[2014-09-02 22:13:08 | 000,320,860 | ---- | M] () -- C:\Users\Dell\Desktop\new_sloth_face_0914b.jpg
[2014-09-02 22:12:10 | 004,409,720 | ---- | M] () -- C:\Users\Dell\Desktop\santa_muerte__negra__by_sblokrew-d5agbuq (1).jpg
[2014-09-02 22:11:41 | 000,182,710 | ---- | M] () -- C:\Users\Dell\Desktop\santa_muerte__negra__by_sblokrew-d5agbuq.jpg
[2014-09-02 22:09:47 | 000,044,925 | ---- | M] () -- C:\Users\Dell\Desktop\SlothTShirt_PirateSloth_Black_1.jpg
[2014-09-02 21:58:37 | 000,192,045 | ---- | M] () -- C:\Users\Dell\Desktop\347-Men_Sloth.jpg
[2014-09-02 21:55:34 | 032,498,035 | ---- | M] () -- C:\Users\Dell\Desktop\fdggf.png
[2014-09-02 21:39:19 | 004,035,734 | ---- | M] () -- C:\Users\Dell\Desktop\IMG_054re1.png
[2014-09-02 21:34:07 | 003,398,006 | ---- | M] () -- C:\Users\Dell\Desktop\IMG_0541.png
[2014-09-02 21:16:00 | 025,419,924 | ---- | M] () -- C:\Users\Dell\Desktop\okladka.ai
[2014-09-02 20:00:51 | 006,558,343 | ---- | M] () -- C:\Users\Dell\Desktop\fgd.jpg
[2014-09-02 19:52:23 | 001,536,401 | ---- | M] () -- C:\Users\Dell\Desktop\fgd - Kopia.jpg
[2014-09-02 19:37:12 | 006,469,236 | ---- | M] () -- C:\Users\Dell\Desktop\_DSCd9339.jpg
[2014-09-02 18:14:25 | 000,000,505 | ---- | M] () -- C:\Users\Dell\Desktop\ps_actions_12_by_blaxbla-d3fkia2.rar
[2014-09-02 18:14:09 | 000,694,174 | ---- | M] () -- C:\Users\Dell\Desktop\portrait_action_by_provity-d2trsx8.zip
[2014-09-02 18:14:00 | 000,001,467 | ---- | M] () -- C:\Users\Dell\Desktop\action_pack_4___free_by_lomita-d2h13uv.zip
[2014-09-02 18:08:20 | 000,024,559 | ---- | M] () -- C:\Users\Dell\Desktop\caitlins_actions__by_mumbojumbo89.atn
[2014-09-02 18:06:34 | 000,008,673 | ---- | M] () -- C:\Users\Dell\Desktop\50_photoshop_portrait_actions.zip
[2014-09-02 17:14:32 | 011,743,431 | ---- | M] () -- C:\Users\Dell\Desktop\okadkafxmag.zip
[2014-09-02 17:13:40 | 004,043,973 | ---- | M] () -- C:\Users\Dell\Desktop\_DSC9339.jpg
[2014-09-02 17:13:40 | 003,088,694 | ---- | M] () -- C:\Users\Dell\Desktop\_DSC9408.jpg
[2014-09-02 17:13:40 | 002,832,451 | ---- | M] () -- C:\Users\Dell\Desktop\_DSC9369.jpg
[2014-09-02 17:13:40 | 001,841,814 | ---- | M] () -- C:\Users\Dell\Desktop\_DSC9884.jpg
[2014-09-02 17:13:40 | 000,002,858 | ---- | M] () -- C:\Users\Dell\Desktop\image001.jpg
[2014-09-01 23:10:21 | 000,019,143 | ---- | M] () -- C:\Users\Dell\Desktop\Adobe_Photoshop_CS6_Extended_Final_CS6_13 0_x86x64_[PL]_[Crack][Torrenty.org].torrent
[2014-09-01 23:08:52 | 000,014,730 | ---- | M] () -- C:\Users\Dell\Desktop\Adobe_Photoshop_CS6_v13 0_Extended_Final_x86_x64_[PL]_[Crack][Armaros-torrenty org][Torrenty.org].torrent
[2014-09-01 01:06:41 | 000,403,601 | ---- | M] () -- C:\Users\Dell\Desktop\158210_original.jpg
[2014-08-31 17:05:38 | 002,101,596 | ---- | M] () -- C:\Users\Dell\Desktop\IMG_0541.JPG
[2014-08-31 09:11:23 | 001,343,611 | ---- | M] () -- C:\Users\Dell\Desktop\tatuaz.ai
[2014-08-31 08:56:46 | 001,662,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014-08-31 08:56:46 | 000,737,880 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat
[2014-08-31 08:56:46 | 000,652,048 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014-08-31 08:56:46 | 000,154,536 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat
[2014-08-31 08:56:46 | 000,120,980 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014-08-13 19:22:14 | 000,121,809 | ---- | M] () -- C:\Users\Dell\Desktop\jonathan-s-harris_praying-angel.zip
[2014-08-13 18:55:23 | 000,140,836 | ---- | M] () -- C:\Users\Dell\Desktop\Infinity_by_Tarin_Yuangtrakul.rar
[2014-08-13 18:48:29 | 000,187,146 | ---- | M] () -- C:\Users\Dell\Desktop\Nord™ Typefamily.zip
[2014-08-13 18:47:40 | 000,008,041 | ---- | M] () -- C:\Users\Dell\Desktop\Komoda.zip
[2014-08-13 18:47:09 | 000,048,546 | ---- | M] () -- C:\Users\Dell\Desktop\Elegant Lux Mager.zip
[2014-08-13 18:46:27 | 005,766,338 | ---- | M] () -- C:\Users\Dell\Desktop\futuracha.eps

