Spowolniona praca komputera; ginące pliki

**Posty:** 118 · przez **4_life** 04 Sty 2015, 14:34

Proszę o sprawdzenie logów w celu usunięcia opisanych usterek. Od jakiegoś czasu komputer chodzi wolniej niż normalnie. Dodatkowo często zdarza się, że giną mi pliki. Przykładowo zapisuję coś na dysku E i w programie je widzę, ale eksplorator windows ich nie widzi. Inna sprawa, że na pulpicie w ogóle nic nie mogę zapisywać. Nie mam również dostępu do plików systemowych.

Skany:

GMER:

Kod: Zaznacz wszystko: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-01-03 19:49:32 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST1000LM rev.2AR1 931,51GB Running: h0gtk74k.exe; Driver: C:\Users\Martynka\AppData\Local\Temp\pwddqpoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff960000f4300 7 bytes [00, A1, F3, FF, 41, B4, F0] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff960000f4308 3 bytes [00, 07, 02] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d73080 6 bytes {JMP QWORD [RIP+0x92ccfb0]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076da06a0 6 bytes {JMP QWORD [RIP+0x927f990]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076da0770 6 bytes {JMP QWORD [RIP+0x9a1f8c0]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da0870 6 bytes {JMP QWORD [RIP+0x98bf7c0]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076da08e0 6 bytes {JMP QWORD [RIP+0x999f750]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da0920 6 bytes {JMP QWORD [RIP+0x995f710]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076da09c0 6 bytes {JMP QWORD [RIP+0x99bf670]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da0a30 6 bytes {JMP QWORD [RIP+0x97bf600]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da0a50 6 bytes {JMP QWORD [RIP+0x993f5e0]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da0a90 6 bytes {JMP QWORD [RIP+0x983f5a0]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da0ae0 6 bytes {JMP QWORD [RIP+0x985f550]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 6 bytes {JMP QWORD [RIP+0x997f530]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076da0cf0 6 bytes {JMP QWORD [RIP+0x9a5f340]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076da0d00 6 bytes {JMP QWORD [RIP+0x977f330]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da0e00 6 bytes {JMP QWORD [RIP+0x975f230]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076da0ed0 6 bytes {JMP QWORD [RIP+0x98df160]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da0f10 6 bytes {JMP QWORD [RIP+0x97df120]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da0f80 6 bytes {JMP QWORD [RIP+0x979f0b0]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076da0fb0 6 bytes {JMP QWORD [RIP+0x981f080]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1010 6 bytes {JMP QWORD [RIP+0x97ff020]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076da1020 6 bytes {JMP QWORD [RIP+0x99df010]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1030 6 bytes {JMP QWORD [RIP+0x9a3f000]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da13a0 6 bytes {JMP QWORD [RIP+0x98fec90]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076da1430 6 bytes {JMP QWORD [RIP+0x99fec00]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da1ca0 6 bytes {JMP QWORD [RIP+0x991e390]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da1d20 6 bytes {JMP QWORD [RIP+0x987e310]} .text C:\Windows\system32\services.exe[856] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da1da0 6 bytes {JMP QWORD [RIP+0x989e290]} .text C:\Windows\system32\services.exe[856] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076c4db80 6 bytes {JMP QWORD [RIP+0x94124b0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d73080 6 bytes {JMP QWORD [RIP+0x92ccfb0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076da06a0 6 bytes {JMP QWORD [RIP+0x927f990]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076da0770 6 bytes {JMP QWORD [RIP+0x9a1f8c0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da0870 6 bytes {JMP QWORD [RIP+0x98bf7c0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076da08e0 6 bytes {JMP QWORD [RIP+0x999f750]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da0920 6 bytes {JMP QWORD [RIP+0x995f710]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076da09c0 6 bytes {JMP QWORD [RIP+0x99bf670]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da0a30 6 bytes {JMP QWORD [RIP+0x97bf600]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da0a50 6 bytes {JMP QWORD [RIP+0x993f5e0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da0a90 6 bytes {JMP QWORD [RIP+0x983f5a0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da0ae0 6 bytes {JMP QWORD [RIP+0x985f550]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 6 bytes {JMP QWORD [RIP+0x997f530]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076da0cf0 6 bytes {JMP QWORD [RIP+0x9a5f340]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076da0d00 6 bytes {JMP QWORD [RIP+0x977f330]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da0e00 6 bytes {JMP QWORD [RIP+0x975f230]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076da0ed0 6 bytes {JMP QWORD [RIP+0x98df160]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da0f10 6 bytes {JMP QWORD [RIP+0x97df120]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da0f80 6 bytes {JMP QWORD [RIP+0x979f0b0]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076da0fb0 6 bytes {JMP QWORD [RIP+0x981f080]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1010 6 bytes {JMP QWORD [RIP+0x97ff020]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076da1020 6 bytes {JMP QWORD [RIP+0x99df010]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1030 6 bytes {JMP QWORD [RIP+0x9a3f000]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da13a0 6 bytes {JMP QWORD [RIP+0x98fec90]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076da1430 6 bytes {JMP QWORD [RIP+0x99fec00]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da1ca0 6 bytes {JMP QWORD [RIP+0x991e390]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da1d20 6 bytes {JMP QWORD [RIP+0x987e310]} .text C:\Windows\system32\lsass.exe[880] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da1da0 6 bytes {JMP QWORD [RIP+0x989e290]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d73080 6 bytes {JMP QWORD [RIP+0x92ccfb0]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076da06a0 6 bytes {JMP QWORD [RIP+0x927f990]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076da0770 6 bytes {JMP QWORD [RIP+0x9a1f8c0]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da0870 6 bytes {JMP QWORD [RIP+0x98bf7c0]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076da08e0 6 bytes {JMP QWORD [RIP+0x999f750]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da0920 6 bytes {JMP QWORD [RIP+0x995f710]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076da09c0 6 bytes {JMP QWORD [RIP+0x99bf670]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da0a30 6 bytes {JMP QWORD [RIP+0x97bf600]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da0a50 6 bytes {JMP QWORD [RIP+0x993f5e0]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da0a90 6 bytes {JMP QWORD [RIP+0x983f5a0]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da0ae0 6 bytes {JMP QWORD [RIP+0x985f550]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 6 bytes {JMP QWORD [RIP+0x997f530]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076da0cf0 6 bytes {JMP QWORD [RIP+0x9a5f340]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076da0d00 6 bytes {JMP QWORD [RIP+0x977f330]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da0e00 6 bytes {JMP QWORD [RIP+0x975f230]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076da0ed0 6 bytes {JMP QWORD [RIP+0x98df160]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da0f10 6 bytes {JMP QWORD [RIP+0x97df120]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da0f80 6 bytes {JMP QWORD [RIP+0x979f0b0]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076da0fb0 6 bytes {JMP QWORD [RIP+0x981f080]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1010 6 bytes {JMP QWORD [RIP+0x97ff020]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076da1020 6 bytes {JMP QWORD [RIP+0x99df010]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1030 6 bytes {JMP QWORD [RIP+0x9a3f000]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da13a0 6 bytes {JMP QWORD [RIP+0x98fec90]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076da1430 6 bytes {JMP QWORD [RIP+0x99fec00]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da1ca0 6 bytes {JMP QWORD [RIP+0x991e390]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da1d20 6 bytes {JMP QWORD [RIP+0x987e310]} .text C:\Windows\system32\svchost.exe[668] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da1da0 6 bytes {JMP QWORD [RIP+0x989e290]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d73080 6 bytes {JMP QWORD [RIP+0x92ccfb0]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076da06a0 6 bytes {JMP QWORD [RIP+0x927f990]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076da0770 6 bytes {JMP QWORD [RIP+0x9a1f8c0]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da0870 6 bytes {JMP QWORD [RIP+0x98bf7c0]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076da08e0 6 bytes {JMP QWORD [RIP+0x999f750]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da0920 6 bytes {JMP QWORD [RIP+0x995f710]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076da09c0 6 bytes {JMP QWORD [RIP+0x99bf670]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da0a30 6 bytes {JMP QWORD [RIP+0x97bf600]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da0a50 6 bytes {JMP QWORD [RIP+0x993f5e0]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da0a90 6 bytes {JMP QWORD [RIP+0x983f5a0]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da0ae0 6 bytes {JMP QWORD [RIP+0x985f550]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 6 bytes {JMP QWORD [RIP+0x997f530]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076da0cf0 6 bytes {JMP QWORD [RIP+0x9a5f340]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076da0d00 6 bytes {JMP QWORD [RIP+0x977f330]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da0e00 6 bytes {JMP QWORD [RIP+0x975f230]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076da0ed0 6 bytes {JMP QWORD [RIP+0x98df160]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da0f10 6 bytes {JMP QWORD [RIP+0x97df120]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da0f80 6 bytes {JMP QWORD [RIP+0x979f0b0]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076da0fb0 6 bytes {JMP QWORD [RIP+0x981f080]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1010 6 bytes {JMP QWORD [RIP+0x97ff020]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076da1020 6 bytes {JMP QWORD [RIP+0x99df010]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1030 6 bytes {JMP QWORD [RIP+0x9a3f000]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da13a0 6 bytes {JMP QWORD [RIP+0x98fec90]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076da1430 6 bytes {JMP QWORD [RIP+0x99fec00]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da1ca0 6 bytes {JMP QWORD [RIP+0x991e390]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da1d20 6 bytes {JMP QWORD [RIP+0x987e310]} .text C:\Windows\System32\svchost.exe[1060] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da1da0 6 bytes {JMP QWORD [RIP+0x989e290]} .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d73080 6 bytes {JMP QWORD [RIP+0x92ccfb0]} .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076da06a0 6 bytes {JMP QWORD [RIP+0x927f990]} .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076da0770 6 bytes JMP 58e4a01 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da0870 6 bytes JMP 98bf7a8 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076da08e0 6 bytes JMP 999f768 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da0920 6 bytes JMP bac41d1 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076da09c0 6 bytes JMP 7d .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da0a30 6 bytes JMP 442e681 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da0a50 6 bytes JMP 1cc0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da0a90 6 bytes JMP 1ce02c4 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da0ae0 6 bytes JMP 985f282 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 6 bytes JMP 561a34 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076da0cf0 6 bytes JMP 4d0045 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076da0d00 6 bytes {JMP QWORD [RIP+0x977f330]} .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da0e00 6 bytes JMP 76bfa00 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076da0ed0 6 bytes JMP 4273c0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da0f10 6 bytes JMP e3915a0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da0f80 6 bytes {JMP QWORD [RIP+0x979f0b0]} .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076da0fb0 6 bytes JMP 3f4d3f4d .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1010 6 bytes JMP b9ae81 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076da1020 6 bytes JMP 0 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1030 6 bytes JMP 897c919 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da13a0 6 bytes JMP 1011e7f .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076da1430 6 bytes {JMP QWORD [RIP+0x99fec00]} .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da1ca0 6 bytes JMP 719f678 .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da1d20 6 bytes JMP 31002e .text C:\Windows\System32\svchost.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da1da0 6 bytes JMP 470041 .text C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcb39055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\svchost.exe[1132] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcb453c0 5 bytes [FF, 25, 70, AC, 0A] .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d73080 6 bytes {JMP QWORD [RIP+0x92ccfb0]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076da06a0 6 bytes {JMP QWORD [RIP+0x927f990]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076da0770 6 bytes {JMP QWORD [RIP+0x9a1f8c0]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da0870 6 bytes {JMP QWORD [RIP+0x98bf7c0]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076da08e0 6 bytes {JMP QWORD [RIP+0x999f750]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da0920 6 bytes {JMP QWORD [RIP+0x995f710]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076da09c0 6 bytes {JMP QWORD [RIP+0x99bf670]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da0a30 6 bytes {JMP QWORD [RIP+0x97bf600]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da0a50 6 bytes {JMP QWORD [RIP+0x993f5e0]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da0a90 6 bytes JMP 1 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da0ae0 6 bytes {JMP QWORD [RIP+0x985f550]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 6 bytes {JMP QWORD [RIP+0x997f530]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076da0cf0 6 bytes {JMP QWORD [RIP+0x9a5f340]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076da0d00 6 bytes {JMP QWORD [RIP+0x977f330]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da0e00 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076da0ed0 6 bytes {JMP QWORD [RIP+0x98df160]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da0f10 6 bytes {JMP QWORD [RIP+0x97df120]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da0f80 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076da0fb0 6 bytes JMP 98100ac .