Wolno chodzi laptop oraz dziwne strony główne w przeglądarce

**Posty:** 1385 · przez **cinek_1111** 12 Lip 2015, 22:01

Witam,
proszę o sprawdzenie logów. Komputer od jakiegoś czasu wolno chodzi oraz pojawiły się dziwne strony główne w przeglądarce.

Kod: Zaznacz wszystko: GMER 2.1.19357 - http://www.gmer.net Rootkit scan 2015-07-12 21:44:55 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST964042 rev.0001 596,17GB Running: 9gvjzw5w.exe; Driver: C:\Users\Monika\AppData\Local\Temp\awrdrpog.sys ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b31401 2 bytes JMP 76d2b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b31419 2 bytes JMP 76d2b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b31431 2 bytes JMP 76da8f29 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b3144a 2 bytes CALL 76d0489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b314dd 2 bytes JMP 76da8822 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b314f5 2 bytes JMP 76da89f8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b3150d 2 bytes JMP 76da8718 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b31525 2 bytes JMP 76da8ae2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b3153d 2 bytes JMP 76d1fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b31555 2 bytes JMP 76d268ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b3156d 2 bytes JMP 76da8fe3 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b31585 2 bytes JMP 76da8b42 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b3159d 2 bytes JMP 76da86dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b315b5 2 bytes JMP 76d1fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b315cd 2 bytes JMP 76d2b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b316b2 2 bytes JMP 76da8ea4 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe[1496] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b316bd 2 bytes JMP 76da8671 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076b31401 2 bytes JMP 76d2b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076b31419 2 bytes JMP 76d2b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076b31431 2 bytes JMP 76da8f29 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000076b3144a 2 bytes CALL 76d0489d C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000076b314dd 2 bytes JMP 76da8822 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000076b314f5 2 bytes JMP 76da89f8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000076b3150d 2 bytes JMP 76da8718 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076b31525 2 bytes JMP 76da8ae2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000076b3153d 2 bytes JMP 76d1fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076b31555 2 bytes JMP 76d268ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000076b3156d 2 bytes JMP 76da8fe3 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076b31585 2 bytes JMP 76da8b42 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000076b3159d 2 bytes JMP 76da86dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000076b315b5 2 bytes JMP 76d1fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000076b315cd 2 bytes JMP 76d2b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000076b316b2 2 bytes JMP 76da8ea4 C:\Windows\syswow64\kernel32.dll .text C:\Windows\AsScrPro.exe[2288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000076b316bd 2 bytes JMP 76da8671 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007793faa4 5 bytes JMP 000000016e562e30 .text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe[2416] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077940034 5 bytes JMP 000000016e562df0 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777413ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077741544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000777418ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077741ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077741bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077741d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077741e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077741f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077742248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777426f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077742712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007774276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000777427d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077742b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077742be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000777430bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077743248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000777437c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000777438b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077743a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077743fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077744061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000777440d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077744216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077744254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000777444c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000777446ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077744773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077744867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077744986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077744ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077744b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077744d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077744f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077745007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000777451f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077746006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000777461be 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000777463ac 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000777463ed 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077746404 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007774645c 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077746c26 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007778dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007778de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007778de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007778df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007778e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007778e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007778e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007778f100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\firefox.exe[4432] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777413ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077741544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000777418ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077741ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077741bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077741d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077741e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077741f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077742248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777426f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077742712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007774276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000777427d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077742b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077742be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000777430bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077743248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000777437c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000777438b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077743a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077743fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077744061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000777440d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077744216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077744254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000777444c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000777446ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077744773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077744867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077744986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077744ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077744b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077744d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077744f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077745007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000777451f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077746006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000777461be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000777463ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000777463ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077746404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007774645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077746c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007778dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007778de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007778de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007778df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007778e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007778e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007778e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007778f100 8 bytes {JMP QWORD [RIP-0x484e0]} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Browny02\BrYNSvc.exe[4764] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777413ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077741544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000777418ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077741ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077741bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077741d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077741e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077741f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077742248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777426f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077742712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007774276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000777427d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077742b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077742be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000777430bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077743248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000777437c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000777438b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077743a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077743fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077744061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000777440d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077744216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077744254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000777444c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000777446ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077744773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077744867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077744986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077744ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077744b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077744d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077744f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077745007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000777451f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077746006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000777461be 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000777463ac 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000777463ed 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077746404 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007774645c 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077746c26 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007778dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007778de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007778de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007778df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007778e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007778e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007778e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007778f100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[2492] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777413ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077741544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000777418ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077741ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077741bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077741d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077741e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077741f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077742248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777426f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077742712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007774276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000777427d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077742b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077742be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000777430bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077743248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000777437c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000777438b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077743a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077743fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077744061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000777440d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077744216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077744254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000777444c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000777446ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077744773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077744867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077744986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077744ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077744b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077744d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077744f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077745007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000777451f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077746006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000777461be 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000777463ac 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000777463ed 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077746404 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007774645c 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077746c26 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007778dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007778de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007778de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007778df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007778e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007778e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007778e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007778f100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[3184] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777413ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077741544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000777418ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077741ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077741bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077741d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077741e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077741f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077742248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777426f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077742712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007774276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000777427d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077742b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077742be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000777430bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077743248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000777437c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000777438b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077743a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077743fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077744061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000777440d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077744216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077744254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000777444c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000777446ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077744773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077744867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077744986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077744ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077744b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077744d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077744f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077745007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000777451f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077746006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000777461be 8 bytes [70, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000777463ac 8 bytes [60, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000777463ed 8 bytes [50, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077746404 8 bytes [40, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007774645c 8 bytes [30, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077746c26 8 bytes [20, 6C, F8, FF, 00, 00, 00, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007778dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007778de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007778de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007778df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007778e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007778e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007778e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007778f100 8 bytes JMP 3f3f3f3f .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe[6136] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777413ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077741544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000777418ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077741ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077741bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077741d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077741e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077741f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077742248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777426f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077742712 8 bytes {JMP 0x10} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007774276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000777427d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077742b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077742be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000777430bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077743248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000777437c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000777438b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077743a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077743fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077744061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000777440d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077744216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077744254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000777444c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000777446ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077744773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077744867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077744986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077744ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077744b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077744d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077744f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077745007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000777451f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077746006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000777461be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000777463ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000777463ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077746404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007774645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077746c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007778dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007778de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007778de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007778df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007778e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007778e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007778e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007778f100 8 bytes {JMP QWORD [RIP-0x484e0]} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[5240] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000777413ef 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 500 0000000077741544 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000777418ce 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 644 0000000077741ad4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 212 0000000077741bb4 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 0000000077741d35 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 0000000077741e9f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 89 0000000077741f85 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 680 0000000077742248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000777426f0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 0000000077742712 8 bytes {JMP 0x10} .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 000000007774276f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 184 00000000777427d8 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 0000000077742b9b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 375 0000000077742be7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000777430bb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 920 0000000077743248 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 33 00000000777437c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 274 00000000777438b2 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 0000000077743a15 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 0000000077743fb0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 161 0000000077744061 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetNameFromLangInfoNode + 277 00000000777440d5 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 3 .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 214 0000000077744216 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlpIsQualifiedLanguage + 276 0000000077744254 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlpNtOpenKey + 609 00000000777444c1 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 284 00000000777446ac 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberOfSetBitsUlongPtr + 483 0000000077744773 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 231 0000000077744867 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForWait + 518 0000000077744986 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text ... * 2 .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlDeactivateActivationContext + 256 0000000077744ab0 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContext + 67 0000000077744b03 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlActivateActivationContextEx + 501 0000000077744d05 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateUserThread + 256 0000000077744f00 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringExW + 247 0000000077745007 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlIpv6AddressToStringW + 483 00000000777451f3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseAlpcCompletion + 438 0000000077746006 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!atol + 194 00000000777461be 8 bytes [70, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!qsort + 76 00000000777463ac 8 bytes [60, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlLookupElementGenericTableFullAvl + 45 00000000777463ed 8 bytes [50, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 4 0000000077746404 8 bytes [40, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlNumberGenericTableElementsAvl + 92 000000007774645c 8 bytes [30, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!RtlSubtreePredecessor + 790 0000000077746c26 8 bytes [20, 6C, F8, 7E, 00, 00, 00, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 000000007778dca0 8 bytes {JMP QWORD [RIP-0x478a2]} .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 000000007778de20 8 bytes {JMP QWORD [RIP-0x479ca]} .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 000000007778de50 8 bytes {JMP QWORD [RIP-0x47c98]} .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 000000007778df70 8 bytes {JMP QWORD [RIP-0x47b89]} .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 000000007778e020 8 bytes {JMP QWORD [RIP-0x47c7a]} .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 000000007778e650 8 bytes {JMP QWORD [RIP-0x46b93]} .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 000000007778e8a0 8 bytes {JMP QWORD [RIP-0x472a2]} .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 000000007778f100 8 bytes {JMP QWORD [RIP-0x484e0]} .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000073e713cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000073e7146b 8 bytes {JMP 0xffffffffffffffb0} .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000073e716d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000073e719db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000073e719fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] .text C:\Users\Monika\Desktop\9gvjzw5w.exe[1540] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000073e71a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...] ---- Kernel IAT/EAT - GMER 2.1 ---- IAT C:\Windows\System32\win32k.sys[ntoskrnl.exe!KeUserModeCallback] [fffff880048cbef8] \SystemRoot\system32\DRIVERS\klif.sys [PAGE] ---- Processes - GMER 2.1 ---- Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [1496] (Windows SysTool Svr/SysTool PasSame LIMITED)(2015-06-01 16:58:50) 0000000000290000 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f6841e1fe Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f6841e1fe@c8df7c01ed76 0x53 0x07 0x22 0x5E ... Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f6841e1fe (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f6841e1fe@c8df7c01ed76 0x53 0x07 0x22 0x5E ... ---- EOF - GMER 2.1 ----