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2014-09-08 00:16:22 | 000,002,330 | ---- | C] () -- C:\Users\Dell\Desktop\Bezpieczne pieniądze.lnk
[2014-09-08 00:13:08 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
[2014-09-08 00:04:24 | 000,000,163 | ---- | C] () -- C:\Users\Dell\Desktop\CBIT1-140905-12527-04.zip
[2014-09-05 20:20:43 | 000,425,984 | ---- | C] () -- C:\Users\Dell\Documents\Untitled-1.indd
[2014-09-04 07:50:28 | 000,510,501 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 3.JPG
[2014-09-04 07:50:28 | 000,477,163 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 5.JPG
[2014-09-04 07:50:28 | 000,417,763 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 2.JPG
[2014-09-04 07:50:28 | 000,371,544 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 4.JPG
[2014-09-04 07:50:28 | 000,350,314 | ---- | C] () -- C:\Users\Dell\Desktop\zdjęcie 1.JPG
[2014-09-04 07:46:48 | 002,095,433 | ---- | C] () -- C:\Users\Dell\Desktop\Gmail.zip
[2014-09-03 18:41:47 | 001,201,894 | ---- | C] () -- C:\Users\Dell\Desktop\wq.pdf
[2014-09-02 22:26:17 | 003,203,763 | ---- | C] () -- C:\Users\Dell\Desktop\vxcvxcxvc.png
[2014-09-02 22:25:49 | 000,241,309 | ---- | C] () -- C:\Users\Dell\Desktop\138234ef2d52e2caf6d5001a3736c207.png
[2014-09-02 22:25:05 | 000,252,640 | ---- | C] () -- C:\Users\Dell\Desktop\40706aa1b8b59c75c42089173fb0bce5.jpg
[2014-09-02 22:24:47 | 000,240,444 | ---- | C] () -- C:\Users\Dell\Desktop\8c88175f0873b3c59fcf9d21ef4bdda4.jpg
[2014-09-02 22:20:48 | 206,218,934 | ---- | C] () -- C:\Users\Dell\Desktop\IMG_0541.psd
[2014-09-02 22:17:20 | 000,236,588 | ---- | C] () -- C:\Users\Dell\Desktop\281d0fa23e3765b16c8cd1dacb82dde4.jpg
[2014-09-02 22:14:59 | 000,095,296 | ---- | C] () -- C:\Users\Dell\Desktop\tumblr_mx8v07youX1ry9ihzo1_500.jpg
[2014-09-02 22:14:08 | 000,117,208 | ---- | C] () -- C:\Users\Dell\Desktop\70ce197a10b42dc5cd84f6dd4ce6892d.jpg
[2014-09-02 22:13:18 | 000,030,455 | ---- | C] () -- C:\Users\Dell\Desktop\dolla-dolla-bill-yall-sloth-meme.jpg
[2014-09-02 22:13:07 | 000,320,860 | ---- | C] () -- C:\Users\Dell\Desktop\new_sloth_face_0914b.jpg
[2014-09-02 22:12:06 | 004,409,720 | ---- | C] () -- C:\Users\Dell\Desktop\santa_muerte__negra__by_sblokrew-d5agbuq (1).jpg
[2014-09-02 22:11:39 | 000,182,710 | ---- | C] () -- C:\Users\Dell\Desktop\santa_muerte__negra__by_sblokrew-d5agbuq.jpg
[2014-09-02 22:09:43 | 000,044,925 | ---- | C] () -- C:\Users\Dell\Desktop\SlothTShirt_PirateSloth_Black_1.jpg
[2014-09-02 21:58:26 | 000,192,045 | ---- | C] () -- C:\Users\Dell\Desktop\347-Men_Sloth.jpg
[2014-09-02 21:46:11 | 032,498,035 | ---- | C] () -- C:\Users\Dell\Desktop\fdggf.png
[2014-09-02 21:39:08 | 004,035,734 | ---- | C] () -- C:\Users\Dell\Desktop\IMG_054re1.png
[2014-09-02 21:33:47 | 003,398,006 | ---- | C] () -- C:\Users\Dell\Desktop\IMG_0541.png
[2014-09-02 21:28:04 | 002,101,596 | ---- | C] () -- C:\Users\Dell\Desktop\IMG_0541.JPG
[2014-09-02 21:15:59 | 025,419,924 | ---- | C] () -- C:\Users\Dell\Desktop\okladka.ai
[2014-09-02 20:00:16 | 001,536,401 | ---- | C] () -- C:\Users\Dell\Desktop\fgd - Kopia.jpg
[2014-09-02 19:52:14 | 006,558,343 | ---- | C] () -- C:\Users\Dell\Desktop\fgd.jpg