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1010 6 bytes JMP 1 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076da1020 6 bytes {JMP QWORD [RIP+0x99df010]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1030 6 bytes {JMP QWORD [RIP+0x9a3f000]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da13a0 6 bytes {JMP QWORD [RIP+0x98fec90]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076da1430 6 bytes {JMP QWORD [RIP+0x99fec00]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da1ca0 6 bytes {JMP QWORD [RIP+0x991e390]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da1d20 6 bytes JMP 670061 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da1da0 6 bytes {JMP QWORD [RIP+0x989e290]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076c4db80 6 bytes {JMP QWORD [RIP+0x94124b0]} .text C:\Windows\system32\svchost.exe[1172] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcb39055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\svchost.exe[1172] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcb453c0 5 bytes [FF, 25, 70, AC, 0A] .text C:\Windows\system32\svchost.exe[1172] C:\Windows\system32\RPCRT4.dll!RpcServerRegisterIfEx 000007fefe413e80 6 bytes JMP 0 .text C:\Windows\system32\svchost.exe[1172] C:\Windows\system32\SspiCli.dll!EncryptMessage 0000000000ee50a0 6 bytes {JMP QWORD [RIP+0x26af90]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d73080 6 bytes {JMP QWORD [RIP+0x92ccfb0]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076da06a0 6 bytes {JMP QWORD [RIP+0x927f990]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076da0770 6 bytes {JMP QWORD [RIP+0x9a1f8c0]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da0870 6 bytes {JMP QWORD [RIP+0x98bf7c0]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076da08e0 6 bytes {JMP QWORD [RIP+0x999f750]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da0920 6 bytes {JMP QWORD [RIP+0x995f710]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076da09c0 6 bytes {JMP QWORD [RIP+0x99bf670]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da0a30 6 bytes {JMP QWORD [RIP+0x97bf600]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da0a50 6 bytes {JMP QWORD [RIP+0x993f5e0]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da0a90 6 bytes {JMP QWORD [RIP+0x983f5a0]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da0ae0 6 bytes {JMP QWORD [RIP+0x985f550]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 6 bytes {JMP QWORD [RIP+0x997f530]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076da0cf0 6 bytes {JMP QWORD [RIP+0x9a5f340]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076da0d00 6 bytes {JMP QWORD [RIP+0x977f330]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da0e00 6 bytes {JMP QWORD [RIP+0x975f230]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076da0ed0 6 bytes {JMP QWORD [RIP+0x98df160]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da0f10 6 bytes {JMP QWORD [RIP+0x97df120]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da0f80 6 bytes {JMP QWORD [RIP+0x979f0b0]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076da0fb0 6 bytes {JMP QWORD [RIP+0x981f080]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1010 6 bytes {JMP QWORD [RIP+0x97ff020]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076da1020 6 bytes {JMP QWORD [RIP+0x99df010]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1030 6 bytes {JMP QWORD [RIP+0x9a3f000]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da13a0 6 bytes {JMP QWORD [RIP+0x98fec90]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076da1430 6 bytes {JMP QWORD [RIP+0x99fec00]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da1ca0 6 bytes {JMP QWORD [RIP+0x991e390]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da1d20 6 bytes {JMP QWORD [RIP+0x987e310]} .text C:\Windows\system32\svchost.exe[1420] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da1da0 6 bytes {JMP QWORD [RIP+0x989e290]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d73080 6 bytes {JMP QWORD [RIP+0x92ccfb0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076da06a0 6 bytes {JMP QWORD [RIP+0x927f990]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076da0770 6 bytes {JMP QWORD [RIP+0x9a1f8c0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da0870 6 bytes {JMP QWORD [RIP+0x98bf7c0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076da08e0 6 bytes {JMP QWORD [RIP+0x999f750]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da0920 6 bytes {JMP QWORD [RIP+0x995f710]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076da09c0 6 bytes {JMP QWORD [RIP+0x99bf670]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da0a30 6 bytes {JMP QWORD [RIP+0x97bf600]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da0a50 6 bytes {JMP QWORD [RIP+0x993f5e0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da0a90 6 bytes {JMP QWORD [RIP+0x983f5a0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da0ae0 6 bytes {JMP QWORD [RIP+0x985f550]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 6 bytes {JMP QWORD [RIP+0x997f530]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076da0cf0 6 bytes {JMP QWORD [RIP+0x9a5f340]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076da0d00 6 bytes {JMP QWORD [RIP+0x977f330]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da0e00 6 bytes {JMP QWORD [RIP+0x975f230]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076da0ed0 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da0f10 6 bytes {JMP QWORD [RIP+0x97df120]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da0f80 6 bytes {JMP QWORD [RIP+0x979f0b0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076da0fb0 6 bytes {JMP QWORD [RIP+0x981f080]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1010 6 bytes {JMP QWORD [RIP+0x97ff020]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076da1020 6 bytes {JMP QWORD [RIP+0x99df010]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1030 6 bytes {JMP QWORD [RIP+0x9a3f000]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da13a0 6 bytes {JMP QWORD [RIP+0x98fec90]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076da1430 6 bytes {JMP QWORD [RIP+0x99fec00]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da1ca0 6 bytes {JMP QWORD [RIP+0x991e390]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da1d20 6 bytes {JMP QWORD [RIP+0x987e310]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da1da0 6 bytes {JMP QWORD [RIP+0x989e290]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\kernel32.dll!CreateProcessInternalW 0000000076c4db80 6 bytes {JMP QWORD [RIP+0x94124b0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcb39055 3 bytes CALL 9000027 .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcb453c0 5 bytes [FF, 25, 70, AC, 0A] .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1422cc 6 bytes {JMP QWORD [RIP+0x48dd64]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1424c0 6 bytes {JMP QWORD [RIP+0x4adb70]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe145bf0 6 bytes {JMP QWORD [RIP+0x4ca440]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe148398 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1489d8 6 bytes {JMP QWORD [RIP+0x237658]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe149344 6 bytes JMP 0 .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe14b9f8 6 bytes {JMP QWORD [RIP+0x504638]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe14c8e0 6 bytes {JMP QWORD [RIP+0x4e3750]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!RegisterRawInputDevices 0000000076b36ef0 6 bytes {JMP QWORD [RIP+0x9869140]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SystemParametersInfoA 0000000076b38184 6 bytes {JMP QWORD [RIP+0x9947eac]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SetParent 0000000076b38530 6 bytes {JMP QWORD [RIP+0x9887b00]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SetWindowLongA 0000000076b39bcc 6 bytes {JMP QWORD [RIP+0x95e6464]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!PostMessageA 0000000076b3a404 6 bytes {JMP QWORD [RIP+0x9625c2c]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!EnableWindow 0000000076b3aaa0 6 bytes {JMP QWORD [RIP+0x9985590]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!MoveWindow 0000000076b3aad0 6 bytes {JMP QWORD [RIP+0x98a5560]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!GetAsyncKeyState 0000000076b3c720 6 bytes {JMP QWORD [RIP+0x9843910]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!RegisterHotKey 0000000076b3cd50 6 bytes {JMP QWORD [RIP+0x99232e0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!PostThreadMessageA 0000000076b3d2b0 6 bytes {JMP QWORD [RIP+0x9662d80]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SendMessageA 0000000076b3d338 6 bytes {JMP QWORD [RIP+0x96a2cf8]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SendNotifyMessageW 0000000076b3dc40 6 bytes {JMP QWORD [RIP+0x97823f0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SystemParametersInfoW 0000000076b3f510 6 bytes {JMP QWORD [RIP+0x9960b20]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SetWindowsHookExW 0000000076b3f874 6 bytes {JMP QWORD [RIP+0x95a07bc]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SendMessageTimeoutW 0000000076b3fac0 6 bytes {JMP QWORD [RIP+0x9700570]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!PostThreadMessageW 0000000076b40b74 6 bytes {JMP QWORD [RIP+0x967f4bc]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SetWindowLongW 0000000076b433b0 6 bytes {JMP QWORD [RIP+0x95fcc80]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SetWinEventHook + 1 0000000076b44d4d 5 bytes {JMP QWORD [RIP+0x95bb2e4]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!GetKeyState 0000000076b45010 6 bytes {JMP QWORD [RIP+0x981b020]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SendMessageCallbackW 0000000076b45438 6 bytes {JMP QWORD [RIP+0x973abf8]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SendMessageW 0000000076b46b50 6 bytes {JMP QWORD [RIP+0x96b94e0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!PostMessageW 0000000076b476e4 6 bytes {JMP QWORD [RIP+0x963894c]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SendDlgItemMessageW 0000000076b4dd90 6 bytes {JMP QWORD [RIP+0x97b22a0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!GetClipboardData 0000000076b4e874 6 bytes {JMP QWORD [RIP+0x98f17bc]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SetClipboardViewer 0000000076b4f780 6 bytes {JMP QWORD [RIP+0x98b08b0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SendNotifyMessageA 0000000076b528e4 6 bytes {JMP QWORD [RIP+0x974d74c]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!mouse_event 0000000076b53894 6 bytes {JMP QWORD [RIP+0x954c79c]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!GetKeyboardState 0000000076b58a10 6 bytes {JMP QWORD [RIP+0x97e7620]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SendMessageTimeoutA 0000000076b58be0 6 bytes {JMP QWORD [RIP+0x96c7450]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SetWindowsHookExA 0000000076b58c20 6 bytes {JMP QWORD [RIP+0x9567410]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SendInput 0000000076b58cd0 6 bytes {JMP QWORD [RIP+0x97c7360]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!BlockInput 0000000076b5ad60 6 bytes {JMP QWORD [RIP+0x98c52d0]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!ExitWindowsEx 0000000076b814e0 6 bytes {JMP QWORD [RIP+0x995eb50]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!keybd_event 0000000076ba45a4 6 bytes {JMP QWORD [RIP+0x94dba8c]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SendDlgItemMessageA 0000000076bacc08 6 bytes {JMP QWORD [RIP+0x9733428]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\USER32.dll!SendMessageCallbackA 0000000076badf18 6 bytes {JMP QWORD [RIP+0x96b2118]} .text C:\Windows\Explorer.EXE[1660] C:\Windows\system32\SSPICLI.DLL!EncryptMessage 000007fefc8950a0 6 bytes JMP 9b3 .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d73080 6 bytes {JMP QWORD [RIP+0x92ccfb0]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076da06a0 6 bytes {JMP QWORD [RIP+0x927f990]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076da0770 6 bytes {JMP QWORD [RIP+0x9a1f8c0]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da0870 6 bytes {JMP QWORD [RIP+0x98bf7c0]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076da08e0 6 bytes {JMP QWORD [RIP+0x999f750]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da0920 6 bytes {JMP QWORD [RIP+0x995f710]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076da09c0 6 bytes {JMP QWORD [RIP+0x99bf670]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da0a30 6 bytes {JMP QWORD [RIP+0x97bf600]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da0a50 6 bytes {JMP QWORD [RIP+0x993f5e0]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da0a90 6 bytes {JMP QWORD [RIP+0x983f5a0]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da0ae0 6 bytes {JMP QWORD [RIP+0x985f550]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 6 bytes {JMP QWORD [RIP+0x997f530]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076da0cf0 6 bytes {JMP QWORD [RIP+0x9a5f340]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076da0d00 6 bytes {JMP QWORD [RIP+0x977f330]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da0e00 6 bytes {JMP QWORD [RIP+0x975f230]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076da0ed0 6 bytes {JMP QWORD [RIP+0x98df160]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da0f10 6 bytes {JMP QWORD [RIP+0x97df120]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da0f80 6 bytes {JMP QWORD [RIP+0x979f0b0]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076da0fb0 6 bytes {JMP QWORD [RIP+0x981f080]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1010 6 bytes {JMP QWORD [RIP+0x97ff020]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076da1020 6 bytes {JMP QWORD [RIP+0x99df010]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1030 6 bytes {JMP QWORD [RIP+0x9a3f000]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da13a0 6 bytes {JMP QWORD [RIP+0x98fec90]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076da1430 6 bytes {JMP QWORD [RIP+0x99fec00]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da1ca0 6 bytes {JMP QWORD [RIP+0x991e390]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da1d20 6 bytes {JMP QWORD [RIP+0x987e310]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da1da0 6 bytes {JMP QWORD [RIP+0x989e290]} .text C:\Windows\system32\svchost.exe[1836] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcb39055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\svchost.exe[1836] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcb453c0 5 bytes [FF, 25, 70, AC, 0A] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076f4f9e0 3 bytes JMP 71af000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076f4f9e4 2 bytes JMP 71af000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076f4fb28 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076f4fb2c 2 bytes [CF, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f4fcb0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076f4fcb4 2 bytes [F0, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076f4fd64 3 bytes JMP 70dc000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076f4fd68 2 bytes JMP 70dc000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076f4fdc8 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076f4fdcc 2 bytes [E1, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076f4fec0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076f4fec4 2 bytes [D8, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076f4ff74 3 bytes JMP 7109000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076f4ff78 2 bytes JMP 7109000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076f4ffa4 3 bytes JMP 70e5000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076f4ffa8 2 bytes JMP 70e5000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f50004 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076f50008 2 bytes [FC, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f50084 3 bytes JMP 70fa000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076f50088 2 bytes JMP 70fa000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f500b4 3 bytes JMP 70df000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f500b8 2 bytes JMP 70df000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076f503b8 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076f503bc 2 bytes [C9, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076f503d0 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076f503d4 2 bytes [0E, 71] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f50550 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076f50554 2 bytes [11, 71] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076f50694 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076f50698 2 bytes [ED, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076f506f4 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076f506f8 2 bytes [05, 71] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f5079c 3 bytes JMP 710c000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076f507a0 2 bytes JMP 710c000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076f507e4 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076f507e8 2 bytes [FF, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076f50874 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076f50878 2 bytes [02, 71] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f5088c 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076f50890 2 bytes [D5, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f508a4 3 bytes JMP 70cd000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076f508a8 2 bytes JMP 70cd000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f50df4 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076f50df8 2 bytes [EA, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076f50ed8 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076f50edc 2 bytes [D2, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f51be4 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076f51be8 2 bytes [E7, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076f51cb4 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076f51cb8 2 bytes [F6, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076f51d8c 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076f51d90 2 bytes [F3, 70] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000076f73a8e 6 bytes JMP 71a8000a .