Kod: Zaznacz wszystko: OTL logfile created on: 2015-07-12 21:46:58 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Monika\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.11.9600.17843) Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd 5,91 Gb Total Physical Memory | 2,95 Gb Available Physical Memory | 49,80% Memory free 11,83 Gb Paging File | 8,87 Gb Available in Paging File | 75,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 250,05 Gb Total Space | 124,42 Gb Free Space | 49,76% Space Free | Partition Type: NTFS Drive D: | 321,12 Gb Total Space | 217,33 Gb Free Space | 67,68% Space Free | Partition Type: NTFS Computer Name: MONIKA-KOMPUTER | User Name: Monika | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2015-07-12 21:46:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monika\Desktop\OTL_[www.programosy.pl].exe PRC - [2015-07-09 18:55:52 | 000,377,000 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2015-05-29 10:00:26 | 000,346,624 | ---- | M] (SysTool PasSame LIMITED) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe PRC - [2014-12-19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2014-08-30 18:48:46 | 000,234,520 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe PRC - [2014-08-30 18:47:54 | 000,193,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe PRC - [2012-02-16 23:24:06 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011-08-31 15:33:32 | 001,545,856 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe PRC - [2011-03-13 11:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe PRC - [2011-02-22 12:38:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2011-01-25 12:32:28 | 000,166,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010-11-15 11:42:12 | 000,305,792 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe PRC - [2010-10-07 15:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010-09-23 17:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010-08-17 15:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010-07-09 23:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe PRC - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe PRC - [2009-12-15 11:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009-06-19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009-06-19 11:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009-06-15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008-12-22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008-08-13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2015-05-13 08:09:46 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\b3eb55fa5864a2fc7accbbbbe7fa7246\PresentationFramework.Aero.ni.dll MOD - [2015-05-13 08:09:19 | 014,340,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ea543310204d0addfaf9792d820e958d\PresentationFramework.ni.dll MOD - [2015-05-13 08:09:01 | 012,438,016 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6949c4470a81970ec3de0a575d93babc\System.Windows.Forms.ni.dll MOD - [2015-05-13 08:08:54 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5a401fd2a7689ff13fb54182953f9c40\System.Drawing.ni.dll MOD - [2015-05-13 08:08:51 | 012,254,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef204c8310562595a0518e356fb15387\PresentationCore.ni.dll MOD - [2015-05-13 08:08:38 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1c3513960037508558358652f2d202a1\WindowsBase.ni.dll MOD - [2015-05-13 08:08:31 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\007fc007edc388d9806dff94ee04f129\System.Configuration.ni.dll MOD - [2015-01-31 09:24:34 | 000,587,048 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll MOD - [2015-01-31 09:24:33 | 000,332,584 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll MOD - [2015-01-31 09:24:32 | 000,459,048 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll MOD - [2014-10-15 20:34:42 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll MOD - [2014-10-15 20:34:37 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll MOD - [2014-09-13 07:11:07 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll MOD - [2011-08-31 15:33:32 | 000,208,384 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll MOD - [2010-11-13 04:37:37 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_pl_b77a5c561934e089\mscorlib.resources.dll MOD - [2010-11-05 03:54:55 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_pl_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010-09-23 17:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2009-02-27 17:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll [color=#E56717]========== Services (SafeList) ==========[/color] SRV:[b]64bit:[/b] - [2015-06-09 12:22:46 | 000,041,760 | ---- | M] (Microsoft) [Auto | Stopped] -- C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe -- (NovaPdfServer) SRV:[b]64bit:[/b] - [2015-05-22 20:47:34 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) SRV:[b]64bit:[/b] - [2013-05-27 07:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:[b]64bit:[/b] - [2011-03-03 17:57:58 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:[b]64bit:[/b] - [2010-04-16 17:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV - [2015-07-09 20:15:17 | 000,268,464 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2015-07-09 18:55:52 | 000,148,136 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2015-05-29 10:00:26 | 000,346,624 | ---- | M] (SysTool PasSame LIMITED) [Auto | Running] -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -- (WindowsMangerProtect) SRV - [2014-12-19 08:48:18 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2014-08-30 18:48:46 | 000,234,520 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe -- (AVP15.0.1) SRV - [2014-03-21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2011-03-13 11:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011-03-13 11:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011-02-22 12:38:52 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010-03-18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010-01-25 09:22:56 | 000,245,760 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Running] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc) SRV - [2009-12-15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009-06-15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2007-05-31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007-05-31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:[b]64bit:[/b] - [2015-03-11 22:20:13 | 000,819,896 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:[b]64bit:[/b] - [2015-01-31 09:24:44 | 000,077,512 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwtp.sys -- (Klwtp) DRV:[b]64bit:[/b] - [2015-01-31 09:24:39 | 000,150,536 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt) DRV:[b]64bit:[/b] - [2014-08-12 19:33:02 | 000,246,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk) DRV:[b]64bit:[/b] - [2014-07-09 17:23:54 | 000,179,776 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:[b]64bit:[/b] - [2014-07-02 17:10:38 | 000,046,144 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kldisk.sys -- (kldisk) DRV:[b]64bit:[/b] - [2014-06-05 20:02:08 | 000,055,872 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:[b]64bit:[/b] - [2014-03-31 12:47:10 | 000,468,576 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:[b]64bit:[/b] - [2014-03-28 18:51:04 | 000,028,768 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:[b]64bit:[/b] - [2014-02-25 14:09:02 | 000,030,304 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:[b]64bit:[/b] - [2013-08-08 18:11:00 | 000,029,280 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:[b]64bit:[/b] - [2013-04-12 16:34:48 | 000,015,456 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd) DRV:[b]64bit:[/b] - [2013-01-14 22:10:52 | 000,238,288 | ---- | M] (Kaspersky Lab UK Ltd) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cm_km_w.sys -- (cm_km_w) DRV:[b]64bit:[/b] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b]64bit:[/b] - [2011-03-13 11:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:[b]64bit:[/b] - [2011-03-13 11:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:[b]64bit:[/b] - [2011-03-13 11:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:[b]64bit:[/b] - [2011-03-13 11:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:[b]64bit:[/b] - [2011-03-13 11:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:[b]64bit:[/b] - [2011-03-13 11:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:[b]64bit:[/b] - [2011-03-13 11:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:[b]64bit:[/b] - [2011-02-21 10:07:54 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:[b]64bit:[/b] - [2011-01-27 02:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:[b]64bit:[/b] - [2011-01-13 13:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b]64bit:[/b] - [2010-12-13 23:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:[b]64bit:[/b] - [2010-11-20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b]64bit:[/b] - [2010-11-20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b]64bit:[/b] - [2010-11-20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b]64bit:[/b] - [2010-11-20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b]64bit:[/b] - [2010-10-14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:[b]64bit:[/b] - [2010-09-22 03:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:[b]64bit:[/b] - [2010-09-13 12:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:[b]64bit:[/b] - [2010-08-03 20:43:14 | 000,290,920 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:[b]64bit:[/b] - [2010-07-08 03:03:48 | 002,228,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:[b]64bit:[/b] - [2010-04-16 17:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:[b]64bit:[/b] - [2009-10-22 16:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\opcomusb.sys -- (FTDIBUS) DRV:[b]64bit:[/b] - [2009-07-20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:[b]64bit:[/b] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b]64bit:[/b] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b]64bit:[/b] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b]64bit:[/b] - [2009-07-14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:[b]64bit:[/b] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b]64bit:[/b] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b]64bit:[/b] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:[b]64bit:[/b] - [2008-09-26 19:02:36 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:[b]64bit:[/b] - [2008-05-23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010-07-26 14:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009-07-02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1433177942&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm06013&uid=3219913727_132775_98D6546D IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1432625443&z=81edfca302a580e26dea601g4zbc0o1q6ocw4z0zco&from=cor&uid=ST9640423AS_5WS1JTV5XXXX5WS1JTV5&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1432625443&z=81edfca302a580e26dea601g4zbc0o1q6ocw4z0zco&from=cor&uid=ST9640423AS_5WS1JTV5XXXX5WS1JTV5&q={searchTerms} IE:[b]64bit:[/b] - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1433177942&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm06013&uid=3219913727_132775_98D6546D IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1433177942&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm06013&uid=3219913727_132775_98D6546D IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1432625443&z=81edfca302a580e26dea601g4zbc0o1q6ocw4z0zco&from=cor&uid=ST9640423AS_5WS1JTV5XXXX5WS1JTV5&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1432625443&z=81edfca302a580e26dea601g4zbc0o1q6ocw4z0zco&from=cor&uid=ST9640423AS_5WS1JTV5XXXX5WS1JTV5&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1433177942&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm06013&uid=3219913727_132775_98D6546D IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1653579745-25035085-109708339-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.delta-homes.com/?type=hp&ts=1433177942&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm06013&uid=3219913727_132775_98D6546D IE - HKU\S-1-5-21-1653579745-25035085-109708339-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1432625443&z=81edfca302a580e26dea601g4zbc0o1q6ocw4z0zco&from=cor&uid=ST9640423AS_5WS1JTV5XXXX5WS1JTV5&q={searchTerms} IE - HKU\S-1-5-21-1653579745-25035085-109708339-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1432625443&z=81edfca302a580e26dea601g4zbc0o1q6ocw4z0zco&from=cor&uid=ST9640423AS_5WS1JTV5XXXX5WS1JTV5&q={searchTerms} IE - HKU\S-1-5-21-1653579745-25035085-109708339-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.delta-homes.com/?type=hp&ts=1433177942&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm06013&uid=3219913727_132775_98D6546D IE - HKU\S-1-5-21-1653579745-25035085-109708339-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-1653579745-25035085-109708339-1000\..\SearchScopes\{02BE384A-7CAA-411F-9E80-519E9D787323}: "URL" = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9640423AS_5WS1JTV5XXXX5WS1JTV5&ts=1422187404&type=default&q={searchTerms} IE - HKU\S-1-5-21-1653579745-25035085-109708339-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9640423AS_5WS1JTV5XXXX5WS1JTV5&ts=1422187404&type=default&q={searchTerms} IE - HKU\S-1-5-21-1653579745-25035085-109708339-1000\..\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}: "URL" = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9640423AS_5WS1JTV5XXXX5WS1JTV5&ts=1422187404&type=default&q={searchTerms} IE - HKU\S-1-5-21-1653579745-25035085-109708339-1000\..\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}: "URL" = http://isearch.omiga-plus.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST9640423AS_5WS1JTV5XXXX5WS1JTV5&ts=1422187404&type=default&q={searchTerms} IE - HKU\S-1-5-21-1653579745-25035085-109708339-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js..browser.search.countryCode: "PL" FF - prefs.js..browser.search.defaultenginename: "delta-homes" FF - prefs.js..browser.search.hiddenOneOffs: "Allegro,DuckDuckGo,Encyklopedia PWN,Merlin,Wikipedia (pl),Wolne Lektury,WP" FF - prefs.js..browser.search.isUS: false FF - prefs.js..browser.search.region: "PL" FF - prefs.js..browser.search.searchengine.alias: "delta-homes" FF - prefs.js..browser.search.searchengine.desc: "this is my first firefox searchEngine" FF - prefs.js..browser.search.searchengine.iconURL: "http://search.delta-homes.com/favicon.ico" FF - prefs.js..browser.search.searchengine.name: "delta-homes" FF - prefs.js..browser.search.searchengine.ptid: "wpm06013" FF - prefs.js..browser.search.searchengine.uid: "3219913727_132775_98D6546D" FF - prefs.js..browser.search.searchengine.url: "http://search.delta-homes.com/web/?type=ds&ts=1433177942&z=21e223b3f0c97db3c281da1g7zccaefozzjcktmlma&from=wpm06013&uid=3219913727_132775_98D6546D&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "delta-homes" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.pl/" FF - prefs.js..extensions.enabledAddons: online_banking_69A4E213815F42BD863D889007201D82%40kaspersky.com:4.5.3.8 FF - prefs.js..extensions.enabledAddons: content_blocker_6418E0D362104DADA084DC312DFA8ABC%40kaspersky.com:4.5.3.8 FF - prefs.js..extensions.enabledAddons: virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB%40kaspersky.com:4.5.3.8 FF - prefs.js..extensions.enabledAddons: defsearchp%40gmail.com:1.0.0.1038 FF - prefs.js..extensions.enabledAddons: default_newtabff%40gmail.com:5.4.18 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:39.0 FF - user.js - File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_191.dll File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_191.