[2014-09-02 19:37:02 | 006,469,236 | ---- | C] () -- C:\Users\Dell\Desktop\_DSCd9339.jpg
[2014-09-02 18:14:23 | 000,000,505 | ---- | C] () -- C:\Users\Dell\Desktop\ps_actions_12_by_blaxbla-d3fkia2.rar
[2014-09-02 18:14:06 | 000,694,174 | ---- | C] () -- C:\Users\Dell\Desktop\portrait_action_by_provity-d2trsx8.zip
[2014-09-02 18:13:57 | 000,001,467 | ---- | C] () -- C:\Users\Dell\Desktop\action_pack_4___free_by_lomita-d2h13uv.zip
[2014-09-02 18:08:19 | 000,024,559 | ---- | C] () -- C:\Users\Dell\Desktop\caitlins_actions__by_mumbojumbo89.atn
[2014-09-02 18:06:21 | 000,008,673 | ---- | C] () -- C:\Users\Dell\Desktop\50_photoshop_portrait_actions.zip
[2014-09-02 17:35:46 | 004,043,973 | ---- | C] () -- C:\Users\Dell\Desktop\_DSC9339.jpg
[2014-09-02 17:35:46 | 003,088,694 | ---- | C] () -- C:\Users\Dell\Desktop\_DSC9408.jpg
[2014-09-02 17:35:46 | 002,832,451 | ---- | C] () -- C:\Users\Dell\Desktop\_DSC9369.jpg
[2014-09-02 17:35:46 | 001,841,814 | ---- | C] () -- C:\Users\Dell\Desktop\_DSC9884.jpg
[2014-09-02 17:35:46 | 000,002,858 | ---- | C] () -- C:\Users\Dell\Desktop\image001.jpg
[2014-09-02 17:13:39 | 011,743,431 | ---- | C] () -- C:\Users\Dell\Desktop\okadkafxmag.zip
[2014-09-02 16:55:26 | 000,001,075 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2014-09-02 16:54:36 | 000,001,207 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2014-09-02 16:53:35 | 000,001,037 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2014-09-01 23:10:19 | 000,019,143 | ---- | C] () -- C:\Users\Dell\Desktop\Adobe_Photoshop_CS6_Extended_Final_CS6_13 0_x86x64_[PL]_[Crack][Torrenty.org].torrent
[2014-09-01 23:08:42 | 000,014,730 | ---- | C] () -- C:\Users\Dell\Desktop\Adobe_Photoshop_CS6_v13 0_Extended_Final_x86_x64_[PL]_[Crack][Armaros-torrenty org][Torrenty.org].torrent
[2014-09-01 01:06:38 | 000,403,601 | ---- | C] () -- C:\Users\Dell\Desktop\158210_original.jpg
[2014-08-13 19:25:16 | 001,343,611 | ---- | C] () -- C:\Users\Dell\Desktop\tatuaz.ai
[2014-08-13 19:22:12 | 000,121,809 | ---- | C] () -- C:\Users\Dell\Desktop\jonathan-s-harris_praying-angel.zip
[2014-08-13 18:55:22 | 000,140,836 | ---- | C] () -- C:\Users\Dell\Desktop\Infinity_by_Tarin_Yuangtrakul.rar
[2014-08-13 18:48:26 | 000,187,146 | ---- | C] () -- C:\Users\Dell\Desktop\Nord™ Typefamily.zip
[2014-08-13 18:47:39 | 000,008,041 | ---- | C] () -- C:\Users\Dell\Desktop\Komoda.zip
[2014-08-13 18:47:02 | 000,048,546 | ---- | C] () -- C:\Users\Dell\Desktop\Elegant Lux Mager.zip
[2014-08-13 18:46:23 | 005,766,338 | ---- | C] () -- C:\Users\Dell\Desktop\futuracha.eps
[2014-06-29 18:31:45 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2014-06-25 18:43:20 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2014-06-25 18:12:59 | 001,637,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014-06-25 13:05:23 | 000,000,132 | ---- | C] () -- C:\Users\Dell\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe
[2014-06-21 00:13:48 | 000,218,200 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010-11-20 05:27:26 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010-11-20 04:21:20 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]