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW 00000000759b3bbb 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe[1980] C:\Windows\syswow64\KERNEL32.dll!CreateProcessInternalW + 4 00000000759b3bbf 2 bytes [9B, 71] .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d73080 6 bytes {JMP QWORD [RIP+0x92ccfb0]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076da06a0 6 bytes {JMP QWORD [RIP+0x927f990]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076da0770 6 bytes {JMP QWORD [RIP+0x9a1f8c0]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da0870 6 bytes {JMP QWORD [RIP+0x98bf7c0]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076da08e0 6 bytes {JMP QWORD [RIP+0x999f750]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da0920 6 bytes {JMP QWORD [RIP+0x995f710]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076da09c0 6 bytes {JMP QWORD [RIP+0x99bf670]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da0a30 6 bytes {JMP QWORD [RIP+0x97bf600]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da0a50 6 bytes {JMP QWORD [RIP+0x993f5e0]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da0a90 6 bytes {JMP QWORD [RIP+0x983f5a0]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da0ae0 6 bytes {JMP QWORD [RIP+0x985f550]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 6 bytes {JMP QWORD [RIP+0x997f530]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076da0cf0 6 bytes {JMP QWORD [RIP+0x9a5f340]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076da0d00 6 bytes {JMP QWORD [RIP+0x977f330]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da0e00 6 bytes {JMP QWORD [RIP+0x975f230]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076da0ed0 6 bytes {JMP QWORD [RIP+0x98df160]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da0f10 6 bytes {JMP QWORD [RIP+0x97df120]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da0f80 6 bytes {JMP QWORD [RIP+0x979f0b0]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076da0fb0 6 bytes {JMP QWORD [RIP+0x981f080]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1010 6 bytes {JMP QWORD [RIP+0x97ff020]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076da1020 6 bytes {JMP QWORD [RIP+0x99df010]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1030 6 bytes {JMP QWORD [RIP+0x9a3f000]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da13a0 6 bytes {JMP QWORD [RIP+0x98fec90]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076da1430 6 bytes {JMP QWORD [RIP+0x99fec00]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da1ca0 6 bytes {JMP QWORD [RIP+0x991e390]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da1d20 6 bytes {JMP QWORD [RIP+0x987e310]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da1da0 6 bytes {JMP QWORD [RIP+0x989e290]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcb39055 3 bytes [B5, 6F, 06] .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\system32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcb453c0 5 bytes [FF, 25, 70, AC, 0A] .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1422cc 6 bytes {JMP QWORD [RIP+0x48dd64]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1424c0 6 bytes {JMP QWORD [RIP+0x4adb70]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe145bf0 6 bytes JMP 4c003a .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe148398 6 bytes {JMP QWORD [RIP+0x257c98]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1489d8 6 bytes {JMP QWORD [RIP+0x237658]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe149344 6 bytes {JMP QWORD [RIP+0x466cec]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe14b9f8 6 bytes {JMP QWORD [RIP+0x504638]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe14c8e0 6 bytes {JMP QWORD [RIP+0x4e3750]} .text C:\Program Files\EPSON\cenzura!\EPCP.exe[2104] C:\Windows\system32\SspiCli.dll!EncryptMessage 0000000000fd50a0 6 bytes {JMP QWORD [RIP+0x1daf90]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d73080 6 bytes {JMP QWORD [RIP+0x92ccfb0]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076da06a0 6 bytes {JMP QWORD [RIP+0x927f990]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076da0770 6 bytes {JMP QWORD [RIP+0x9a1f8c0]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da0870 6 bytes {JMP QWORD [RIP+0x98bf7c0]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076da08e0 6 bytes {JMP QWORD [RIP+0x999f750]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da0920 6 bytes {JMP QWORD [RIP+0x995f710]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076da09c0 6 bytes {JMP QWORD [RIP+0x99bf670]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da0a30 6 bytes {JMP QWORD [RIP+0x97bf600]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da0a50 6 bytes {JMP QWORD [RIP+0x993f5e0]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da0a90 6 bytes {JMP QWORD [RIP+0x983f5a0]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da0ae0 6 bytes {JMP QWORD [RIP+0x985f550]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 6 bytes {JMP QWORD [RIP+0x997f530]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076da0cf0 6 bytes {JMP QWORD [RIP+0x9a5f340]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076da0d00 6 bytes {JMP QWORD [RIP+0x977f330]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da0e00 6 bytes {JMP QWORD [RIP+0x975f230]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076da0ed0 6 bytes {JMP QWORD [RIP+0x98df160]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da0f10 6 bytes {JMP QWORD [RIP+0x97df120]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da0f80 6 bytes {JMP QWORD [RIP+0x979f0b0]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076da0fb0 6 bytes {JMP QWORD [RIP+0x981f080]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1010 6 bytes {JMP QWORD [RIP+0x97ff020]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076da1020 6 bytes {JMP QWORD [RIP+0x99df010]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1030 6 bytes {JMP QWORD [RIP+0x9a3f000]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da13a0 6 bytes {JMP QWORD [RIP+0x98fec90]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076da1430 6 bytes {JMP QWORD [RIP+0x99fec00]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da1ca0 6 bytes {JMP QWORD [RIP+0x991e390]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da1d20 6 bytes {JMP QWORD [RIP+0x987e310]} .text C:\Program Files\Intel\WiFi\bin\EvtEng.exe[2516] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da1da0 6 bytes {JMP QWORD [RIP+0x989e290]} .text C:\Program Files (x86)\e-Kiosk Reader\eGazetaST.exe[2616] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000759b3bbb 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\e-Kiosk Reader\eGazetaST.exe[2616] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000759b3bbf 2 bytes [9B, 71] .text C:\Windows\system32\igfxEM.exe[3980] C:\Windows\system32\GDI32.dll!DeleteDC 000007fefe1422cc 6 bytes {JMP QWORD [RIP+0x48dd64]} .text C:\Windows\system32\igfxEM.exe[3980] C:\Windows\system32\GDI32.dll!BitBlt 000007fefe1424c0 6 bytes {JMP QWORD [RIP+0x4adb70]} .text C:\Windows\system32\igfxEM.exe[3980] C:\Windows\system32\GDI32.dll!MaskBlt 000007fefe145bf0 6 bytes {JMP QWORD [RIP+0x4ca440]} .text C:\Windows\system32\igfxEM.exe[3980] C:\Windows\system32\GDI32.dll!CreateDCW 000007fefe148398 6 bytes {JMP QWORD [RIP+0x257c98]} .text C:\Windows\system32\igfxEM.exe[3980] C:\Windows\system32\GDI32.dll!CreateDCA 000007fefe1489d8 6 bytes {JMP QWORD [RIP+0x237658]} .text C:\Windows\system32\igfxEM.exe[3980] C:\Windows\system32\GDI32.dll!GetPixel 000007fefe149344 6 bytes {JMP QWORD [RIP+0x466cec]} .text C:\Windows\system32\igfxEM.exe[3980] C:\Windows\system32\GDI32.dll!StretchBlt 000007fefe14b9f8 6 bytes JMP 7b071157 .text C:\Windows\system32\igfxEM.exe[3980] C:\Windows\system32\GDI32.dll!PlgBlt 000007fefe14c8e0 6 bytes JMP 640fc .text C:\Program Files\COMODO\COMODO Internet Security\cis.exe[4872] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076da0730 8 bytes JMP 000000016fff00d8 .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[652] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000759b3bbb 3 bytes [FF, 25, 1E] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[652] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000759b3bbf 2 bytes [9B, 71] .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[652] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007513f784 6 bytes {JMP QWORD [RIP+0x719e001e]} .text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[652] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075142c9e 4 bytes {CALL QWORD [RIP+0x71ac000a]} .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[4576] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000076da0730 8 bytes JMP 000000016fff0110 .text C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe[4576] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 8 bytes JMP 000000016fff00d8 .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000076d73080 6 bytes {JMP QWORD [RIP+0x92ccfb0]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtClose 0000000076da06a0 6 bytes {JMP QWORD [RIP+0x927f990]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationProcess 0000000076da0770 6 bytes {JMP QWORD [RIP+0x9a1f8c0]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000076da0870 6 bytes {JMP QWORD [RIP+0x98bf7c0]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 0000000076da08e0 6 bytes {JMP QWORD [RIP+0x999f750]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000076da0920 6 bytes {JMP QWORD [RIP+0x995f710]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtAdjustPrivilegesToken 0000000076da09c0 6 bytes {JMP QWORD [RIP+0x99bf670]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000076da0a30 6 bytes {JMP QWORD [RIP+0x97bf600]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000076da0a50 6 bytes {JMP QWORD [RIP+0x993f5e0]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000076da0a90 6 bytes {JMP QWORD [RIP+0x983f5a0]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000076da0ae0 6 bytes {JMP QWORD [RIP+0x985f550]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 0000000076da0b00 6 bytes {JMP QWORD [RIP+0x997f530]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcConnectPort 0000000076da0cf0 6 bytes {JMP QWORD [RIP+0x9a5f340]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcCreatePort 0000000076da0d00 6 bytes {JMP QWORD [RIP+0x977f330]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076da0e00 6 bytes {JMP QWORD [RIP+0x975f230]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtConnectPort 0000000076da0ed0 6 bytes {JMP QWORD [RIP+0x98df160]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000076da0f10 6 bytes {JMP QWORD [RIP+0x97df120]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000076da0f80 6 bytes {JMP QWORD [RIP+0x979f0b0]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreatePort 0000000076da0fb0 6 bytes {JMP QWORD [RIP+0x981f080]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000076da1010 6 bytes {JMP QWORD [RIP+0x97ff020]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSymbolicLinkObject 0000000076da1020 6 bytes {JMP QWORD [RIP+0x99df010]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000076da1030 6 bytes {JMP QWORD [RIP+0x9a3f000]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000076da13a0 6 bytes {JMP QWORD [RIP+0x98fec90]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtMakeTemporaryObject 0000000076da1430 6 bytes {JMP QWORD [RIP+0x99fec00]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000076da1ca0 6 bytes {JMP QWORD [RIP+0x991e390]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000076da1d20 6 bytes {JMP QWORD [RIP+0x987e310]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000076da1da0 6 bytes {JMP QWORD [RIP+0x989e290]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\System32\kernel32.dll!CreateProcessInternalW 0000000076c4db80 6 bytes {JMP QWORD [RIP+0x94124b0]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\System32\KERNELBASE.dll!LoadLibraryExW + 357 000007fefcb39055 3 bytes [B5, 6F, 06] .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\System32\KERNELBASE.dll!SetProcessShutdownParameters 000007fefcb453c0 5 bytes JMP 0 .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\System32\GDI32.dll!DeleteDC 000007fefe1422cc 6 bytes JMP 0 .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\System32\GDI32.dll!BitBlt 000007fefe1424c0 6 bytes JMP 398 .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\System32\GDI32.dll!MaskBlt 000007fefe145bf0 6 bytes {JMP QWORD [RIP+0x44a440]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\System32\GDI32.dll!CreateDCW 000007fefe148398 6 bytes {JMP QWORD [RIP+0x257c98]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\System32\GDI32.dll!CreateDCA 000007fefe1489d8 6 bytes {JMP QWORD [RIP+0x237658]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\System32\GDI32.dll!GetPixel 000007fefe149344 6 bytes JMP 0 .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\System32\GDI32.dll!StretchBlt 000007fefe14b9f8 6 bytes {JMP QWORD [RIP+0x484638]} .text C:\Windows\system32\AUDIODG.EXE[5196] C:\Windows\System32\GDI32.dll!PlgBlt 000007fefe14c8e0 6 bytes {JMP QWORD [RIP+0x463750]} .