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.31.2: C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-31 09:42:49 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-31 09:42:49 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-31 09:42:49 | 000,000,000 | ---D | M] FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fftoolbar2014@etech.com: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\7uh1r875.default\extensions\fftoolbar2014@etech.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-31 09:42:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-31 09:42:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-31 09:42:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quick_searchff@gmail.com: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\extensions\quick_searchff@gmail.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\sweetsearch@gmail.com: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\extensions\sweetsearch@gmail.com FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015-06-02 18:33:52 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015-06-02 18:33:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 39.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2015-06-02 18:33:52 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 39.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2015-06-02 18:33:52 | 000,000,000 | ---D | M] [2012-02-16 23:44:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\Extensions [2015-07-09 18:55:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\extensions [2015-07-09 18:55:56 | 000,000,000 | ---D | M] ("Default NewTab") -- C:\Users\Monika\AppData\Roaming\mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\extensions\default_newtabff@gmail.com [2015-07-09 18:55:55 | 000,015,309 | ---- | M] () (No name found) -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\qgomyjlb.default-1422738746209\extensions\defsearchp@gmail.com.xpi [2015-07-12 20:28:15 | 000,002,129 | ---- | M] () -- C:\Users\Monika\AppData\Roaming\mozilla\firefox\profiles\qgomyjlb.default-1422738746209\searchplugins\delta-homes.xml [2015-06-02 18:33:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions [2015-07-09 18:55:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2015-01-31 09:42:49 | 000,000,000 | ---D | M] (Модуль блокування небезпечних веб-сайтів) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.1\FFEXT\CONTENT_BLOCKER@KASPERSKY.COM [2015-01-31 09:42:49 | 000,000,000 | ---D | M] (Безпечні платежі) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.1\FFEXT\ONLINE_BANKING@KASPERSKY.COM [2015-01-31 09:42:49 | 000,000,000 | ---D | M] (Віртуальна клавіатура) -- C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 15.0.1\FFEXT\VIRTUAL_KEYBOARD@KASPERSKY.COM O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b]64bit:[/b] - BHO: (Content Blocker Plugin) - {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (Virtual Keyboard Plugin) - {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) O2:[b]64bit:[/b] - BHO: (Safe Money Plugin) - {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Content Blocker Plugin) - {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {2c774641-5504-46a8-b63f-6715ae3fe376} - No CLSID value found. O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (Virtual Keyboard Plugin) - {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Safe Money Plugin) - {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\Monika\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll (GG Network S.A.) O4:[b]64bit:[/b] - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:[b]64bit:[/b] - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:[b]64bit:[/b] - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:[b]64bit:[/b] - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe File not found O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1653579745-25035085-109708339-1000..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O4 - HKU\S-1-5-21-1653579745-25035085-109708339-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-1653579745-25035085-109708339-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:[b]64bit:[/b] - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: E&ksportuj do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:[b]64bit:[/b] - Extra Button: Klawiatura wirtualna - {09A10376-994C-4BBF-9121-F50CF7BA237E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) O9:[b]64bit:[/b] - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Klawiatura wirtualna - {09A10376-994C-4BBF-9121-F50CF7BA237E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: Wyślij do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Wyślij &do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O13[b]64bit:[/b] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.179.1.60 62.179.1.61 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39BD49FF-4255-4B69-9E03-0FFB97E7320C}: DhcpNameServer = 62.179.1.60 62.179.1.61 O18:[b]64bit:[/b] - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:[b]64bit:[/b] - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2015-01-27 22:24:58 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{04ff4539-919a-11e4-a09d-14dae914c6e0}\Shell - "" = AutoRun O33 - MountPoints2\{04ff4539-919a-11e4-a09d-14dae914c6e0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{147022f0-d6fe-11e1-99ad-742f6841e1fe}\Shell - "" = AutoRun O33 - MountPoints2\{147022f0-d6fe-11e1-99ad-742f6841e1fe}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{49eb34d3-cb43-11e1-a73d-742f6841e1fe}\Shell - "" = AutoRun O33 - MountPoints2\{49eb34d3-cb43-11e1-a73d-742f6841e1fe}\Shell\AutoRun\command - "" = F:\setup.exe -a O33 - MountPoints2\{59d83b4b-4b9b-11e3-85e0-14dae914c6e0}\Shell - "" = AutoRun O33 - MountPoints2\{59d83b4b-4b9b-11e3-85e0-14dae914c6e0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{5b149eae-f6da-11e3-bb82-14dae914c6e0}\Shell - "" = AutoRun O33 - MountPoints2\{5b149eae-f6da-11e3-bb82-14dae914c6e0}\Shell\AutoRun\command - "" = G:\LGAutoRun.exe O33 - MountPoints2\{7849f0c9-6e78-11e1-8425-742f6841e1fe}\Shell - "" = AutoRun O33 - MountPoints2\{7849f0c9-6e78-11e1-8425-742f6841e1fe}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{a8852ab3-58e4-11e1-b140-742f6841e1fe}\Shell - "" = AutoRun O33 - MountPoints2\{a8852ab3-58e4-11e1-b140-742f6841e1fe}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a8852ba9-58e4-11e1-b140-742f6841e1fe}\Shell - "" = AutoRun O33 - MountPoints2\{a8852ba9-58e4-11e1-b140-742f6841e1fe}\Shell\AutoRun\command - "" = H:\AutoRun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %* O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2015-07-12 21:46:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Monika\Desktop\OTL_[www.programosy.pl].exe [2015-07-09 12:11:47 | 000,000,000 | ---D | C] -- C:\Users\Monika\Desktop\Nowy folder (2) [2015-07-07 20:28:37 | 000,000,000 | ---D | C] -- C:\Users\Monika\Desktop\Nowy folder [2015-06-28 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 8 [2015-06-28 20:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.2008-09.org.wixtoolset [2015-06-28 20:54:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2015-06-27 06:48:37 | 000,000,000 | ---D | C] -- C:\Users\Monika\Desktop\Dzwoneczek i bestia z nibylandi [2015-06-21 19:04:47 | 000,000,000 | ---D | C] -- C:\Users\Monika\Desktop\.thumbnails [2015-06-21 19:03:58 | 000,000,000 | ---D | C] -- C:\Users\Monika\Desktop\100LGDSC [2015-06-21 19:03:49 | 000,000,000 | ---D | C] -- C:\Users\Monika\Desktop\skuubcio ;) [2015-06-21 19:03:43 | 000,000,000 | ---D | C] -- C:\Users\Monika\Desktop\Facebook [2015-06-21 19:03:33 | 000,000,000 | ---D | C] -- C:\Users\Monika\Desktop\jaaa ;) [2015-06-21 19:03:26 | 000,000,000 | ---D | C] -- C:\Users\Monika\Desktop\Misiuulek ;) [2015-06-19 08:41:40 | 001,730,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll [2015-06-19 08:41:40 | 001,011,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller2.dll [1 C:\Users\Monika\Desktop\*.tmp files -> C:\Users\Monika\Desktop\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2015-07-12 21:46:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monika\Desktop\OTL_[www.programosy.pl].exe [2015-07-12 21:15:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2015-07-12 20:37:17 | 000,015,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2015-07-12 20:37:17 | 000,015,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2015-07-12 20:26:44 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2015-07-12 20:26:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2015-07-12 20:26:05 | 467,496,959 | -HS- | M] () -- C:\hiberfil.sys [2015-07-12 20:25:17 | 000,000,309 | ---- | M] () -- C:\Windows\wininit.ini [2015-07-11 20:15:18 | 001,692,176 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2015-07-11 20:15:18 | 000,747,802 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2015-07-11 20:15:18 | 000,661,128 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2015-07-11 20:15:18 | 000,160,362 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2015-07-11 20:15:18 | 000,125,318 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2015-07-09 20:15:17 | 000,778,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2015-07-09 20:15:17 | 000,142,512 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2015-07-09 19:04:34 | 000,045,042 | ---- | M] () -- C:\Users\Monika\Desktop\20150708143119-26.pdf [2015-07-09 19:02:45 | 000,057,406 | ---- | M] () -- C:\Users\Monika\Desktop\20150708133107-15.pdf [2015-07-08 10:59:07 | 000,180,634 | ---- | M] () -- C:\Users\Monika\Desktop\anonse,op-get_attachment,id-36744,aid-20677-1.jpg [2015-06-29 06:04:18 | 000,001,457 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2015-06-28 22:49:59 | 000,136,752 | ---- | M] () -- C:\Users\Monika\Desktop\CV_Monika Tarnowska.pdf [2015-06-23 20:16:58 | 499,995,942 | ---- | M] () -- C:\Users\Monika\Desktop\Scooby Doo i Frankenstrachy.avi [2015-06-21 19:08:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2015-06-21 12:41:06 | 008,800,569 | ---- | M] () -- C:\Users\Monika\Desktop\MOV_0005.mp4 [2015-06-21 12:39:57 | 012,156,753 | ---- | M] () -- C:\Users\Monika\Desktop\MOV_0004.mp4 [2015-06-19 08:41:40 | 001,730,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WdfCoInstaller01009.dll [2015-06-19 08:41:40 | 001,011,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WinUSBCoInstaller2.dll [1 C:\Users\Monika\Desktop\*.tmp files -> C:\Users\Monika\Desktop\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2015-07-09 19:04:34 | 000,045,042 | ---- | C] () -- C:\Users\Monika\Desktop\20150708143119-26.pdf [2015-07-09 19:02:45 | 000,057,406 | ---- | C] () -- C:\Users\Monika\Desktop\20150708133107-15.pdf [2015-07-09 12:39:51 | 000,180,634 | ---- | C] () -- C:\Users\Monika\Desktop\anonse,op-get_attachment,id-36744,aid-20677-1.jpg [2015-06-28 22:49:56 | 000,136,752 | ---- | C] () -- C:\Users\Monika\Desktop\CV_Monika Tarnowska.pdf [2015-06-23 20:10:21 | 499,995,942 | ---- | C] () -- C:\Users\Monika\Desktop\Scooby Doo i Frankenstrachy.avi [2015-06-21 19:08:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01009.Wdf [2015-06-21 19:00:51 | 012,156,753 | ---- | C] () -- C:\Users\Monika\Desktop\MOV_0004.mp4 [2015-06-21 19:00:47 | 008,800,569 | ---- | C] () -- C:\Users\Monika\Desktop\MOV_0005.mp4 [2014-08-04 12:04:45 | 000,446,464 | ---- | C] ( ) -- C:\Windows\SysWow64\lexlog.dll [2014-08-04 11:05:12 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\HPPLVS.dll [2014-08-04 11:04:01 | 001,668,314 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2014-08-04 11:02:42 | 000,000,707 | ---- | C] () -- C:\Windows\hpntwksetup.ini [2014-03-02 18:40:14 | 000,707,504 | ---- | C] () -- C:\Users\Monika\AppData\Local\unins000.exe [2014-03-02 18:40:14 | 000,011,761 | ---- | C] () -- C:\Users\Monika\AppData\Local\unins000.msg [2014-03-02 18:40:14 | 000,003,187 | ---- | C] () -- C:\Users\Monika\AppData\Local\unins000.dat [2013-09-30 20:22:17 | 000,000,309 | ---- | C] () -- C:\Windows\wininit.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2015-02-13 07:22:33 | 014,177,280 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2015-02-13 07:26:18 | 012,875,264 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717]========== LOP Check ==========[/color] [2013-09-30 10:56:42 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2013-09-30 10:56:42 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2015-01-25 14:25:30 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Audacity [2014-12-14 10:50:26 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\BinarySense [2014-03-02 19:05:04 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\e-Deklaracje [2013-03-05 22:26:55 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1 [2013-03-02 19:00:25 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\efile.epity2012 [2013-03-18 23:27:17 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\FileZilla [2014-06-11 22:00:12 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\FreeHideIP [2012-02-16 23:47:13 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Gadu-Gadu 10 [2012-02-16 23:45:20 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\GHISLER [2014-09-23 02:58:44 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\IrfanView [2013-11-16 20:37:02 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\JCommerce [2014-02-02 22:51:00 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\KW [2014-02-02 12:54:51 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\newnext.me [2013-02-10 20:47:01 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Nowe Gadu-Gadu [2012-06-10 23:11:24 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\OmegaSys Generator WNA [2012-12-15 14:58:05 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\OpenFM [2012-04-01 14:00:52 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\OpenOffice.org [2014-12-14 10:48:53 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Opera Software [2012-04-06 14:56:07 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\PhotoFiltre 7 [2012-04-06 14:55:27 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\PhotoScape [2013-03-02 18:34:33 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Podatnik.info [2015-04-03 18:07:19 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\Softland [2013-09-29 13:42:57 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\TuneUp Software [2015-02-15 21:27:58 | 000,000,000 | ---D | M] -- C:\Users\Monika\AppData\Roaming\uTorrent [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:55B41E6A < End of report >