[color=#E56717]========== Purity Check ==========[/color]



< End of report >
SnoopG
~user
 
Posty: 4
Dołączenie: 22 Kwi 2013, 14:20



Search.conduit + 4 strony startowe

Postprzez ordynat 08 Wrz 2014, 16:33

Uruchom Google Chrome

> Naciśnij klawisze: lewy Alt+F i kliknij przycisk Ustawienia >

> Sekcja: Po uruchomieniu > wybierz: Otwórz konkretną stronę lub zestaw stron >
> Kliknij: Wybierz strony >
> Usuń: searchya.com, wpisz nowy adres strony głównej i kliknij przycisk OK.

Poza tym w nowym logu nie widzę już niczego podejrzanego, więc chyba możemy kończyć:
W Adw-Cleaner kliknij na przycisk Odinstaluj (UNINSTALL).
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.
.

Autor postu otrzymał pochwałę
ordynat
~user
 
Posty: 4765
Dołączenie: 02 Kwi 2010, 11:18
Pochwały: 866



Search.conduit + 4 strony startowe

Postprzez SnoopG 08 Wrz 2014, 16:44

wszystko zrobione.
Dziękuje za poświecony czas.
SnoopG
~user
 
Posty: 4
Dołączenie: 22 Kwi 2013, 14:20




Powróć do Bezpieczeństwo

Kto jest na forum

Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 6 gości