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000076f4f9e0 3 bytes JMP 71af000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtClose + 4 0000000076f4f9e4 2 bytes JMP 71af000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess 0000000076f4fb28 3 bytes JMP 70d0000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationProcess + 4 0000000076f4fb2c 2 bytes JMP 70d0000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 0000000076f4fcb0 3 bytes JMP 70f1000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess + 4 0000000076f4fcb4 2 bytes JMP 70f1000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000076f4fd64 3 bytes JMP 70dc000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 4 0000000076f4fd68 2 bytes JMP 70dc000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection 0000000076f4fdc8 3 bytes JMP 70e2000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 4 0000000076f4fdcc 2 bytes JMP 70e2000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken 0000000076f4fec0 3 bytes JMP 70d9000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtAdjustPrivilegesToken + 4 0000000076f4fec4 2 bytes JMP 70d9000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent 0000000076f4ff74 3 bytes JMP 7109000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateEvent + 4 0000000076f4ff78 2 bytes JMP 7109000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection 0000000076f4ffa4 3 bytes JMP 70e5000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 4 0000000076f4ffa8 2 bytes JMP 70e5000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000076f50004 3 bytes JMP 70fd000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread + 4 0000000076f50008 2 bytes JMP 70fd000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000076f50084 3 bytes JMP 70fa000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 4 0000000076f50088 2 bytes JMP 70fa000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000076f500b4 3 bytes JMP 70df000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 4 0000000076f500b8 2 bytes JMP 70df000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort 0000000076f503b8 3 bytes JMP 70ca000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtAlpcConnectPort + 4 0000000076f503bc 2 bytes JMP 70ca000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort 0000000076f503d0 3 bytes JMP 710f000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtAlpcCreatePort + 4 0000000076f503d4 2 bytes JMP 710f000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort 0000000076f50550 3 bytes JMP 7112000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtAlpcSendWaitReceivePort + 4 0000000076f50554 2 bytes JMP 7112000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort 0000000076f50694 3 bytes JMP 70ee000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtConnectPort + 4 0000000076f50698 2 bytes JMP 70ee000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair 0000000076f506f4 3 bytes JMP 7106000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateEventPair + 4 0000000076f506f8 2 bytes JMP 7106000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 0000000076f5079c 3 bytes JMP 710c000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 4 0000000076f507a0 2 bytes JMP 710c000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort 0000000076f507e4 3 bytes JMP 7100000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreatePort + 4 0000000076f507e8 2 bytes JMP 7100000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore 0000000076f50874 3 bytes JMP 7103000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateSemaphore + 4 0000000076f50878 2 bytes JMP 7103000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 0000000076f5088c 3 bytes JMP 70d6000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject + 4 0000000076f50890 2 bytes JMP 70d6000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000076f508a4 3 bytes JMP 70cd000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx + 4 0000000076f508a8 2 bytes JMP 70cd000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000076f50df4 3 bytes JMP 70eb000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver + 4 0000000076f50df8 2 bytes JMP 70eb000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject 0000000076f50ed8 3 bytes JMP 70d3000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtMakeTemporaryObject + 4 0000000076f50edc 2 bytes JMP 70d3000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000076f51be4 3 bytes JMP 70e8000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation + 4 0000000076f51be8 2 bytes JMP 70e8000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem 0000000076f51cb4 3 bytes JMP 70f7000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtShutdownSystem + 4 0000000076f51cb8 2 bytes JMP 70f7000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl 0000000076f51d8c 3 bytes JMP 70f4000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!NtSystemDebugControl + 4 0000000076f51d90 2 bytes JMP 70f4000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000076f73a8e 6 bytes JMP 71a8000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW 00000000759b3bbb 3 bytes JMP 719c000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\kernel32.dll!CreateProcessInternalW + 4 00000000759b3bbf 2 bytes JMP 719c000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\KERNELBASE.dll!SetProcessShutdownParameters 000000007513f784 6 bytes JMP 719f000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000075142c9e 4 bytes CALL 71ac0000 .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SetWindowLongW 0000000074978332 6 bytes JMP 716c000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!PostThreadMessageW 0000000074978bff 6 bytes JMP 7160000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SystemParametersInfoW 00000000749790d3 6 bytes JMP 711b000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SendMessageW 0000000074979679 6 bytes JMP 715a000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutW 00000000749797d2 6 bytes JMP 7154000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007497ee09 6 bytes JMP 7172000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!RegisterHotKey 000000007497efc9 3 bytes JMP 7121000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!RegisterHotKey + 4 000000007497efcd 2 bytes JMP 7121000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!PostMessageW 00000000749812a5 6 bytes JMP 7166000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!GetKeyState 000000007498291f 6 bytes JMP 7139000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SetParent 0000000074982d64 3 bytes JMP 7130000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SetParent + 4 0000000074982d68 2 bytes JMP 7130000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000074982da4 6 bytes JMP 7118000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!MoveWindow 0000000074983698 3 bytes JMP 712d000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!MoveWindow + 4 000000007498369c 2 bytes JMP 712d000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!PostMessageA 0000000074983baa 6 bytes JMP 7169000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!PostThreadMessageA 0000000074983c61 6 bytes JMP 7163000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SetWindowLongA 0000000074986110 6 bytes JMP 716f000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SendMessageA 000000007498612e 6 bytes JMP 715d000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SystemParametersInfoA 0000000074986c30 6 bytes JMP 711e000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000074987603 6 bytes JMP 7175000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SendNotifyMessageW 0000000074987668 6 bytes JMP 7148000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SendMessageCallbackW 00000000749876e0 6 bytes JMP 714e000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SendMessageTimeoutA 000000007498781f 6 bytes JMP 7157000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007498835c 6 bytes JMP 7178000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 000000007498c4b6 3 bytes JMP 712a000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SetClipboardViewer + 4 000000007498c4ba 2 bytes JMP 712a000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageA 000000007499c112 6 bytes JMP 7145000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SendDlgItemMessageW 000000007499d0f5 6 bytes JMP 7142000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 000000007499eb96 6 bytes JMP 7136000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!GetKeyboardState 000000007499ec68 3 bytes JMP 713c000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!GetKeyboardState + 4 000000007499ec6c 2 bytes JMP 713c000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SendInput 000000007499ff4a 3 bytes JMP 713f000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SendInput + 4 000000007499ff4e 2 bytes JMP 713f000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!GetClipboardData 00000000749b9f1d 6 bytes JMP 7124000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!ExitWindowsEx 00000000749c1497 6 bytes JMP 7115000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!mouse_event 00000000749d027b 6 bytes JMP 717b000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!keybd_event 00000000749d02bf 6 bytes JMP 717e000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SendMessageCallbackA 00000000749d6cfc 6 bytes JMP 7151000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!SendNotifyMessageA 00000000749d6d5d 6 bytes JMP 714b000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!BlockInput 00000000749d7dd7 3 bytes JMP 7127000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!BlockInput + 4 00000000749d7ddb 2 bytes JMP 7127000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices 00000000749d88eb 3 bytes JMP 7133000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\USER32.dll!RegisterRawInputDevices + 4 00000000749d88ef 2 bytes JMP 7133000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\GDI32.dll!DeleteDC 0000000074a758b3 6 bytes JMP 7190000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\GDI32.dll!BitBlt 0000000074a75ea6 6 bytes JMP 718a000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\GDI32.dll!CreateDCA 0000000074a77bcc 6 bytes JMP 7199000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\GDI32.dll!StretchBlt 0000000074a7b895 6 bytes JMP 7181000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\GDI32.dll!MaskBlt 0000000074a7c332 6 bytes JMP 7187000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\GDI32.dll!GetPixel 0000000074a7cbfb 6 bytes JMP 7193000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\GDI32.dll!CreateDCW 0000000074a7e743 6 bytes JMP 7196000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\GDI32.dll!PlgBlt 0000000074aa4857 6 bytes JMP 7184000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 00000000748f124a 6 bytes JMP 718d000a .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a51465 2 bytes [A5, 76] .text C:\Users\Martynka\Downloads\h0gtk74k.exe[6020] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a514bb 2 bytes [A5, 76] .text ... * 2 ---- Threads - GMER 2.1 ---- Thread [888:980] 0000000076d6a870 Thread [888:524] 0000000076d6f2e0 Thread [888:520] 0000000076d6f2e0 Thread [888:764] 0000000076d6f2e0 Thread [888:760] 0000000076d6f2e0 Thread [888:776] 0000000076d6f2e0 Thread [888:924] 0000000076d6f2e0 Thread [888:5164] 0000000076d6f2e0 Thread [888:4952] 0000000076d6f2e0 Thread C:\Windows\system32\svchost.exe [668:1268] 000007fefbc14af4 Thread C:\Windows\system32\svchost.exe [668:5240] 000007fef77f2154 Thread C:\Windows\system32\svchost.exe [668:1340] 000007fefbc14af4 Thread C:\Windows\System32\svchost.exe [1096:1144] 000007fefa7cf2c0 Thread C:\Windows\System32\svchost.exe [1096:1148] 000007fefa746204 Thread C:\Windows\System32\svchost.exe [1096:1392] 000007fef9da331c Thread C:\Windows\System32\svchost.exe [1096:1712] 000007fef8b259a0 Thread C:\Windows\System32\svchost.exe [1096:2160] 000007fefc3f1a70 Thread C:\Windows\System32\svchost.exe [1096:3880] 000007fef01b20c0 Thread C:\Windows\System32\svchost.exe [1096:3896] 000007fef01b26a8 Thread C:\Windows\System32\svchost.exe [1096:4208] 000007fef21144e0 Thread C:\Windows\System32\svchost.exe [1096:3760] 000007fef01b29dc Thread C:\Windows\system32\svchost.exe [1132:1504] 000007feeffdd3c8 Thread C:\Windows\system32\svchost.exe [1132:1540] 000007feeffdd3c8 Thread C:\Windows\system32\svchost.exe [1132:4968] 000007feeffdd3c8 Thread C:\Windows\system32\svchost.exe [1132:5204] 000007feeffdd3c8 Thread C:\Windows\system32\svchost.exe [1132:2556] 000007fefa036ed4 Thread C:\Windows\system32\svchost.exe [1132:5180] 000007fefa036b8c Thread C:\Windows\system32\svchost.exe [1420:2992] 000007fef2a0bd88 Thread C:\Windows\system32\svchost.exe [1420:4284] 000007fef7055170 Thread C:\Windows\system32\svchost.exe [1420:300] 000007fef2ef5124 Thread C:\Windows\system32\svchost.exe [1420:5316] 000007fefa08341c Thread C:\Windows\system32\svchost.exe [1420:3392] 000007fefa083a2c Thread C:\Windows\system32\svchost.exe [1420:5384] 000007fefa083768 Thread C:\Windows\system32\svchost.exe [1420:4480] 000007fefa085c20 Thread C:\Windows\system32\svchost.exe [1420:5964] 000007fefa083900 Thread C:\Windows\Explorer.EXE [1660:6028] 000007feddba82a4 Thread C:\Windows\Explorer.EXE [1660:5988] 000007fef09d82a4 Thread C:\Windows\Explorer.EXE [1660:1528] 000007fef09d82a4 Thread C:\Windows\Explorer.EXE [1660:5092] 000007fef09d82a4 Thread C:\Windows\system32\WLANExt.exe [1724:2032] 0000000072851dbc Thread C:\Windows\system32\WLANExt.exe [1724:2036] 000007fef740dcd0 Thread C:\Windows\system32\WLANExt.exe [1724:2044] 0000000072851dbc Thread C:\Windows\system32\WLANExt.exe [1724:1804] 000007fef82f2f9c Thread C:\Windows\system32\WLANExt.exe [1724:2112] 000007fef80046e4 Thread C:\Windows\system32\WLANExt.exe [1724:2116] 000007fef8004700 Thread C:\Windows\system32\WLANExt.exe [1724:2120] 000007fef80046c8 Thread C:\Windows\system32\WLANExt.exe [1724:2124] 000007fef82f2f9c Thread C:\Windows\System32\spoolsv.exe [1796:2368] 000007fef3fe10c8 Thread C:\Windows\System32\spoolsv.exe [1796:2372] 000007fef3fa6144 Thread C:\Windows\System32\spoolsv.exe [1796:2376] 000007fef3d95fd0 Thread C:\Windows\System32\spoolsv.exe [1796:2380] 000007fef3d83438 Thread C:\Windows\System32\spoolsv.exe [1796:2384] 000007fef3d963ec Thread C:\Windows\System32\spoolsv.exe [1796:2392] 000007fef4165e5c Thread C:\Windows\System32\spoolsv.exe [1796:2396] 000007fef41b5074 Thread C:\Windows\System32\spoolsv.exe [1796:2416] 000007fef41456dc Thread C:\Windows\system32\taskhost.exe [1808:1924] 000007fef88a1f38 Thread C:\Windows\system32\taskhost.exe [1808:1688] 000007fefb8a1010 Thread C:\Windows\system32\taskhost.exe [1808:5176] 000007fef7055170 Thread C:\Windows\system32\svchost.exe [1836:1884] 000007fefc3f1a70 Thread C:\Windows\system32\svchost.exe [1836:1896] 000007fefc3f1a70 Thread C:\Windows\system32\svchost.exe [1836:1912] 000007fefc3f1a70 Thread C:\Windows\system32\svchost.exe [1836:1920] 000007fef8782c70 Thread C:\Windows\system32\svchost.exe [1836:1944] 000007fef878fb40 Thread C:\Windows\system32\svchost.exe [1836:1956] 000007fef87a1d20 Thread C:\Windows\system32\svchost.exe [1836:1960] 000007fef878f6f0 Thread C:\Windows\system32\svchost.exe [1836:2072] 000007fef78435c0 Thread C:\Windows\system32\svchost.exe [1836:3296] 000007fef7845600 Thread C:\Windows\system32\svchost.exe [1836:3968] 000007feeff32888 Thread C:\Windows\system32\svchost.exe [1836:3972] 000007feeff22940 Thread C:\Windows\system32\svchost.exe [1836:5528] 000007feeff32a40 Thread C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [1980:1740] 000000000136cf5c Thread C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [1980:1588] 00000000013ea8c0 Thread C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [1980:2784] 00000000013ea8c0 Thread C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [1980:2592] 00000000013ea8c0 Thread C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [1980:2308] 00000000013ea8c0 Thread C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [1980:2584] 00000000013ea8c0 Thread C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [1980:2524] 00000000013ea8c0 Thread C:\Windows\system32\svchost.exe [2388:2608] 000007fef22e7130 Thread C:\Windows\system32\svchost.exe [2388:1264] 000007fef22dd5c0 Thread C:\Windows\system32\svchost.exe [3932:3168] 000007fef3d95fd0 Thread C:\Windows\system32\svchost.exe [3932:2684] 000007fef3d963ec Thread C:\Windows\system32\svchost.exe [3932:2084] 000007fef4ee8470 Thread C:\Windows\system32\svchost.exe [3932:324] 000007fef4ef2418 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3E3C8A24-DD60-44DF-AA97-7692CB6AE9B5}\Connection@Name isatap.{0348966F-19FC-4972-9A6F-52346E53CF13} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{F54214D4-6D3A-4033-BBE0-48920DFC410E}\Connection@Name isatap.{611081EA-F4AE-4CDB-9492-7CFFAB86E673} Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{BC3DF984-B814-43E7-A1F1-B3EC344C2BDF}?\Device\{FFD2D55F-5D12-4009-A49C-ECBAAA472F3A}?\Device\{3E3C8A24-DD60-44DF-AA97-7692CB6AE9B5}?\Device\{F54214D4-6D3A-4033-BBE0-48920DFC410E}?\Device\{73D0A4C2-767A-40B8-AA3C-08BF51440D13}?\Device\{BDBAE986-C87E-48EC-B42A-AE597695969D}? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{BC3DF984-B814-43E7-A1F1-B3EC344C2BDF}"?"{FFD2D55F-5D12-4009-A49C-ECBAAA472F3A}"?"{3E3C8A24-DD60-44DF-AA97-7692CB6AE9B5}"?"{F54214D4-6D3A-4033-BBE0-48920DFC410E}"?"{73D0A4C2-767A-40B8-AA3C-08BF51440D13}"?"{BDBAE986-C87E-48EC-B42A-AE597695969D}"? Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{BC3DF984-B814-43E7-A1F1-B3EC344C2BDF}?\Device\TCPIP6TUNNEL_{FFD2D55F-5D12-4009-A49C-ECBAAA472F3A}?\Device\TCPIP6TUNNEL_{3E3C8A24-DD60-44DF-AA97-7692CB6AE9B5}?\Device\TCPIP6TUNNEL_{F54214D4-6D3A-4033-BBE0-48920DFC410E}?\Device\TCPIP6TUNNEL_{73D0A4C2-767A-40B8-AA3C-08BF51440D13}?\Device\TCPIP6TUNNEL_{BDBAE986-C87E-48EC-B42A-AE597695969D}? Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\6036ddf83e72 Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3E3C8A24-DD60-44DF-AA97-7692CB6AE9B5}@InterfaceName isatap.{0348966F-19FC-4972-9A6F-52346E53CF13} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{3E3C8A24-DD60-44DF-AA97-7692CB6AE9B5}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{F54214D4-6D3A-4033-BBE0-48920DFC410E}@InterfaceName isatap.{611081EA-F4AE-4CDB-9492-7CFFAB86E673} Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{F54214D4-6D3A-4033-BBE0-48920DFC410E}@ReusableType 0 Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\6036ddf83e72 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Configurations@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Data@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\CmdAgent\Mode\Options@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Cam@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... Reg HKLM\SYSTEM\Software\COMODO\Firewall Pro@SymbolicLinkValue 0x5C 0x00 0x52 0x00 ... ---- EOF - GMER 2.1 ----