**Posty:** 4765 · przez **ordynat** 13 Lip 2015, 02:25

1) Użyj Adw-Cleaner http://www.programosy.pl/program,adwcleaner.html
najpierw kliknij na SZUKAJ (SCAN), a dopiero po zakończeniu skanowania, gdy uaktywni się przycisk USUŃ (CLEANING), to kliknij na niego.
Pokaż raport z niego C:\AdwCleaner\AdwCleaner[S].txt

2) Zrób logi z FRST > http://forum.programosy.pl/frst-otl-zoek-vt139692.html
Przed skanem zaznacz "Additional" oraz "Shortcut"
.

**Posty:** 1385 · przez **cinek_1111** 17 Lip 2015, 22:25

ordynat napisał(a):Użyj Adw-Cleaner

Kod: Zaznacz wszystko: # AdwCleaner v4.208 - Utworzono raport 17/07/2015 o 22:04:46 # Ostatnia aktualizacja 09/07/2015 przez Xplode # Baza danych : 2015-07-15.1 [Serwer] # System operacyjny : Windows 7 Home Premium Service Pack 1 (x64) # Nazwa użytkownika : Monika - MONIKA-KOMPUTER # Uruchomiony z : C:\Users\Monika\Desktop\AdwCleaner.exe # Działanie : Usuń ***** [ Usługi ] ***** [#] Usługa usunięto : IHProtect Service [#] Usługa usunięto : WindowsMangerProtect [#] Usługa usunięto : winzipersvc [#] Usługa usunięto : wafd_1_10_0_19 ***** [ Pliki / Foldery ] ***** Folder usunięto : C:\ProgramData\WindowsMangerProtect Folder usunięto : C:\ProgramData\MailUpdate Folder usunięto : C:\ProgramData\IHProtectUpDate Folder usunięto : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper Folder usunięto : C:\Program Files (x86)\WinZipper Folder usunięto : C:\Program Files (x86)\XTab Folder usunięto : C:\Program Files (x86)\miuitab Folder usunięto : C:\Users\Monika\AppData\Local\Temp\apn Folder usunięto : C:\Users\Monika\AppData\Local\Mobogenie Folder usunięto : C:\Users\Monika\AppData\Roaming\WinZipper Folder usunięto : C:\Users\Monika\AppData\Roaming\MailUpdate Folder usunięto : C:\Users\Monika\Documents\Mobogenie Plik usunięto : C:\Users\Monika\daemonprocess.txt Plik usunięto : C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\searchplugins\delta-homes.xml ***** [ Zaplanowane zadania ] ***** ***** [ Skróty ] ***** ***** [ Rejestr ] ***** Wartość usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com] Wartość usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [sweetsearch@gmail.com] Wartość usunięto : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_searchff@gmail.com] Klucz usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd Wartość usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon] Klucz usunięto : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect Klucz usunięto : HKCU\Software\Mozilla\Extends Klucz usunięto : HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZipper Klucz usunięto : HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZipper Klucz usunięto : HKLM\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\WinZipper Klucz usunięto : HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\WinZipper Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.001 Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.7z Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.arj Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.bz2 Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.bzip2 Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.cab Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.cpio Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.deb Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.dmg Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.fat Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.gz Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.gzip Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.hfs Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.iso Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.lha Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.lzh Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.lzma Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.ntfs Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.rar Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.rpm Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.squashfs Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.swm Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.tar Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.taz Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.tbz Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.tbz2 Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.tgz Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.tpz Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.txz Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.vhd Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.wim Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.xar Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.xz Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.z Klucz usunięto : HKLM\SOFTWARE\Classes\WinZipper.zip Klucz usunięto : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Klucz usunięto : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Klucz usunięto : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D} Klucz usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C774641-5504-46A8-B63F-6715AE3FE376} Klucz usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Klucz usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Klucz usunięto : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} Klucz usunięto : [x64] HKLM\SOFTWARE\Classes\CLSID\{4F622628-7632-4B28-B184-D7BA0CA3273B} Klucz usunięto : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8} Klucz usunięto : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} Dane Przywrócono : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command Klucz usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{02BE384A-7CAA-411F-9E80-519E9D787323} Klucz usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Klucz usunięto : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} Klucz usunięto : HKCU\Software\FindRight Klucz usunięto : HKCU\Software\InstallCore Klucz usunięto : HKCU\Software\Softonic Klucz usunięto : HKCU\Software\PRODUCTSETUP Klucz usunięto : HKLM\SOFTWARE\delta-homesSoftware Klucz usunięto : HKLM\SOFTWARE\do-searchSoftware Klucz usunięto : HKLM\SOFTWARE\FindRight Klucz usunięto : HKLM\SOFTWARE\hdcode Klucz usunięto : HKLM\SOFTWARE\SupDp Klucz usunięto : HKLM\SOFTWARE\SupTab Klucz usunięto : HKLM\SOFTWARE\supWindowsMangerProtect Klucz usunięto : HKLM\SOFTWARE\V9 Klucz usunięto : HKLM\SOFTWARE\winzipersvc Klucz usunięto : HKLM\SOFTWARE\IHProtect Klucz usunięto : HKLM\SOFTWARE\FFPluginHp Klucz usunięto : HKU\.DEFAULT\Software\AskPartnerNetwork Klucz usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winzipper Klucz usunięto : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-00B2-0409-0000-0000000FF1CE} Klucz usunięto : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FindRight ***** [ Przeglądarki internetowe ] ***** -\\ Internet Explorer v11.0.9600.17909 Ustawienia Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] Ustawienia Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] Ustawienia Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] Ustawienia Przywrócono : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] Ustawienia Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Ustawienia Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Ustawienia Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Ustawienia Przywrócono : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] Ustawienia Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] Ustawienia Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] Ustawienia Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] Ustawienia Przywrócono : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] -\\ Mozilla Firefox v39.0 (x86 pl) [qgomyjlb.default-1422738746209\prefs.js] - Linia usunięto : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html"); [qgomyjlb.default-1422738746209\prefs.js] - Linia usunięto : user_pref("browser.search.searchengine.iconURL", "hxxp://search.delta-homes.com/favicon.ico"); [qgomyjlb.default-1422738746209\prefs.js] - Linia usunięto : user_pref("browser.search.searchengine.url", "hxxp://search.delta-homes.com/web/?type=ds&ts=1437068039&z=ac80eef3f2b91085a7889eeg7z9cfm6edqcbce4z9g&from=wpm07163&uid=ST9640423AS_5WS1JTV5XXXX5WS1JTV5&q[...] [qgomyjlb.default-1422738746209\prefs.js] - Linia usunięto : user_pref("extensions.quick_start.enable_search1", false); [qgomyjlb.default-1422738746209\prefs.js] - Linia usunięto : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false); -\\ Opera v30.0.1835.125 ************************* AdwCleaner[R0].txt - [12039 bajty] - [17/07/2015 22:02:20] AdwCleaner[S0].txt - [9003 bajty] - [17/07/2015 22:04:46] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9062 bajty] ##########