OTL:

Kod: Zaznacz wszystko: OTL logfile created on: 2015-01-03 19:51:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martynka\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17501) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,86 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 50,27% Memory free 9,66 Gb Paging File | 6,51 Gb Available in Paging File | 67,44% Paging File free Paging file location(s): c:\pagefile.sys 5935 5935 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 116,15 Gb Free Space | 59,50% Space Free | Partition Type: NTFS Drive D: | 443,21 Gb Total Space | 437,55 Gb Free Space | 98,72% Space Free | Partition Type: exFAT Drive E: | 292,96 Gb Total Space | 248,22 Gb Free Space | 84,73% Space Free | Partition Type: exFAT Computer Name: COMPUTER | User Name: Martynka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2015-01-03 17:43:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martynka\Downloads\OTL_[www.programosy.pl].exe PRC - [2014-12-17 16:48:59 | 000,856,904 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe PRC - [2013-11-15 14:39:40 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2013-11-15 14:39:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2013-11-15 14:39:34 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2013-02-14 02:44:10 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012-06-18 13:32:00 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe PRC - [2012-06-18 13:31:58 | 001,333,184 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe PRC - [2012-06-18 13:31:48 | 001,095,616 | ---- | M] (Motorola Solutions, Inc.) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe PRC - [2011-11-29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011-09-21 12:57:50 | 001,690,624 | ---- | M] (e-Kiosk S.A.) -- C:\Program Files (x86)\e-Kiosk Reader\eGazetaST.exe PRC - [2011-02-02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe PRC - [2009-07-24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2014-12-06 02:50:50 | 009,009,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll MOD - [2014-12-06 02:50:46 | 001,077,064 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll MOD - [2014-12-06 02:50:45 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll MOD - [2014-12-06 02:50:44 | 001,677,128 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2014-12-11 01:51:10 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2014-12-10 23:08:58 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:[b]64bit:[/b] - [2014-12-09 01:20:21 | 007,618,952 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent) SRV:[b]64bit:[/b] - [2014-12-09 01:20:03 | 002,265,304 | ---- | M] (COMODO) [On_Demand | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth) SRV:[b]64bit:[/b] - [2014-09-12 16:33:09 | 000,662,592 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\cenzura!\EPCP.exe -- (cenzura!) SRV:[b]64bit:[/b] - [2014-07-10 18:32:13 | 001,616,896 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:[b]64bit:[/b] - [2014-05-20 23:33:44 | 000,314,696 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0) SRV:[b]64bit:[/b] - [2012-06-25 15:06:30 | 003,325,232 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe -- (ZeroConfigService) SRV:[b]64bit:[/b] - [2012-06-25 15:06:08 | 000,272,688 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:[b]64bit:[/b] - [2012-06-25 15:05:54 | 000,628,016 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:[b]64bit:[/b] - [2012-06-25 15:05:28 | 000,149,296 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:[b]64bit:[/b] - [2012-05-16 23:00:00 | 000,144,560 | ---- | M] (Seiko Epson Corporation) [Auto | Running] -- C:\Windows\SysNative\escsvc64.exe -- (EpsonScanSvc) SRV:[b]64bit:[/b] - [2012-04-23 16:23:28 | 000,135,952 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe -- (BTHSSecurityMgr) SRV:[b]64bit:[/b] - [2012-03-15 06:09:20 | 000,659,976 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe -- (AMPPALR3) SRV:[b]64bit:[/b] - [2012-02-02 21:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV:[b]64bit:[/b] - [2009-07-14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2014-12-09 19:57:19 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2014-10-30 15:54:32 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2014-05-20 23:33:48 | 000,278,344 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2014-04-11 22:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2014-04-03 19:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-11-15 14:39:40 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2013-11-15 14:39:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2013-11-15 14:39:34 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2013-02-14 02:44:10 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012-06-18 13:32:00 | 001,124,288 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service) SRV - [2012-06-18 13:31:58 | 001,333,184 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service) SRV - [2012-06-18 13:31:48 | 001,095,616 | ---- | M] (Motorola Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor) SRV - [2011-11-29 19:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011-02-02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service) SRV - [2010-02-19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009-07-24 18:38:50 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2014-12-09 01:20:32 | 000,020,184 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd) DRV:[b]64bit:[/b] - [2014-08-30 10:35:35 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:[b]64bit:[/b] - [2014-08-27 15:02:26 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:[b]64bit:[/b] - [2014-08-27 15:02:26 | 000,030,816 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:[b]64bit:[/b] - [2014-07-10 18:27:31 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2014-07-10 18:27:31 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b]64bit:[/b] - [2014-07-10 18:21:17 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2014-07-10 18:19:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b]64bit:[/b] - [2014-07-10 18:19:16 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b]64bit:[/b] - [2014-07-10 18:16:23 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2014-07-10 18:16:23 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2014-05-20 23:33:36 | 003,791,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2013-11-15 14:40:26 | 000,313,448 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2013-11-15 14:38:14 | 008,227,216 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc) DRV:[b]64bit:[/b] - [2013-11-15 14:34:58 | 000,685,160 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2013-09-12 10:18:56 | 004,135,424 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD) DRV:[b]64bit:[/b] - [2013-02-14 02:44:10 | 000,030,496 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2012-08-27 09:52:42 | 000,448,312 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:[b]64bit:[/b] - [2012-08-27 09:52:40 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI) DRV:[b]64bit:[/b] - [2012-07-17 17:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2012-07-09 14:27:06 | 000,060,928 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iBtFltCoex.sys -- (ibtfltcoex) DRV:[b]64bit:[/b] - [2012-06-09 13:51:44 | 000,849,408 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmhsf.sys -- (btmhsf) DRV:[b]64bit:[/b] - [2012-06-03 07:33:44 | 011,499,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Netwsw00.sys -- (NETwNs64) DRV:[b]64bit:[/b] - [2012-05-21 14:25:30 | 000,789,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:[b]64bit:[/b] - [2012-05-21 14:25:30 | 000,357,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:[b]64bit:[/b] - [2012-05-21 14:25:30 | 000,019,264 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:[b]64bit:[/b] - [2012-05-21 07:39:12 | 000,111,104 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux) DRV:[b]64bit:[/b] - [2012-03-15 05:02:46 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPALP) DRV:[b]64bit:[/b] - [2012-03-15 05:02:46 | 000,198,144 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmpPal.sys -- (AMPPAL) DRV:[b]64bit:[/b] - [2011-12-06 18:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2011-11-29 18:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010-11-21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:[b]64bit:[/b] - [2010-11-21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2009-07-14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-06-10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009-07-14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.winclub.pl IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pl IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4220852-1144830261-630356992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.winclub.pl IE - HKU\S-1-5-21-4220852-1144830261-630356992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://pl.yahoo.com?fr=fp-comodo IE - HKU\S-1-5-21-4220852-1144830261-630356992-1000\..\SearchScopes,DefaultScope = {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} IE - HKU\S-1-5-21-4220852-1144830261-630356992-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02 IE - HKU\S-1-5-21-4220852-1144830261-630356992-1000\..\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}: "URL" = http://pl.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo IE - HKU\S-1-5-21-4220852-1144830261-630356992-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4220852-1144830261-630356992-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.winclub.pl IE - HKU\S-1-5-21-4220852-1144830261-630356992-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.winclub.pl IE - HKU\S-1-5-21-4220852-1144830261-630356992-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Martynka\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Martynka\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Martynka\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) [2014-05-21 11:23:56 | 000,034,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [color=#E56717]========== Chrome ==========[/color] CHR - plugin: Error reading preferences file CHR - Extension: No name found = C:\Users\Martynka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.8_0\ CHR - Extension: No name found = C:\Users\Martynka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\ CHR - Extension: No name found = C:\Users\Martynka\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: No name found = C:\Users\Martynka\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: No name found = C:\Users\Martynka\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: No name found = C:\Users\Martynka\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.0_0\ CHR - Extension: No name found = C:\Users\Martynka\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.15_0\ CHR - Extension: No name found = C:\Users\Martynka\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnjckfhbbanhdnpekieahgohkbogpilm\1.1_0\ CHR - Extension: No name found = C:\Users\Martynka\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\ CHR - Extension: No name found = C:\Users\Martynka\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009-06-10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO) O4 - HKLM..\Run: [e-Kiosk] C:\Program Files (x86)\e-Kiosk Reader\eGazetaST.exe (e-Kiosk S.A.) O4 - HKU\.DEFAULT..\Run: [tiny.cmd] C:\Windows\System32\tiny\tiny.cmd File not found O4 - HKU\S-1-5-18..\Run: [tiny.cmd] C:\Windows\System32\tiny\tiny.cmd File not found O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-21-4220852-1144830261-630356992-1000..\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-4220852-1144830261-630356992-1001..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-4220852-1144830261-630356992-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableFirstLogonAnimation = 0 O7 - HKU\S-1-5-21-4220852-1144830261-630356992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-4220852-1144830261-630356992-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:[b]64bit:[/b] - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found O8:[b]64bit:[/b] - Extra context menu item: Wyślij do Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Wyślij do Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm () O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 86.63.64.48 86.63.64.49 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5FB25051-C3FB-436A-BE6C-0425A4DFCE2A}: DhcpNameServer = 86.63.64.48 86.63.64.49 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7BA96D74-1065-4A8E-B4F8-8CC522FB9564}: DhcpNameServer = 8.8.8.8 8.8.4.4 O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2014-12-09 19:19:11 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ] O33 - MountPoints2\{22946ba9-3026-11e4-ae88-6036ddf83e72}\Shell - "" = AutoRun O33 - MountPoints2\{22946ba9-3026-11e4-ae88-6036ddf83e72}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{22946ba9-3026-11e4-ae88-6036ddf83e72}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{22946ba9-3026-11e4-ae88-6036ddf83e72}\Shell\install\command - "" = G:\SETUP.EXE O33 - MountPoints2\{4f1b7434-6001-11e4-af73-6036ddf83e6e}\Shell - "" = AutoRun O33 - MountPoints2\{4f1b7434-6001-11e4-af73-6036ddf83e6e}\Shell\AutoRun\command - "" = H:\start.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2015-01-03 18:38:01 | 000,000,000 | ---D | C] -- C:\Users\Martynka\AppData\Roaming\TakeOwnershipEx [2015-01-03 18:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\V-Ray for SketchUp [2014-12-30 17:47:16 | 000,000,000 | ---D | C] -- C:\Users\Martynka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kerkythea Rendering System [2014-12-30 17:47:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kerkythea Rendering System [2014-12-30 17:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kerkythea Rendering System [2014-12-30 13:15:07 | 000,000,000 | ---D | C] -- C:\Users\Martynka\Desktop\MODEL SZATNIaa [2014-12-30 13:08:44 | 000,000,000 | ---D | C] -- C:\Users\Martynka\Documents\MODEL SZATNIaa [2014-12-29 19:43:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 8 [2014-12-29 19:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2014 [2014-12-29 19:23:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SketchUp [2014-12-29 19:17:55 | 000,000,000 | ---D | C] -- C:\Users\Martynka\AppData\Roaming\SketchUp [2014-12-29 19:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Reprise [2014-12-29 19:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2015 [2014-12-29 19:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\SketchUp [2014-12-29 19:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\SketchUp [2014-12-18 12:43:29 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014-12-18 12:43:29 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014-12-17 16:30:08 | 000,000,000 | -H-D | C] -- C:\VTRoot [2014-12-11 09:11:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appraiser [2014-12-11 01:44:31 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2014-12-11 01:44:31 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2014-12-11 01:44:31 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll [2014-12-11 01:44:31 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe [2014-12-11 01:44:31 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe [2014-12-11 01:44:31 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe [2014-12-11 01:44:31 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe [2014-12-11 01:44:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll [2014-12-11 01:44:31 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll [2014-12-11 01:44:30 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2014-12-10 23:12:14 | 000,000,000 | ---D | C] -- C:\Users\Martynka\Documents\Inventor Server x64 AutoCAD 2012 Language Pack - Polski [2014-12-10 23:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk [2014-12-10 23:04:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk [2014-12-10 23:02:32 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2014-12-10 23:02:32 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2014-12-10 23:02:31 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2014-12-10 23:02:31 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2014-12-10 23:02:31 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2014-12-10 23:02:31 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2014-12-10 23:02:30 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2014-12-10 23:02:30 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2014-12-10 14:33:01 | 000,000,000 | ---D | C] -- C:\Users\Martynka\diamencik (1) [2014-12-10 10:55:03 | 001,232,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aitstatic.exe [2014-12-10 10:55:03 | 000,830,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appraiser.dll [2014-12-10 10:55:02 | 001,083,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2014-12-10 10:55:02 | 000,741,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\invagent.dll [2014-12-10 10:55:02 | 000,413,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\generaltel.dll [2014-12-10 10:55:02 | 000,396,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devinv.dll [2014-12-10 10:55:02 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2014-12-10 10:55:02 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll [2014-12-10 10:50:49 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2014-12-10 