ordynat napisał(a):Zrób logi z FRST

FRST

Kod: Zaznacz wszystko: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-07-2015 Ran by Monika (administrator) on MONIKA-KOMPUTER on 17-07-2015 22:15:52 Running from C:\Users\Monika\Desktop Loaded Profiles: Monika & UpdatusUser (Available Profiles: Monika & UpdatusUser & Gość) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Polski (Polska) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe (ASUS) C:\Windows\AsScrPro.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS) C:\Program Files\P4G\BatteryLife.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe (Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe (Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2587944 2010-12-13] (ELAN Microelectronics Corp.) HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [617120 2011-03-13] (Atheros Communications) HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379552 2011-03-13] (Atheros Commnucations) HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation) HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus) HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS) HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] () HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2012-09-25] (Brother Industries, Ltd.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\MountPoints2: F - F:\AutoRun.exe HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\MountPoints2: G - G:\AutoRun.exe HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\MountPoints2: H - H:\AutoRun.exe HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\MountPoints2: {04ff4539-919a-11e4-a09d-14dae914c6e0} - F:\AutoRun.exe HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\MountPoints2: {147022f0-d6fe-11e1-99ad-742f6841e1fe} - F:\AutoRun.exe HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\MountPoints2: {49eb34d3-cb43-11e1-a73d-742f6841e1fe} - F:\setup.exe -a HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\MountPoints2: {59d83b4b-4b9b-11e3-85e0-14dae914c6e0} - F:\AutoRun.exe HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\MountPoints2: {5b149eae-f6da-11e3-bb82-14dae914c6e0} - G:\LGAutoRun.exe HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\MountPoints2: {7849f0c9-6e78-11e1-8425-742f6841e1fe} - F:\AutoRun.exe HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\MountPoints2: {a8852ab3-58e4-11e1-b140-742f6841e1fe} - G:\AutoRun.exe HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\MountPoints2: {a8852ba9-58e4-11e1-b140-742f6841e1fe} - H:\AutoRun.exe HKU\S-1-5-21-1653579745-25035085-109708339-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-20] (Microsoft Corporation) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-18] (Microsoft Corporation) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-02-21] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [192616 2011-02-21] (NVIDIA Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk [2012-02-16] ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe () Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk [2014-12-14] ShortcutTarget: HDDlife.lnk -> C:\Program Files (x86)\BinarySense\HDDlife 4\HDDlifePro.exe (No File) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-01-31] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-01-31] (Kaspersky Lab ZAO) BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll [2015-01-31] (Kaspersky Lab ZAO) BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-01-31] (Kaspersky Lab ZAO) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation) BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-03-13] (Atheros Commnucations) BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-01-31] (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation) BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll [2015-01-31] (Kaspersky Lab ZAO) BHO-x32: IEPluginBHO Class -> {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} -> C:\Users\Monika\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll [2009-10-28] (GG Network S.A.) Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\SYSTEM\OLEDB~1\MSDAIPP.DLL [2009-02-26] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0 Tcpip\..\Interfaces\{39BD49FF-4255-4B69-9E03-0FFB97E7320C}: [DhcpNameServer] 192.168.1.1 0.0.0.0 FireFox: ======== FF ProfilePath: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209 FF NewTab: chrome://quick_start/content/index.html FF DefaultSearchEngine: delta-homes FF SelectedSearchEngine: delta-homes FF Homepage: hxxp://www.google.pl/ FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] () FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation) FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-31] () FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-31] () FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-31] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\searchplugins\delta-homes.xml [2015-07-17] FF Extension: Default NewTab - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\Extensions\default_newtabff@gmail.com [2015-07-17] FF Extension: Default SearchProtected - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\Extensions\defsearchp@gmail.com.xpi [2015-06-26] FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-31] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-31] FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-31] FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\extensions\defsearchp@gmail.com Chrome: ======= CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-03-13] (Atheros) [File not signed] R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [74912 2011-03-13] (Atheros Commnucations) [File not signed] R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO) R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [267824 2007-02-26] (Nero AG) R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [41760 2015-06-09] (Microsoft) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd) S3 FTDIBUS; C:\Windows\System32\drivers\opcomusb.sys [69320 2009-10-22] (FTDI Ltd.) R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO) R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-31] (Kaspersky Lab ZAO) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [819896 2015-03-11] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-31] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO) R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] () S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-17 22:15 - 2015-07-17 22:18 - 00020663 _____ C:\Users\Monika\Desktop\FRST.txt 2015-07-17 22:15 - 2015-07-17 22:16 - 00000000 ____D C:\FRST 2015-07-17 22:12 - 2015-07-17 22:12 - 02133504 _____ (Farbar) C:\Users\Monika\Desktop\FRST64.exe 2015-07-17 22:08 - 2015-07-17 22:08 - 00009174 _____ C:\Users\Monika\Desktop\AdwCleaner[S0].txt 2015-07-17 22:01 - 2015-07-17 22:05 - 00000000 ____D C:\AdwCleaner 2015-07-17 21:56 - 2015-07-17 21:57 - 02248704 _____ C:\Users\Monika\Desktop\AdwCleaner.exe 2015-07-15 23:07 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-07-15 23:07 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-07-15 23:07 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-07-15 23:07 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-07-15 23:07 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-07-15 23:07 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-07-15 23:07 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-07-15 23:07 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-07-15 23:07 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-07-15 23:07 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-07-15 23:07 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-07-15 23:07 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-07-15 23:07 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-07-15 23:07 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-07-15 23:07 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-07-15 23:07 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-07-15 23:07 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-07-15 23:07 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2015-07-15 23:07 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2015-07-15 23:07 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll 2015-07-15 23:07 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll 2015-07-15 23:05 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-07-15 23:05 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-07-15 23:05 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-07-15 23:05 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-07-15 23:05 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-07-15 23:05 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-07-15 23:05 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-07-15 23:05 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-07-15 23:05 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-07-15 23:05 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-07-15 23:05 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-07-15 23:05 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-07-15 23:05 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-07-15 23:05 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-07-15 23:05 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-07-15 23:05 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-07-15 23:05 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-07-15 23:05 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-07-15 23:05 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-07-15 23:05 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-07-15 23:05 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-07-15 23:05 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-07-15 23:05 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-07-15 23:05 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-07-15 23:05 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-07-15 23:05 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-07-15 23:05 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-07-15 23:05 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-07-15 23:05 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-07-15 23:05 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-07-15 23:05 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-07-15 23:05 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-07-15 23:05 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-07-15 23:05 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-07-15 23:05 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-07-15 23:05 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-07-15 23:05 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-07-15 23:05 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-07-15 23:05 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-07-15 23:05 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-07-15 23:05 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-07-15 23:05 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-07-15 23:05 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-07-15 23:05 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-07-15 23:02 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2015-07-15 23:02 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2015-07-15 23:02 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-07-15 23:02 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-07-15 23:02 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-07-15 23:02 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2015-07-15 23:02 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-07-15 23:02 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-07-15 23:02 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-07-15 23:02 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-07-15 23:02 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-07-15 23:02 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-07-15 23:02 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-07-15 23:02 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-07-15 23:02 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-07-15 23:02 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2015-07-15 23:02 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-07-15 23:02 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-07-15 23:02 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-07-15 23:02 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-07-15 23:02 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-07-15 23:02 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-07-15 23:02 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-07-15 23:02 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-07-15 23:02 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-07-15 23:02 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-07-15 23:02 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-07-15 23:02 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-07-15 23:02 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2015-07-15 23:02 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-07-15 23:02 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-07-15 23:02 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2015-07-15 23:02 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-07-15 23:02 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-07-15 23:02 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-07-15 23:02 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-07-15 23:02 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-07-15 23:02 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2015-07-15 23:02 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2015-07-15 23:02 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2015-07-15 23:01 - 2015-07-03 20:05 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-07-15 23:01 - 2015-07-03 20:05 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-07-15 23:01 - 2015-07-03 20:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-07-15 23:01 - 2015-07-03 20:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-07-15 23:01 - 2015-07-03 19:56 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-07-15 23:01 - 2015-07-03 19:56 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-07-15 23:01 - 2015-07-03 19:56 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-07-15 23:01 - 2015-07-03 19:55 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-07-15 23:01 - 2015-07-03 18:52 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-07-15 23:01 - 2015-07-03 18:42 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-07-15 23:01 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2015-07-15 23:01 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2015-07-15 23:01 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2015-07-15 23:01 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2015-07-15 23:01 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2015-07-15 23:01 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe 2015-07-15 23:01 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2015-07-15 23:01 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2015-07-15 23:01 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2015-07-15 23:01 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe 2015-07-15 23:01 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll 2015-07-15 23:01 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll 2015-07-12 21:55 - 2015-07-12 21:55 - 00112352 _____ C:\Users\Monika\Desktop\OTL.Txt 2015-07-12 21:46 - 2015-07-12 21:46 - 00602112 _____ (OldTimer Tools) C:\Users\Monika\Desktop\OTL_[www.programosy.pl].exe 2015-07-12 21:45 - 2015-07-12 21:45 - 00137435 _____ C:\Users\Monika\Desktop\gmer.txt 2015-06-28 20:56 - 2015-06-28 20:56 - 00003580 _____ C:\Windows\System32\Tasks\doPDF Update 2015-06-28 20:56 - 2015-06-28 20:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 8 2015-06-28 20:54 - 2015-06-28 20:54 - 00000000 ____D C:\ProgramData\regid.2008-09.org.wixtoolset 2015-06-28 20:54 - 2015-06-28 20:54 - 00000000 ____D C:\ProgramData\Package Cache 2015-06-21 19:08 - 2015-06-21 19:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-06-19 08:41 - 2015-06-19 08:41 - 01730304 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll 2015-06-19 08:41 - 2015-06-19 08:41 - 01011456 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll 2015-06-17 01:01 - 2015-06-17 01:01 - 01202856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FM20.DLL ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-17 22:17 - 2012-02-16 22:34 - 01900026 _____ C:\Windows\WindowsUpdate.log 2015-07-17 22:15 - 2012-05-26 08:56 - 00000930 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-17 22:08 - 2013-12-18 21:05 - 00000000 ____D C:\ProgramData\Kaspersky Lab 2015-07-17 22:07 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-17 22:07 - 2009-07-14 06:51 - 00202446 _____ C:\Windows\setupact.log 2015-07-17 22:04 - 2012-02-16 22:51 - 00000000 ____D C:\Users\Monika 2015-07-17 22:04 - 2009-07-14 06:45 - 00015504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-17 22:04 - 2009-07-14 06:45 - 00015504 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-17 21:58 - 2014-08-04 11:01 - 00000000 ___HD C:\Program Files (x86)\Avago-HP 2015-07-17 21:57 - 2014-08-04 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP 2015-07-17 21:57 - 2014-08-04 11:04 - 00000000 ____D C:\Program Files (x86)\HP 2015-07-17 21:27 - 2012-02-19 18:39 - 00045056 _____ C:\Windows\system32\acovcnt.exe 2015-07-17 09:06 - 2012-02-16 23:23 - 00001469 _____ C:\Windows\system32\ServiceFilter.ini 2015-07-17 09:05 - 2015-06-02 18:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2015-07-17 09:05 - 2012-02-18 07:53 - 00053464 _____ C:\Windows\PFRO.log 2015-07-16 21:08 - 2009-07-14 19:55 - 00747802 _____ C:\Windows\system32\perfh015.dat 2015-07-16 21:08 - 2009-07-14 19:55 - 00160362 _____ C:\Windows\system32\perfc015.dat 2015-07-16 21:08 - 2009-07-14 07:13 - 01692176 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-16 20:35 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2015-07-16 19:35 - 2012-02-22 21:01 - 00000000 ____D C:\Users\Monika\AppData\Local\CrashDumps 2015-07-16 06:47 - 2009-07-14 06:45 - 00443128 _____ C:\Windows\system32\FNTCACHE.DAT 2015-07-16 06:26 - 2012-02-16 23:12 - 00000000 ____D C:\ProgramData\Microsoft Help 2015-07-16 06:20 - 2014-08-04 11:00 - 00000000 ____D C:\Windows\system32\MRT 2015-07-14 22:15 - 2012-05-26 08:56 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-07-14 22:15 - 2012-05-26 08:56 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-07-14 22:15 - 2012-05-26 08:56 - 00003868 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-07-14 21:36 - 2015-05-15 21:06 - 00000000 ____D C:\Users\Monika\Desktop\CSI 2015-07-14 21:36 - 2015-03-22 16:24 - 00000000 ____D C:\Users\Monika\Desktop\praca 2015-07-14 21:36 - 2012-02-16 23:53 - 00000000 ___RD C:\Users\Monika\Desktop\RÓŻNOŚCI 2015-07-14 21:35 - 2014-06-19 10:06 - 00000000 ____D C:\Users\Monika\Desktop\Ania 2015-07-14 20:26 - 2014-12-14 10:48 - 00003886 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1418546923 2015-07-14 20:26 - 2014-12-14 10:48 - 00000000 ____D C:\Program Files (x86)\Opera 2015-07-14 07:46 - 2011-06-11 02:58 - 00773968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll 2015-07-14 07:46 - 2011-06-11 02:58 - 00421200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll 2015-07-12 20:26 - 2015-01-27 22:47 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2 2015-07-12 20:25 - 2015-01-27 22:47 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2015-07-12 20:25 - 2013-09-30 20:22 - 00000309 _____ C:\Windows\wininit.ini 2015-07-10 06:39 - 2012-05-07 21:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2015-07-03 08:43 - 2014-08-04 11:00 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-28 20:55 - 2015-04-03 18:04 - 00000000 ____D C:\Program Files (x86)\Softland 2015-06-28 20:55 - 2012-02-19 19:04 - 00000000 ____D C:\Program Files\Softland 2015-06-28 20:53 - 2015-05-26 09:30 - 01384104 _____ (Softland) C:\Users\Monika\Downloads\dopdf.exe 2015-06-23 13:30 - 2012-02-16 23:51 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-06-22 19:46 - 2009-07-14 07:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD ==================== Files in the root of some directories ======= 2014-03-02 18:40 - 2014-03-02 18:40 - 0003187 _____ () C:\Users\Monika\AppData\Local\unins000.dat 2014-03-02 18:40 - 2014-03-02 18:40 - 0707504 _____ () C:\Users\Monika\AppData\Local\unins000.exe 2014-03-02 18:40 - 2014-03-02 18:40 - 0011761 _____ () C:\Users\Monika\AppData\Local\unins000.msg Some files in TEMP: ==================== C:\Users\Monika\AppData\Local\Temp\APNSetup.exe C:\Users\Monika\AppData\Local\Temp\DataCard_Setup64.exe C:\Users\Monika\AppData\Local\Temp\hp_A5A2.tmp.exe C:\Users\Monika\AppData\Local\Temp\hp_BF88.tmp.exe C:\Users\Monika\AppData\Local\Temp\ICReinstall_ImageEditorSetup.exe C:\Users\Monika\AppData\Local\Temp\ICReinstall_Windows-Movie-Maker(11546)-dp.exe C:\Users\Monika\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Monika\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Monika\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Monika\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Monika\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\Monika\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe C:\Users\Monika\AppData\Local\Temp\jre-8u31-windows-au.exe C:\Users\Monika\AppData\Local\Temp\nowegg.upgr.exe C:\Users\Monika\AppData\Local\Temp\Opera_NI_stable.exe C:\Users\Monika\AppData\Local\Temp\Quarantine.exe C:\Users\Monika\AppData\Local\Temp\ResetDevice.exe C:\Users\Monika\AppData\Local\Temp\sqlite3.dll C:\Users\Monika\AppData\Local\Temp\utt6230.tmp.exe C:\Users\Monika\AppData\Local\Temp\_is21C3.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-13 06:47 ==================== End of log ============================

Shortscut

Kod: Zaznacz wszystko: Users shortcut scan result (x64) Version:13-07-2015 Ran by Monika at 2015-07-17 22:20:36 Running from C:\Users\Monika\Desktop Boot Mode: Normal ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CWK.lnk -> C:\Program Files (x86)\Damian Pasternak\CWK\CWK.exe (Damian Pasternak) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\e-Deklaracje.lnk -> C:\Program Files (x86)\e-Deklaracje\e-Deklaracje.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nowe Gadu-Gadu.lnk -> C:\Program Files (x86)\Nowe Gadu-Gadu\gg.exe (GG Network S.A.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk -> C:\Windows\Installer\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}\MOVIEMK.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virage Logic, Corp\Sonic Focus\ASUS Sonic Focus.lnk -> C:\Windows\Installer\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}\SonicFocus.exe_C2239DDEF465468B9601EC46626FA4D3.exe (Acresso Software Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander Help.lnk -> C:\totalcmd\TOTALCMD.CHM () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander\Total Commander.lnk -> C:\totalcmd\TOTALCMD.EXE (Ghisler Software GmbH) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander\Uninstall or Repair Total Commander.lnk -> C:\totalcmd\TCUNINST.EXE () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Program Pit 2014 - rozliczenie roczne\Deinstalacja programu Roczne rozliczenie podatku dochodowego - PIT 2014.lnk -> C:\Program Files (x86)\Gofin\Pit2014\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Program Pit 2014 - rozliczenie roczne\Roczne rozliczenie podatku dochodowego - PIT 2014.lnk -> C:\Program Files (x86)\Gofin\Pit2014\Pit2014.exe (Wydawnictwo Podatkowe GOFIN sp. z o.o.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\PhotoScape.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape\Uninstall PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\uninstall.exe (Mooii) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7\PhotoFiltre 7 Information.lnk -> C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7\PhotoFiltre 7.lnk -> C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe (Antonio Da Cruz) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7\PhotoMasque Information.lnk -> C:\Program Files (x86)\PhotoFiltre 7\PhotoMasque.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7\Uninstall PhotoFiltre 7.lnk -> C:\Program Files (x86)\PhotoFiltre 7\Uninst.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Instrukcje\Nero CD-DVD Speed [Pomoc w jęz. angielskim].lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\CDSpeed_eng.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Instrukcje\Nero Express Essentials SE [Pomoc w jęz. angielskim].lnk -> C:\Program Files (x86)\Nero\Nero 7\Core\NeroExpress_eng.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Instrukcje\Nero StartSmart Essentials [Pomoc w jęz. angielskim].lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart_eng.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Readme.txt.lnk -> F:\traktor\Documentation\Readme.txt (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Service Center Manual English.pdf.lnk -> F:\traktor\Documentation\Service Center Manual English.pdf (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Service Center Manual French.pdf.lnk -> F:\traktor\Documentation\Service Center Manual French.pdf (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Service Center Manual German.pdf.lnk -> F:\traktor\Documentation\Service Center Manual German.pdf (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Service Center Manual Italian.pdf.lnk -> F:\traktor\Documentation\Service Center Manual Italian.pdf (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Service Center Manual Japanese.pdf.lnk -> F:\traktor\Documentation\Service Center Manual Japanese.pdf (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Service Center Manual Spanish.pdf.lnk -> F:\traktor\Documentation\Service Center Manual Spanish.pdf (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Service Center.lnk -> F:\traktor\ServiceCenter.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\Silverlight.Configuration.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Access 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Excel 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Groove 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office InfoPath 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office OneNote 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Outlook 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office PowerPoint 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Publisher 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2007.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Narzędzia Microsoft Office\Certyfikat cyfrowy dla projektów VBA.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Narzędzia Microsoft Office\Diagnostyka pakietu Microsoft Office.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Narzędzia Microsoft Office\Microsoft Clip Organizer.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Narzędzia Microsoft Office\Microsoft Office 2007 Ustawienia języka.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Narzędzia Microsoft Office\Microsoft Office Picture Manager.lnk -> C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Pomoc techniczna.LNK -> C:\Program Files\Lexmark BSD Series\Install\Support.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Lexmark XM1100 Series\Informacje na temat recyklingu odpadów w Unii Europejskiej.LNK -> C:\Program Files\Lexmark\EU_Waste_Electronic_Information.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Kaspersky Internet Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe (Kaspersky Lab ZAO) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Odwiedź Kaspersky Lab w internecie.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kl.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Pomoc dla Kaspersky Internet Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\Doc\pl-PL\kis\context.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Umowa licencyjna.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\Doc\pl\license.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader\JDownloader.lnk -> C:\Program Files (x86)\JDownloader\JDownloaderD3D.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader\Uninstall JDownloader.lnk -> C:\Program Files (x86)\JDownloader\uninstall.exe (No File) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Zakup materiałów eksploatacyjnych HP.lnk -> C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Formularze IPS\PITy 2013\Odinstaluj PITy 2013.lnk -> C:\Program Files (x86)\PITy\PITy2013NG\unins000.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Formularze IPS\PITy 2013\PITy 2013 w sieci.lnk -> C:\Program Files (x86)\PITy\PITy2013NG\PITY2013NG.url () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Formularze IPS\PITy 2013\PITy 2013.lnk -> C:\Program Files (x86)\PITy\PITy2013NG\PITy2013NG.exe (IPS Przedsiębiorstwo Informatyczne) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\FileZilla.lnk -> C:\Program Files (x86)\FileZilla FTP Client\filezilla.exe (FileZilla Project) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client\Uninstall.lnk -> C:\Program Files (x86)\FileZilla FTP Client\uninstall.exe (FileZilla Project) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 8\doPDF 8 Help.lnk -> C:\ProgramData\Softland\novaPDF 8\doPdf8_Softland\doPdf8_Softland.chm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\Bitstream Font Navigator.lnk -> C:\Windows\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\NewShortcut9101.exe (InstallShield Software Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\Corel CAPTURE X3.lnk -> C:\Windows\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut8.exe (InstallShield Software Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\Corel PHOTO-PAINT X3.lnk -> C:\Windows\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut2.exe (InstallShield Software Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\CorelDRAW X3.lnk -> C:\Windows\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut1.exe (InstallShield Software Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\Duplexing Wizard.lnk -> C:\Windows\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut4.exe (InstallShield Software Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\SB Profiler.lnk -> C:\Windows\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut5.exe (InstallShield Software Corp.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\Dokumentacja\Corel PHOTO-PAINT X3 - samouczki.lnk -> C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Languages\PL\Tutorials\PHOTO-PAINT Tutorials\pp_tut.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\Dokumentacja\CorelDRAW Graphics Suite X3 - podręcznik użytkownika (PDF).lnk -> C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Languages\PL\Help\CorelDRAW Graphics Suite X3.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\Dokumentacja\CorelDRAW Graphics Suite X3 Readme.lnk -> C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Languages\PL\Readme.html () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\Dokumentacja\CorelDRAW X3 - samouczki.lnk -> C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Languages\PL\Tutorials\CorelDRAW Tutorials\dr_tut.htm () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\Documentation\Corel PHOTO-PAINT X3 VBA Object Model (PDF).lnk -> C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\PP VBA Object Model.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\Documentation\CorelDRAW X3 Programming Guide for VBA (PDF).lnk -> C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\dvba_pg.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X3\Documentation\CorelDRAW X3 VBA Object Model (PDF).lnk -> C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite 13\Programs\CorelDRAW VBA Object Model.pdf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program\Urządzenia Bluetooth.lnk -> C:\Windows\System32\bthprops.cpl (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\Read Me.lnk -> C:\Program Files (x86)\Brother\Brmfl10b\RM10aPol.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\Ustawienia skanera\Read Me.lnk -> C:\Program Files (x86)\Brother\Brmfl10b\ScanRead.