10:50:42 | 000,718,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014-12-10 10:50:42 | 000,114,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014-12-10 10:50:42 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014-12-10 10:50:42 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2014-12-10 10:50:42 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014-12-10 10:50:42 | 000,047,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014-12-10 10:50:42 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014-12-10 10:50:42 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014-12-10 10:50:41 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2014-12-10 10:50:40 | 002,052,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014-12-10 10:50:40 | 000,710,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014-12-10 10:50:40 | 000,620,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014-12-10 10:50:40 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014-12-10 10:50:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014-12-10 10:50:39 | 000,968,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014-12-10 10:50:39 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014-12-10 10:50:39 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014-12-10 10:50:39 | 000,316,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014-12-10 10:50:38 | 002,125,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014-12-10 10:50:38 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014-12-10 10:50:38 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014-12-10 10:50:37 | 001,155,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2014-12-10 10:50:37 | 000,168,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014-12-10 10:50:37 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2014-12-10 10:50:35 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014-12-10 10:50:35 | 000,490,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014-12-10 10:50:34 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2014-12-10 10:50:34 | 000,814,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014-12-10 10:50:34 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014-12-10 10:50:33 | 006,039,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014-12-10 10:50:33 | 000,580,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014-12-10 10:50:33 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014-12-10 10:50:33 | 000,088,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2014-12-10 10:46:56 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe [2014-12-10 10:46:56 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe [2014-12-10 10:46:55 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll [2014-12-10 10:46:55 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll [2014-12-10 10:46:55 | 000,266,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe [2014-12-10 10:46:55 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll [2014-12-10 10:46:55 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll [2014-12-10 10:46:55 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe [2014-12-10 10:46:55 | 000,181,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll [2014-12-10 10:46:55 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll [2014-12-09 19:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk [2014-12-09 19:25:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared [2014-12-09 19:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\AutoCADek [2014-12-09 19:24:35 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2014-12-09 19:24:35 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2014-12-09 19:24:35 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2014-12-09 19:24:35 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2014-12-09 19:24:32 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2014-12-09 19:24:32 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2014-12-09 19:24:17 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2014-12-09 19:24:17 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2014-12-07 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\Martynka\Desktop\Zdjęcia_pobrane_przez_AirDroid [2014-12-07 17:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Artlantis Studio 5 (64 bit) [2014-12-07 17:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Artlantis Studio 5 [2014-12-06 11:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2015-01-03 19:57:02 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015-01-03 19:51:59 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat [2015-01-03 19:46:06 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2015-01-03 19:30:01 | 000,000,725 | ---- | M] () -- C:\Windows\tasks\EPSON XP-412 413 415 Series Invitation {BC544B9A-236A-4B97-9C4F-68F915CBAC5B}.job [2015-01-03 18:46:38 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2015-01-03 17:42:20 | 000,115,902 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat [2015-01-03 13:15:14 | 000,031,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015-01-03 13:15:14 | 000,031,520 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015-01-03 13:02:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015-01-02 15:14:35 | 000,009,917 | ---- | M] () -- C:\Users\Martynka\Desktop\10884494_890540000978105_2071511453_n.jpg [2015-01-02 15:14:31 | 000,009,619 | ---- | M] () -- C:\Users\Martynka\Desktop\10893868_890540137644758_1800505159_n.jpg [2015-01-02 14:14:24 | 000,477,451 | ---- | M] () -- C:\Users\Martynka\Desktop\36.jpg [2015-01-02 11:35:07 | 3319,873,536 | -HS- | M] () -- C:\hiberfil.sys [2015-01-01 20:26:05 | 001,843,404 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015-01-01 20:26:05 | 000,853,168 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2015-01-01 20:26:05 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015-01-01 20:26:05 | 000,213,780 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2015-01-01 20:26:05 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2014-12-30 14:13:55 | 001,815,050 | ---- | M] () -- C:\Users\Martynka\Desktop\kwiaty-drzewa-lisciaste-trawa-aka.jpeg [2014-12-30 13:29:52 | 000,063,314 | ---- | M] () -- C:\Users\Martynka\Desktop\10888708_602405783248014_1850515410153227542_n.jpg [2014-12-30 13:15:17 | 004,893,243 | ---- | M] () -- C:\Users\Martynka\Desktop\MODEL SZATNIaa.atl [2014-12-30 13:09:32 | 004,893,223 | ---- | M] () -- C:\Users\Martynka\Documents\MODEL SZATNIaa.atl [2014-12-30 10:40:48 | 000,101,758 | ---- | M] () -- C:\Users\Martynka\Desktop\961615_862837977094885_642383195_n.jpg [2014-12-27 22:49:15 | 000,489,583 | ---- | M] () -- C:\Users\Martynka\Desktop\aaaaaaaa.png [2014-12-27 22:46:59 | 000,086,945 | ---- | M] () -- C:\Users\Martynka\Desktop\11.png [2014-12-19 17:59:24 | 000,081,257 | ---- | M] () -- C:\Users\Martynka\Desktop\aaaa.png [2014-12-18 18:49:59 | 000,144,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2014-12-18 18:49:59 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2014-12-11 18:35:53 | 000,294,393 | ---- | M] () -- C:\Users\Martynka\Desktop\SZatnia.jpg [2014-12-11 09:14:15 | 005,001,144 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2014-12-11 02:05:33 | 001,083,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aeinv.dll [2014-12-11 02:05:33 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepdu.dll [2014-12-11 02:05:33 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aepic.dll [2014-12-11 01:52:46 | 001,424,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2014-12-11 01:51:20 | 000,633,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2014-12-11 01:51:18 | 002,052,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2014-12-11 01:51:18 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll [2014-12-11 01:51:18 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll [2014-12-11 01:51:18 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2014-12-11 01:51:18 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2014-12-11 01:51:16 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2014-12-11 01:51:15 | 006,039,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2014-12-11 01:51:15 | 000,814,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll [2014-12-11 01:51:14 | 002,125,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2014-12-11 01:51:11 | 001,359,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll [2014-12-11 01:51:11 | 000,620,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll [2014-12-11 01:51:11 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll [2014-12-11 01:51:10 | 001,155,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll [2014-12-11 01:51:10 | 000,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe [2014-12-11 01:51:10 | 000,064,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll [2014-12-11 01:51:10 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll [2014-12-11 01:51:10 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll [2014-12-11 01:51:09 | 000,968,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe [2014-12-11 01:51:09 | 000,580,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2014-12-11 01:51:09 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll [2014-12-11 01:51:09 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2014-12-11 01:51:08 | 000,800,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2014-12-11 01:51:08 | 000,718,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2014-12-11 01:51:08 | 000,710,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll [2014-12-11 01:51:08 | 000,490,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll [2014-12-11 01:51:08 | 000,316,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll [2014-12-11 01:51:08 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll [2014-12-11 01:51:08 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2014-12-11 01:51:08 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2014-12-11 01:51:08 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll [2014-12-11 01:51:08 | 000,047,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll [2014-12-11 01:51:08 | 000,034,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2014-12-11 01:44:38 | 003,209,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll [2014-12-11 01:44:37 | 004,121,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll [2014-12-11 01:44:37 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll [2014-12-11 01:44:37 | 000,103,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll [2014-12-11 01:44:37 | 000,050,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe [2014-12-11 01:44:37 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe [2014-12-11 01:44:37 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll [2014-12-11 01:44:36 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe [2014-12-11 01:44:36 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe [2014-12-11 01:44:36 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll [2014-12-11 01:44:03 | 000,165,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\charmap.exe [2014-12-11 01:44:03 | 000,155,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\charmap.exe [2014-12-11 01:44:00 | 000,346,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll [2014-12-11 01:44:00 | 000,310,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll [2014-12-11 01:44:00 | 000,266,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe [2014-12-11 01:44:00 | 000,248,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll [2014-12-11 01:44:00 | 000,181,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll [2014-12-11 01:44:00 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll [2014-12-11 01:43:59 | 000,214,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll [2014-12-11 01:43:59 | 000,198,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe [2014-12-10 23:10:34 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2014-12-10 23:01:28 | 001,642,232 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014-12-09 19:57:19 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2014-12-09 19:57:19 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2014-12-09 01:20:32 | 000,020,184 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys [2014-12-09 01:20:21 | 000,040,736 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll [2014-12-09 01:20:20 | 000,437,792 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll [2014-12-09 01:20:20 | 000,352,272 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll [2014-12-09 01:20:16 | 000,354,520 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll [2014-12-09 01:20:14 | 000,045,784 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdkbd64.dll [2014-12-09 01:20:11 | 000,286,424 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll [2014-12-09 01:20:09 | 000,040,664 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdkbd32.dll [1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015-01-02 15:14:35 | 000,009,917 | ---- | C] () -- C:\Users\Martynka\Desktop\10884494_890540000978105_2071511453_n.jpg [2015-01-02 15:14:31 | 000,009,619 | ---- | C] () -- C:\Users\Martynka\Desktop\10893868_890540137644758_1800505159_n.jpg [2015-01-02 14:14:23 | 000,477,451 | ---- | C] () -- C:\Users\Martynka\Desktop\36.jpg [2014-12-30 14:13:54 | 001,815,050 | ---- | C] () -- C:\Users\Martynka\Desktop\kwiaty-drzewa-lisciaste-trawa-aka.jpeg [2014-12-30 13:29:52 | 000,063,314 | ---- | C] () -- C:\Users\Martynka\Desktop\10888708_602405783248014_1850515410153227542_n.jpg [2014-12-30 13:15:03 | 004,893,243 | ---- | C] () -- C:\Users\Martynka\Desktop\MODEL SZATNIaa.atl [2014-12-30 13:08:43 | 004,893,223 | ---- | C] () -- C:\Users\Martynka\Documents\MODEL SZATNIaa.atl [2014-12-30 10:40:47 | 000,101,758 | ---- | C] () -- C:\Users\Martynka\Desktop\961615_862837977094885_642383195_n.jpg [2014-12-27 22:49:15 | 000,489,583 | ---- | C] () -- C:\Users\Martynka\Desktop\aaaaaaaa.png [2014-12-27 22:46:59 | 000,086,945 | ---- | C] () -- C:\Users\Martynka\Desktop\11.png [2014-12-19 17:59:24 | 000,081,257 | ---- | C] () -- C:\Users\Martynka\Desktop\aaaa.png [2014-12-17 16:30:06 | 000,115,902 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat [2014-12-11 18:35:51 | 000,294,393 | ---- | C] () -- C:\Users\Martynka\Desktop\SZatnia.jpg [2014-12-10 23:10:34 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2014-10-08 10:44:20 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll [2014-10-08 10:44:20 | 000,000,207 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2014-10-08 10:43:49 | 000,001,745 | ---- | C] () -- C:\Windows\Cm106.ini.cfg [2014-10-08 10:43:49 | 000,000,275 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2014-09-12 17:37:46 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2014-09-07 15:42:01 | 000,000,132 | ---- | C] () -- C:\Users\Martynka\AppData\Roaming\Preferencje formatu PNG CS6 firmy Adobe [2014-08-27 15:13:44 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl [2014-08-27 15:05:11 | 000,755,188 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin [2014-08-27 15:05:10 | 000,561,508 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin [2014-07-11 00:30:54 | 001,642,232 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014-05-20 23:33:38 | 000,348,088 | ---- | C] () -- C:\Windows\SysWow64\igdmd32.dll [2014-05-20 23:33:32 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2014-05-20 23:33:32 | 000,142,848 | ---- | C] () -- C:\Windows\SysWow64\igdail32.dll [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2014-06-25 03:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2014-06-25 02:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2015-01-03 13:02:59 | 000,000,000 | ---D | M] -- C:\Users\Martynka\AppData\Roaming\Abvent_Artlantis5 [2014-12-10 23:07:09 | 000,000,000 | ---D | M] -- C:\Users\Martynka\AppData\Roaming\Autodesk [2014-11-11 14:11:50 | 000,000,000 | ---D | M] -- C:\Users\Martynka\AppData\Roaming\DAEMON Tools Lite [2014-12-04 09:50:49 | 000,000,000 | ---D | M] -- C:\Users\Martynka\AppData\Roaming\e-Kiosk Reader [2014-09-12 17:28:26 | 000,000,000 | ---D | M] -- C:\Users\Martynka\AppData\Roaming\Epson [2014-09-22 15:08:56 | 000,000,000 | ---D | M] -- C:\Users\Martynka\AppData\Roaming\Expert PDF Reader [2014-12-03 11:30:55 | 000,000,000 | ---D | M] -- C:\Users\Martynka\AppData\Roaming\Graphisoft [2014-11-26 21:42:43 | 000,000,000 | ---D | M] -- C:\Users\Martynka\AppData\Roaming\Install.GS [2014-12-03 11:33:07 | 000,000,000 | ---D | M] -- C:\Users\Martynka\AppData\Roaming\MAXON [2014-08-27 15:20:55 | 000,000,000 | ---D | M] -- C:\Users\Martynka\AppData\Roaming\OEMSoftwareEngine [2014-12-29 19:17:55 | 000,000,000 | ---D | M] -- C:\Users\Martynka\AppData\Roaming\SketchUp [2015-01-03 18:38:02 | 000,000,000 | ---D | M] -- C:\Users\Martynka\AppData\Roaming\TakeOwnershipEx [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 26 bytes -> C:\Users\Martynka\Desktop\kwiaty-drzewa-lisciaste-trawa-aka.jpeg:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Martynka\Desktop\961615_862837977094885_642383195_n.jpg:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Martynka\Desktop\36.jpg:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Martynka\Desktop\10893868_890540137644758_1800505159_n.jpg:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Martynka\Desktop\10888708_602405783248014_1850515410153227542_n.jpg:$CmdZnID @Alternate Data Stream - 26 bytes -> C:\Users\Martynka\Desktop\10884494_890540000978105_2071511453_n.jpg:$CmdZnID < End of report >