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\Ustawienia skanera\Scanner Utility.lnk -> C:\Program Files (x86)\Brother\Brmfl10b\BrScUtil.exe (Brother Industries Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\Read Me.lnk -> C:\Program Files (x86)\Brother\Brmfl10b\RM10aPol.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\Ustawienia skanera\Read Me.lnk -> C:\Program Files (x86)\Brother\Brmfl10b\ScanRead.txt () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\Ustawienia skanera\Scanner Utility.lnk -> C:\Program Files (x86)\Brother\Brmfl10b\BrScUtil.exe (Brother Industries Ltd.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\AI Recovery Burner.lnk -> C:\Windows\Installer\{38253529-D97D-4901-AE53-5CC9736D3A2E}\_6335154612896D402F98C3.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Live Update.Lnk -> C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (ASUSTeK Computer Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Virtual Camera.lnk -> C:\Windows\Installer\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}\_6D3EA568D994DD0EAF8D50.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\FancyStart.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_06A25776E43957E4BCFF7B.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\FastBoot.lnk -> C:\Windows\Installer\{13F4A7F3-EABC-4261-AF6B-1317777F0755}\_0C599CF61E23A6070D83A0.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\LifeFrame.lnk -> C:\Program Files (x86)\ASUS\ASUS LifeFrame3\LifeFrame.exe (ASUS) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\Power4Gear Hybrid.lnk -> C:\Windows\Installer\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}\_0C162EAD6852764405289F.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\WinFlash.Lnk -> C:\Program Files (x86)\ASUS\WinFlash\WinFlash.exe (ASUSTek Computer Inc.) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\Wireless Console 3.lnk -> C:\Windows\Installer\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}\_C9BEC68FDCE220A882D6B5.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\SmartLogon\General disclaimer.lnk -> C:\Program Files (x86)\ASUS\SmartLogon\disclaimer.rtf () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\SmartLogon\SmartLogon Console.lnk -> C:\Program Files (x86)\ASUS\SmartLogon\facemgr.exe (ASUS) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\SmartLogon\SmartLogon Manager.lnk -> C:\Program Files (x86)\ASUS\SmartLogon\logonmgr.exe (ASUS) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Splendid Utility\Splendid Compatibility Tool.Lnk -> C:\Program Files (x86)\ASUS\Splendid\Backache.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Utility\ASUS Splendid Utility\Splendid Utility.Lnk -> C:\Program Files (x86)\ASUS\Splendid\Backbone.exe () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk -> C:\Windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe ( ) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc () Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation) Shortcut: C:\ProgramData\Intel\ExtremeGraphics\CUI\Resource\Grafika HD Intel®.lnk -> C:\Windows\System32\GfxUI.exe (Intel Corporation) Shortcut: C:\Users\Default\Links\OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Program Files (x86)\Microsoft OneDrive\OneDriveSetup.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Gość\Links\Desktop.lnk -> C:\Users\Gość\Desktop () Shortcut: C:\Users\Gość\Links\Downloads.lnk -> C:\Users\Gość\Downloads () Shortcut: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Gość\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Gość\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Gość\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\Links\Desktop.lnk -> C:\Users\Monika\Desktop () Shortcut: C:\Users\Monika\Links\Downloads.lnk -> C:\Users\Monika\Downloads () Shortcut: C:\Users\Monika\Links\OneDrive.lnk -> C:\Users\Monika\OneDrive () Shortcut: C:\Users\Monika\Desktop\IrfanView.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) Shortcut: C:\Users\Monika\Desktop\LOS — skrót.lnk -> D:\LOS () Shortcut: C:\Users\Monika\Desktop\RÓŻNOŚCI\ROPS\BES_3\książki\Obrazy — skrót.lnk -> C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms () Shortcut: C:\Users\Monika\Desktop\RÓŻNOŚCI\programy\Avast! Pro Antivirus v 5.0.594 Final ML [PL] +Licencja.rar\Lic\avast! Pro Antivirus.lnk -> C:\Program Files (x86)\Alwil Software\Avast5\AvastUI.exe (No File) Shortcut: C:\Users\Monika\Desktop\RÓŻNOŚCI\muza\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team) Shortcut: C:\Users\Monika\Desktop\RÓŻNOŚCI\Marcin\HDDlife Pro.lnk -> C:\Program Files (x86)\BinarySense\HDDlife 4\HDDlifePro.exe (No File) Shortcut: C:\Users\Monika\Desktop\RÓŻNOŚCI\Marcin\OP-COM.lnk -> C:\Program Files\OP-COM\OP-COM.exe (Auto-M3 Ltd.) Shortcut: C:\Users\Monika\Desktop\PROGRAMY\CorelDRAW X3.lnk -> C:\Windows\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\NewShortcut1.exe (InstallShield Software Corp.) Shortcut: C:\Users\Monika\Desktop\PROGRAMY\e-Deklaracje.lnk -> C:\Program Files (x86)\e-Deklaracje\e-Deklaracje.exe () Shortcut: C:\Users\Monika\Desktop\PROGRAMY\PhotoFiltre 7.lnk -> C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe (Antonio Da Cruz) Shortcut: C:\Users\Monika\Desktop\PROGRAMY\PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\PhotoScape.exe () Shortcut: C:\Users\Monika\Desktop\PROGRAMY\PIT Gofin 2014.lnk -> C:\Program Files (x86)\Gofin\Pit2014\Pit2014.exe (Wydawnictwo Podatkowe GOFIN sp. z o.o.) Shortcut: C:\Users\Monika\Desktop\PROGRAMY\PITy 2013.lnk -> C:\Program Files (x86)\PITy\PITy2013NG\PITy2013NG.exe (IPS Przedsiębiorstwo Informatyczne) Shortcut: C:\Users\Monika\Desktop\PROGRAMY\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (No File) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Program Updates.lnk -> C:\Users\Monika\AppData\Roaming\Microsoft\Installer\{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe (InstallShield Software Corp.) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk -> C:\Users\Monika\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files (x86)\WinRAR\Rar.txt () Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.chm () Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files (x86)\WinRAR\WinRAR.exe () Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk -> C:\Program Files (x86)\BinarySense\HDDlife 4\HDDlifePro.exe (No File) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\About IrfanView.lnk -> C:\Program Files (x86)\IrfanView\i_about.txt () Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\Available Languages.lnk -> C:\Program Files (x86)\IrfanView\i_languages.txt () Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\Available PlugIns.lnk -> C:\Program Files (x86)\IrfanView\i_plugins.txt () Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\Command line Options.lnk -> C:\Program Files (x86)\IrfanView\i_options.txt () Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView 4.38.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView Help.lnk -> C:\Program Files (x86)\IrfanView\i_view32.chm () Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\Uninstall IrfanView.lnk -> C:\Program Files (x86)\IrfanView\iv_uninstall.exe (Irfan Skiljan, IrfanView) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\What's New.lnk -> C:\Program Files (x86)\IrfanView\i_changes.txt () Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Generator Wniosków Platniczych dla POKL\Usuń.lnk -> C:\Users\Monika\AppData\Roaming\Microsoft\Installer\{7261ADCF-3FCE-4A4E-96B3-694FADC1A853}\_5FABDD37E3195CE5A2A729.exe () Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\SendTo\Dokumenty na Monika Urządzenie.LNK -> C:\Users\Monika\Documents\Dokumenty na Monika Urządzenie () Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\PhotoScape.exe () Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PLAY ONLINE.lnk -> C:\Program Files (x86)\PLAY ONLINE\PLAY ONLINE.exe (No File) Shortcut: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) Shortcut: C:\Users\Public\Desktop\CWK.lnk -> C:\Program Files (x86)\Damian Pasternak\CWK\CWK.exe (Damian Pasternak) Shortcut: C:\Users\Public\Desktop\Kaspersky Internet Security.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe (Kaspersky Lab ZAO) Shortcut: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) Shortcut: C:\Users\Public\Desktop\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) Shortcut: C:\Users\UpdatusUser\Desktop\PhotoFiltre 7.lnk -> C:\Program Files (x86)\PhotoFiltre 7\PhotoFiltre7.exe (Antonio Da Cruz) Shortcut: C:\Users\UpdatusUser\Desktop\PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\PhotoScape.exe () Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation) Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation) Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation) Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation) Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation) Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation) Shortcut: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk -> C:\Program Files (x86)\PhotoScape\PhotoScape.exe () ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk -> C:\Windows\Installer\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}\wmdc.exe (Microsoft Corporation) -> /show ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk -> C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe () -> -d ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Nero ProductSetup.lnk -> C:\Program Files (x86)\Common Files\Ahead\Nero Web\SetupX.exe (Nero AG) -> -ScParameter=8 MODE="update" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Nero StartSmart Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe (Nero AG) -> -ScParameter=8 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Uaktualnienie online pakietu Nero.lnk -> C:\Program Files (x86)\Common Files\Ahead\Lib\NeroUpgrade.exe (Nero AG) -> -ScParameter=8 ShowOffer ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Narzędzia\Nero CD-DVD Speed.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\CDSpeed.exe (Nero AG) -> -ScParameter=8 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Narzędzia\Nero DriveSpeed.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe (Nero AG) -> -ScParameter=8 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Narzędzia\Nero InfoTool.