ETRAS:

Kod: Zaznacz wszystko: OTL Extras logfile created on: 2015-01-03 19:51:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Martynka\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17501) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 3,86 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 50,27% Memory free 9,66 Gb Paging File | 6,51 Gb Available in Paging File | 67,44% Paging File free Paging file location(s): c:\pagefile.sys 5935 5935 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 195,21 Gb Total Space | 116,15 Gb Free Space | 59,50% Space Free | Partition Type: NTFS Drive D: | 443,21 Gb Total Space | 437,55 Gb Free Space | 98,72% Space Free | Partition Type: exFAT Drive E: | 292,96 Gb Total Space | 248,22 Gb Free Space | 84,73% Space Free | Partition Type: exFAT Computer Name: COMPUTER | User Name: Martynka | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-4220852-1144830261-630356992-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717]========== Shell Spawning ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [runas] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Usun zawartosc folderu] -- cmd /c "cd /d %1 && del /s /q *.* (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [runas] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Usun zawartosc folderu] -- cmd /c "cd /d %1 && del /s /q *.* (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717]========== Security Center Settings ==========[/color] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 1 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{6A7211F9-0501-40DB-B9B7-84E09DC45799}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FBFFAE3-3B87-427F-9EEA-E05C9876DC41}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "{17A4BBCE-216F-4B96-8269-93A2D5405F96}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{30D65482-A60E-492D-A91B-FA97A24D3663}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{38FD88D6-9B36-4709-AAFF-915478F03A8E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{4FB470F4-9508-42C2-8472-69EE6719B4DC}" = dir=in | app=c:\users\martynka\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{951E5335-2F9C-479F-B01C-F90C7D993021}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe | "{A67AE318-E6BD-4FBA-8AC3-9566DCB37CEF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{B7F5EA95-6668-4BC3-BF19-9896231BE947}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe | "TCP Query User{2582FA5A-675F-40E8-ABF0-EC005946A25F}C:\program files\artlantis studio 5\artlantis license manager.exe" = protocol=6 | dir=in | app=c:\program files\artlantis studio 5\artlantis license manager.exe | "TCP Query User{3ADFCBF0-CD74-4458-9ECF-65654F7AF550}C:\program files\keyshot5\bin\keyshot5.exe" = protocol=6 | dir=in | app=c:\program files\keyshot5\bin\keyshot5.exe | "TCP Query User{438EFC43-D5ED-4EF3-BDDA-2ABB347011EA}C:\program files\graphisoft\archicad 17\gsquicktimeserver\gsqtserver.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 17\gsquicktimeserver\gsqtserver.exe | "TCP Query User{449CB9C7-C7C1-46E9-B9B2-86A27CE7FB55}C:\program files\keyshot5\bin\keyshot_daemon.exe" = protocol=6 | dir=in | app=c:\program files\keyshot5\bin\keyshot_daemon.exe | "TCP Query User{45C961E8-FDBC-47EE-823A-A46218E4D17F}C:\program files\artlantis studio 5\artlantis license manager.exe" = protocol=6 | dir=in | app=c:\program files\artlantis studio 5\artlantis license manager.exe | "TCP Query User{4FF73AE7-C392-4729-864B-31682EFFD3CF}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe | "TCP Query User{5ACD3A41-26DA-4078-8E7B-FCB0773DCACE}C:\program files\keyshot5\bin\keyshot_daemon.exe" = protocol=6 | dir=in | app=c:\program files\keyshot5\bin\keyshot_daemon.exe | "TCP Query User{5DA8DC7F-4741-4259-BED9-791D769AEDC1}C:\program files\graphisoft\archicad 17\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 17\archicad.exe | "TCP Query User{64EDF8E4-E4E8-414B-9968-634AFBB4B6D3}C:\program files\graphisoft\archicad 18\archicad.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 18\archicad.exe | "TCP Query User{680543F3-7BF3-45CF-BA80-6E1E3BE744E6}C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe" = protocol=6 | dir=in | app=c:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe | "TCP Query User{A19695D5-5ABE-4984-A601-731C2223F2F6}C:\program files\keyshot5\bin\keyshot5.exe" = protocol=6 | dir=in | app=c:\program files\keyshot5\bin\keyshot5.exe | "TCP Query User{CAD802CD-EF6C-460A-ADBF-CEA241276473}C:\program files\artlantis studio 5\artlantis studio.exe" = protocol=6 | dir=in | app=c:\program files\artlantis studio 5\artlantis studio.exe | "TCP Query User{DB64C245-7DBA-4593-82F6-0DA77DA1926D}C:\program files\graphisoft\archicad 18\licensefilegenerator.exe" = protocol=6 | dir=in | app=c:\program files\graphisoft\archicad 18\licensefilegenerator.exe | "TCP Query User{E36079A5-DA83-4A2B-9431-E0E5DB48D73C}C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe" = protocol=6 | dir=in | app=c:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe | "TCP Query User{EE8670D1-011A-42E9-B8C1-2D7DC24F9D56}C:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google sketchup 8\sketchup.exe | "UDP Query User{0420B98B-C09C-4CFD-967E-D38525935AC8}C:\program files\artlantis studio 5\artlantis license manager.exe" = protocol=17 | dir=in | app=c:\program files\artlantis studio 5\artlantis license manager.exe | "UDP Query User{080BD656-B9FA-403F-89E4-5D0EE8A822A4}C:\program files\graphisoft\archicad 17\gsquicktimeserver\gsqtserver.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 17\gsquicktimeserver\gsqtserver.exe | "UDP Query User{0A9BFE4E-1C39-4C8E-9990-14144A7212ED}C:\program files\keyshot5\bin\keyshot5.exe" = protocol=17 | dir=in | app=c:\program files\keyshot5\bin\keyshot5.exe | "UDP Query User{0D71267B-3F72-426B-8AEF-53BCE4A32783}C:\program files\artlantis studio 5\artlantis license manager.exe" = protocol=17 | dir=in | app=c:\program files\artlantis studio 5\artlantis license manager.exe | "UDP Query User{14C60CFF-7DAC-4527-BD95-04347012DCF8}C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe" = protocol=17 | dir=in | app=c:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe | "UDP Query User{1E0BA009-8D0E-4FDA-8C5E-6FD6CBC3CBCF}C:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 18\cinerender\cinerender 64bit.exe | "UDP Query User{3A98D7BB-A195-4D4D-A750-33FDBD41DDAA}C:\program files\keyshot5\bin\keyshot_daemon.exe" = protocol=17 | dir=in | app=c:\program files\keyshot5\bin\keyshot_daemon.exe | "UDP Query User{4B5741BA-DEDE-4C9A-B783-533ECCFABD41}C:\program files\keyshot5\bin\keyshot5.exe" = protocol=17 | dir=in | app=c:\program files\keyshot5\bin\keyshot5.exe | "UDP Query User{77297302-1604-4ABF-8BE9-EB5813DB7CBF}C:\program files\graphisoft\archicad 18\licensefilegenerator.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 18\licensefilegenerator.exe | "UDP Query User{7D20599F-1668-4DF3-9A9C-46CE3090CEA3}C:\program files\keyshot5\bin\keyshot_daemon.exe" = protocol=17 | dir=in | app=c:\program files\keyshot5\bin\keyshot_daemon.exe | "UDP Query User{93E8425E-DECC-493A-9F1E-12DDB97A109A}C:\program files\graphisoft\archicad 17\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 17\archicad.exe | "UDP Query User{C98AF1C0-AD4A-4E15-98DD-F8EF2DD79065}C:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe" = protocol=17 | dir=in | app=c:\programdata\asgvis\common\x64\vc10\distributed rendering\xmldrspawner.exe | "UDP Query User{E34E48E2-ABF0-436F-A0D6-8DFBD6E00A7A}C:\program files\artlantis studio 5\artlantis studio.exe" = protocol=17 | dir=in | app=c:\program files\artlantis studio 5\artlantis studio.exe | "UDP Query User{E7D65402-657B-4FE2-86CD-FB0E25B71658}C:\program files\graphisoft\archicad 18\archicad.exe" = protocol=17 | dir=in | app=c:\program files\graphisoft\archicad 18\archicad.exe | "UDP Query User{FA6C65C0-71F7-4181-AC16-7DD61656B6ED}C:\program files (x86)\google\google sketchup 8\sketchup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google sketchup 8\sketchup.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client "{181BBF43-CA17-4E1A-A78D-81E67A57B8A4}" = Oprogramowanie Intel® PROSet/Wireless WiFi "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26784146-6E05-3FF9-9335-786C7C0FB5BE}" = Microsoft .NET Framework 4.5.2 "{2736B6BD-31EC-4FC8-A48C-F0A5C914C0B6}" = COMODO Antivirus "{319CD380-1AAB-4CAD-BE1D-59189A780FA6}" = SketchUp 2015 "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5783F2D7-8001-0415-0102-0060B0CE6BBA}" = AutoCAD 2010 - Polski "{5783F2D7-8001-0415-1102-0060B0CE6BBA}" = Pakiet językowy programu AutoCAD 2010 - polski "{5783F2D7-A001-0415-0102-0060B0CE6BBA}" = AutoCAD 2012 - Polski "{5783F2D7-A001-0415-1102-0060B0CE6BBA}" = AutoCAD 2012 Language Pack - Polski "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{69ADE77E-8D0F-4FD9-8F4A-37BA2CCC011E}" = CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E5DA9A6-7A9F-3A6F-BC5C-D6CBCA6A29C7}" = Microsoft .NET Framework 4 Extended PLK Language Pack "{90150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013 "{90150000-0015-0415-1000-0000000FF1CE}" = Microsoft Access MUI (Polish) 2013 "{90150000-0016-0415-1000-0000000FF1CE}" = Microsoft Excel MUI (Polish) 2013 "{90150000-0018-0415-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (Polish) 2013 "{90150000-0019-0415-1000-0000000FF1CE}" = Microsoft Publisher MUI (Polish) 2013 "{90150000-001A-0415-1000-0000000FF1CE}" = Microsoft Outlook MUI (Polish) 2013 "{90150000-001B-0415-1000-0000000FF1CE}" = Microsoft Word MUI (Polish) 2013 "{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch "{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English "{90150000-001F-0415-1000-0000000FF1CE}" = Narzędzia sprawdzające pakietu Microsoft Office 2013 — polski "{90150000-002C-0415-1000-0000000FF1CE}" = Microsoft Office Proofing (Polish) 2013 "{90150000-0044-0415-1000-0000000FF1CE}" = Microsoft InfoPath MUI (Polish) 2013 "{90150000-006E-0415-1000-0000000FF1CE}" = Microsoft Office Shared MUI (Polish) 2013 "{90150000-0090-0415-1000-0000000FF1CE}" = Microsoft DCF MUI (Polish) 2013 "{90150000-00A1-0415-1000-0000000FF1CE}" = Microsoft OneNote MUI (Polish) 2013 "{90150000-00BA-0415-1000-0000000FF1CE}" = Microsoft Groove MUI (Polish) 2013 "{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013 "{90150000-00C1-0415-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (Polish) 2013 "{90150000-00E1-0415-1000-0000000FF1CE}" = Microsoft Office OSM MUI (Polish) 2013 "{90150000-00E2-0415-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (Polish) 2013 "{90150000-012B-0415-1000-0000000FF1CE}" = Microsoft Lync MUI (Polish) 2013 "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.2 "{A10B1524-63B5-40F2-B272-D841CF671C16}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology "{A49402DD-2781-3782-B0CF-52BDA349E3F3}" = Microsoft .NET Framework 4 Client Profile PLK Language Pack "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B26449A6-6007-4460-B4FE-C4776115BCEA}" = Epson Customer Research cenzura! "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel sterowania NVIDIA 311.27 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Sterownik graficzny 311.27 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Oprogramowanie systemu PhysX 9.12.1031 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Aktualizacje NVIDIA 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{BEE86606-EFB5-4353-9F34-29E0C59CDCFA}" = Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed "{E552C39C-C70E-464F-9733-8311331BDD90}" = Dodatek Autodesk Inventor Fusion Language Pack dla programu AutoCAD 2012 "{EAB3AC1A-68FF-486B-9C6B-E48EBB4B05CC}" = Dodatek Autodesk Inventor Fusion dla programu AutoCAD 2012 "{FFF5619F-6669-4EC5-A85E-9994F70A9E5D}" = Autodesk Inventor Fusion 2012 "{FFF7F80F-929E-497F-A112-B070DE816128}" = Autodesk Inventor Fusion 2012 Language Pack "001FFF2FFF18FF00FF1801F01F02F000-R1" = ArchiCAD 18 POL "99841829BE839365AA67B2AD0E50D371F59F8A1E" = Pakiet sterowników systemu Windows - Lenovo (ACPIVPC) System (12/15/2011 7.1.0.1) "Artlantis Studio 5 (64 bit)" = Artlantis Studio 5.1.2.4 (64 bit) "AutoCAD 2010 - Polski" = AutoCAD 2010 - Polski "AutoCAD 2012 - Polski" = AutoCAD 2012 - Polski "Autodesk Inventor Fusion 2012" = Autodesk Inventor Fusion 2012 "CCleaner_is1" = CCleaner wersja 4.17.4808 "CPL Pack" = Kels' Win7 CPL PacK! "Dodatek Autodesk Inventor Fusion dla programu AutoCAD 2012" = Autodesk Inventor Fusion plug-in for AutoCAD 2012 "EPSON XP-412 413 415 Series" = EPSON XP-412 413 415 Series Printer Uninstall "HashCheck Shell Extension" = HashCheck Shell Extension (x86-64) "Microsoft .NET Framework 4 Client Profile PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended PLK Language Pack" = Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended "Office15.PROPLUS" = Microsoft Office Professional Plus 2013 "ProInst" = Intel PROSet Wireless "SynTPDeinstKey" = Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{65094424-9351-40B8-939B-3676D67E48E0}" = Corel Graphics - Windows Shell Extension "_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5 "{045D5A51-F07E-4350-8642-B85772A2876B}" = SketchUp Pro 8 "{05D18A0F-ED9D-4FBD-9BF5-AF632EB09CB3}" = CGS15_IPM_T2 "{086F9A69-CD39-4893-A9FB-D3A0634CE3F7}" = Usługa Autodesk Content Service "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0F13C24A-FFE2-4CD0-8E0B-DC804E0A0E0B}" = Epson Event Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2091F234-EB58-4B80-8C96-8EB78C808CF7}" = Facebook Video Calling 3.1.0.521 "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}" = Skype™ 6.21 "{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data "{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA "{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21 "{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime "{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B26A967-BB09-4AE0-B258-CC0EE376A760}" = SketchUp Pro 8 PL "{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect "{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA "{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist "{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw "{65094424-9351-40B8-939B-3676D67E48E0}" = Corel Graphics - Windows Shell Extension "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{65420DC9-306E-4371-905F-F4DC3B418E52}" = Autodesk Material Library Base Resolution Image Library 2012 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71B53BA8-4BE3-49AF-BC3E-07F392006206}" = USB Multi-Channel Audio Device "{71E90740-5E5F-4D43-AB8F-CAC1D93DBB5B}" = Epson Easy Photo Print 2 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{84CECC1B-21EF-41B1-9A91-3E724E5D99D3}" = Podręczniki firmy EPSON "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX "{8F0837C2-EE09-4903-88F3-1976FE7FFF4E}" = Autodesk Material Library 2012 "{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{938C2383-A692-4D2C-AE45-024F91EF7B1D}" = CorelDRAW Graphics Suite X5 - PL "{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58 "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT "{A608A8D3-E77C-4BEE-8F2A-F8124F5F0FE2}" = SketchUp 2014 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4 "{B307472F-7BD9-4040-9255-CE6D6A1196A3}" = Software Updater "{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5 "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C2B5A2E5-51F8-4883-AF40-6A17902DAFEA}" = Free eXPert PDF Reader "{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common "{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files "{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English "{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin "{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera "{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime "{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser "Abvent_Skp8toATL5" = Artlantis 5 Exporter for SketchUp 8 "Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin "CWK" = CWK (Czasowy Wyłącznik Komputera) "DAEMON Tools Lite" = DAEMON Tools Lite "e-Kiosk Reader" = e-Kiosk Reader 1.0.61 "EPSON Scanner" = EPSON Scan "Free Registry Defrag_is1" = Free Registry Defrag "Google Chrome" = Google Chrome "HashCheck Shell Extension" = HashCheck Shell Extension (x86-32) "InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management "KeyShot 5_64" = KeyShot 5 64 bit "Picasa 3" = Picasa 3 "SketchUp Pro 8 PL" = Polski pakiet językowy dla programu SketchUp Pro 8 "TakeOwnershipEx" = TakeOwnershipEx "V-Ray for SketchUp 1.48.89" = V-Ray for SketchUp [color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] [HKEY_USERS\S-1-5-21-4220852-1144830261-630356992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google+ Auto Backup" = Google+ Auto Backup [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 2014-12-21 09:34:58 | Computer Name = Computer | Source = WinMgmt | ID = 10 Description = Error - 2014-12-21 09:44:50 | Computer Name = Computer | Source = Office 2013 Licensing Service | ID = 0 Description = Error - 2014-12-21 16:41:38 | Computer Name = Computer | Source = WinMgmt | ID = 10 Description = Error - 2014-12-22 16:32:20 | Computer Name = Computer | Source = WinMgmt | ID = 10 Description = Error - 2014-12-22 17:27:51 | Computer Name = Computer | Source = Office 2013 Licensing Service | ID = 0 Description = Error - 2014-12-23 16:38:17 | Computer Name = Computer | Source = WinMgmt | ID = 10 Description = Error - 2014-12-23 16:48:13 | Computer Name = Computer | Source = Office 2013 Licensing Service | ID = 0 Description = Error - 2014-12-26 16:05:55 | Computer Name = Computer | Source = WinMgmt | ID = 10 Description = Error - 2014-12-26 16:15:53 | Computer Name = Computer | Source = Office 2013 Licensing Service | ID = 0 Description = Error - 2014-12-27 09:46:55 | Computer Name = Computer | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 2014-12-27 11:53:32 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2014-12-27 11:53:32 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2014-12-27 12:36:45 | Computer Name = Computer | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2014-12-27 12:36:45 | Computer Name = Computer | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2014-12-27 12:36:51 | Computer Name = Computer | Source = volmgr | ID = 262190 Description = Inicjowanie zrzutu awaryjnego nie powiodło się! Error - 2014-12-27 12:37:46 | Computer Name = Computer | Source = Service Control Manager | ID = 7023 Description = Usługa Intel(R) PROSet/Wireless Zero Configuration Service zakończyła działanie; wystąpił następujący błąd: %%-2147196306 Error - 2014-12-27 12:37:50 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2014-12-27 12:37:50 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2014-12-27 12:37:58 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 Error - 2014-12-27 12:37:58 | Computer Name = Computer | Source = Service Control Manager | ID = 7001 Description = Usługa Przeglądarka komputera zależy od usługi Serwer, której nie można uruchomić z powodu następującego błędu: %%1058 < End of report >

Proszę o pomoc. Serdecznie pozdrawiam

**Posty:** 4765 · przez **ordynat** 04 Sty 2015, 16:02

W logach nie ma niczego podejrzanego.

Kosmetyka:
Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
O4 - HKU\.DEFAULT..\Run: [tiny.cmd] C:\Windows\System32\tiny\tiny.cmd File not found
O4 - HKU\S-1-5-18..\Run: [tiny.cmd] C:\Windows\System32\tiny\tiny.cmd File not found
O4 - HKU\S-1-5-21-4220852-1144830261-630356992-1000..\Run: [AdobeBridge] File not found

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt.

Może w sprawie problemu napisz temat w dziale system-windows-vf10.html

.

**Posty:** 81 · przez **PLUser** 04 Sty 2015, 16:07

Podobnie infekcja wirusa Sality jest w stanie włączonym. Spróbuj jakimś sposobem pobrać Emsisoft Emergency Kit i wykonaj nim najpierw inteligentne skanowanie a potem pełne. Wszystkie wirusy które znajdzie po skanowaniu usuwasz lub przenosisz wirusy do kwarantanny. Jak dalej będzie aktywna infekcja wirusa Sality. Zostaną 4 opcje. 1 to: Formatowanie systemu. 2 to: Płyta ratunkowa. 3 to: Spróbuj cofnąć system do momentu kiedy było wszystko normalnie. A 4 to: Pokombinuj troche. Spróbuj zainstalować dobry program antywirusowy np: Emsisoft Internet Security lub spróbuj zainstalować program Yet Another Cleaner. Yet Another Cleaner został sprawdzony przeze mnie. I nie czyni nic złego w systemie. Usuwa wirusy i ma skaner na żądanie. Ma wersje Free oraz Premium i ma podobne działania do programu Malwarebytes Anti-Malware. YAC powinien dać z tym rade. Jeżeli nie da rady. Odinstaluj go i zainstaluj Emsisoft Internet Security i nim postaraj sie pokonać infekcje wirusa. Może być też 1 problem. Złe odczytywanie dysku w płycie głównej lub w BIOSIE coś jest nie tak.

**Posty:** 4765 · przez **ordynat** 04 Sty 2015, 16:29

@PLuser

skąd pomysł, że jest SALITY?
W logach nie ma najmniejszego śladu tego wirusa!

spróbuj zainstalować program Yet Another Cleaner

Ten program na razie nie jest godny zaufania, wszyscy pomagający zalecają jego usunięcie z komputera!

**Posty:** 81 · przez **PLUser** 04 Sty 2015, 19:24

Ten błąd na obrazku to chyba oznacza że dostęp do tego folderu jest zablokowany lub niedostępny lub nie ma uprawnień od Administratora. Trzeba sprawdzić czy coś w systemie nie pozmieniało. Albo to wina płyty głównej albo coś musiało sie rozwalić. Albo po prostu nie odczytuje ścieżki folderów. Chyba trzeba będzie wykonać cofnięcie systemu do momentu kiedy było wszystko dobrze. @ordynat Może powiesz mi coś o Baidu Antivirus? Bo nie wiem czy warto go sprawdzać bo większość bierze go za szpiega który wyłudza dane. Czy to prawda ordynacie?

**Posty:** 4765 · przez **ordynat** 05 Sty 2015, 00:30

bo większość bierze go za szpiega który wyłudza dane.

Chińczycy wykradający Twoje dane? Bez przesady.
Nie próbowałem go, ale wg mnie, nie należy skreślać go tylko dlatego, że jest chiński.
.