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero Toolkit\InfoTool.exe (Nero AG) -> -ScParameter=8 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\Narzędzia\Nero Scout.lnk -> C:\Program Files (x86)\Common Files\Ahead\Lib\NeroScoutOptions.exe (Nero AG) -> -ScParameter=8 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\dane\Nero Express Essentials SE.lnk -> C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe (Nero AG) -> -ScParameter=8 /w ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials\audio\Nero Express Essentials SE.lnk -> C:\Program Files (x86)\Nero\Nero 7\Core\nero.exe (Nero AG) -> -ScParameter=8 /w ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark\Program odinstalowujący Lexmark BSD Series.LNK -> C:\Program Files\Lexmark BSD Series\Install\x64\LMAEAinstallgui.exe ( ) -> /u OEMProductName="Lexmark Universal v2" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security\Odinstaluj Kaspersky Internet Security.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i{8ED07EBD-22AD-415A-B71E-C1AD86862C2E} REMOVE=ALL ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation) -> -tab about ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe (Oracle Corporation) -> -tab update ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 8\doPDF 8 Getting Started.lnk -> C:\Program Files\Softland\novaPDF 8\Driver\Startup.exe () -> /oem=doPdf8_Softland ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program\Odinstaluj Pakiet Bluetooth.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {230D1595-57DA-4933-8C4E-375797EBB7E1} ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\ControlCenter3.lnk -> C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe (Brother Industries, Ltd.) -> /Model=DCP-J315W LAN#2 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\Instalowanie diagnostyki.lnk -> C:\Program Files (x86)\Brother\Brmfl10b\Brinstck.exe (Brother Industries, Ltd.) -> DCP-J315W LAN#2 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\Odinstaluj.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}\setup.exe (Macrovision Corporation) -> -runfromtemp -l0x0015 UNINSTALL Reg=BH9e2_C1,Brother DCP-J315W,LAN#2 ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\Rejestracja On-Line.lnk -> C:\Program Files (x86)\Brother\Brmfl10b\Brolink\Brolink0.exe (Brother Industories, Ltd.) -> OLR_URL /mDCP-J315W ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\Sieciowe Centrum PhotoCapture.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "ftp://BRW008092896B48" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\Status Monitor.lnk -> C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) -> Brother DCP-J315W Printer on BRW008092896B48 /SHOW ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\Ustawienia skanera\Skanery i aparaty fotograficzne.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ScannersAndCameras ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\ControlCenter3.lnk -> C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe (Brother Industries, Ltd.) -> /Model=DCP-J315W LAN ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\Instalowanie diagnostyki.lnk -> C:\Program Files (x86)\Brother\Brmfl10b\Brinstck.exe (Brother Industries, Ltd.) -> DCP-J315W LAN ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\Odinstaluj.lnk -> C:\Program Files (x86)\InstallShield Installation Information\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}\setup.exe (Macrovision Corporation) -> -runfromtemp -l0x0015 UNINSTALL Reg=BH9e2_C1,Brother DCP-J315W,LAN ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\Rejestracja On-Line.lnk -> C:\Program Files (x86)\Brother\Brmfl10b\Brolink\Brolink0.exe (Brother Industories, Ltd.) -> OLR_URL /mDCP-J315W ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\Sieciowe Centrum PhotoCapture.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "ftp://BRW008092896B48" ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\Status Monitor.lnk -> C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) -> Brother DCP-J315W Printer on BRW008092896B48 /SHOW ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\Ustawienia skanera\Skanery i aparaty fotograficzne.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ScannersAndCameras ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX ShortcutWithArgument: C:\ProgramData\Atheros\Device link\74-2f-68-41-e1-fe\Nokia 6303i classic.lnk -> C:\Program Files (x86)\Bluetooth Suite\Win7UI.exe (Atheros Commnucations) -> c8:df:7c:01:ed:76 ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff ShortcutWithArgument: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Gość\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Gość\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1 ShortcutWithArgument: C:\Users\Monika\Desktop\RÓŻNOŚCI\Uaktualnienie online pakietu Nero.lnk -> C:\Program Files (x86)\Common Files\Ahead\Lib\NeroUpgrade.exe (Nero AG) -> -ScParameter=8 ShowOffer ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView\IrfanView - Thumbnails.lnk -> C:\Program Files (x86)\IrfanView\i_view32.exe (Irfan Skiljan) -> /thumbs ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo ShortcutWithArgument: C:\Users\Monika\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart Essentials.lnk -> C:\Program Files (x86)\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe (Nero AG) -> -ScParameter=8 ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter ShortcutWithArgument: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Program Pit 2014 - rozliczenie roczne\Strona WWW programu Roczne rozliczenie podatku dochodowego - PIT 2014.url -> hxxp://www.gofin.pl InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\Brother Creative Center.url -> "hxxp://www.brother.com/creativecenter/?WT.mc_id=AF" InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\Podręczniki użytkownika w formacie PDF.url -> hxxp://solutions.brother.com/cgi-bin/solutions.cgi?MDL=mfc289&LNG=pl&SRC=DOC InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN#2\Pomoc online i często zadawane pytania (FAQ).url -> hxxp://solutions.brother.com/cgi-bin/solutions.cgi?MDL=mfc289&LNG=pl&SRC=FAQ InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\Brother Creative Center.url -> "hxxp://www.brother.com/creativecenter/?WT.mc_id=AF" InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\Podręczniki użytkownika w formacie PDF.url -> hxxp://solutions.brother.com/cgi-bin/solutions.cgi?MDL=mfc289&LNG=pl&SRC=DOC InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Brother\DCP-J315W LAN\Pomoc online i często zadawane pytania (FAQ).url -> hxxp://solutions.brother.com/cgi-bin/solutions.cgi?MDL=mfc289&LNG=pl&SRC=FAQ InternetURL: C:\Users\Gość\Favorites\Links for Polska\Bezpieczeństwo w trybie online.url -> hxxp://go.microsoft.com/fwlink/?LinkId=142211 InternetURL: C:\Users\Gość\Favorites\Links for Polska\Bezpieczny Internet.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129626 InternetURL: C:\Users\Gość\Favorites\Links for Polska\Kultura.pl.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129625 InternetURL: C:\Users\Gość\Favorites\Links for Polska\Pogodynka.pl — oficjalny serwis pogodowy IMGW.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129624 InternetURL: C:\Users\Gość\Favorites\Links for Polska\Polska.pl.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129622 InternetURL: C:\Users\Gość\Favorites\Links\Galeria obiektów Web Slice.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315 InternetURL: C:\Users\Monika\Favorites\Windows Live\Galeria gadżetów Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkID=70742 InternetURL: C:\Users\Monika\Favorites\Windows Live\Poczta usługi Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72681 InternetURL: C:\Users\Monika\Favorites\Windows Live\Programy usługi Windows Live.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72700 InternetURL: C:\Users\Monika\Favorites\Windows Live\Windows Live Spaces.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72682 InternetURL: C:\Users\Monika\Favorites\MSN — witryny sieci Web\MSN Gospodarka.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68923 InternetURL: C:\Users\Monika\Favorites\MSN — witryny sieci Web\MSN Rozrywka.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68924 InternetURL: C:\Users\Monika\Favorites\MSN — witryny sieci Web\MSN Sport.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68921 InternetURL: C:\Users\Monika\Favorites\MSN — witryny sieci Web\MSN Technologie.url -> hxxp://go.microsoft.com/fwlink/?LinkId=55143 InternetURL: C:\Users\Monika\Favorites\MSN — witryny sieci Web\MSN Wideo.url -> hxxp://go.microsoft.com/fwlink/?LinkId=68922 InternetURL: C:\Users\Monika\Favorites\MSN — witryny sieci Web\Portal MSN.url -> hxxp://go.microsoft.com/fwlink/?LinkId=54729 InternetURL: C:\Users\Monika\Favorites\Microsoft — witryny sieci Web\Centrum bezpieczeństwa Microsoft.url -> hxxp://go.microsoft.com/fwlink/?LinkID=72887 InternetURL: C:\Users\Monika\Favorites\Microsoft — witryny sieci Web\Dodatki programu Internet Explorer.url -> hxxp://go.microsoft.com/fwlink/?LinkId=50893 InternetURL: C:\Users\Monika\Favorites\Microsoft — witryny sieci Web\Microsoft Office Online.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72885 InternetURL: C:\Users\Monika\Favorites\Microsoft — witryny sieci Web\Microsoft Store.url -> hxxp://go.microsoft.com/fwlink/?linkid=140813 InternetURL: C:\Users\Monika\Favorites\Microsoft — witryny sieci Web\Microsoft Technet.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72886 InternetURL: C:\Users\Monika\Favorites\Microsoft — witryny sieci Web\Microsoft w Polsce.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72520 InternetURL: C:\Users\Monika\Favorites\Microsoft — witryny sieci Web\Oryginalne oprogramowanie firmy Microsoft.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72900 InternetURL: C:\Users\Monika\Favorites\Microsoft — witryny sieci Web\Strona główna programu Internet Explorer.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72186 InternetURL: C:\Users\Monika\Favorites\Microsoft — witryny sieci Web\Strona główna systemu Windows.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72629 InternetURL: C:\Users\Monika\Favorites\Microsoft — witryny sieci Web\Technologia RSS.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72889 InternetURL: C:\Users\Monika\Favorites\Microsoft — witryny sieci Web\W domu.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72406 InternetURL: C:\Users\Monika\Favorites\Microsoft — witryny sieci Web\W pracy.url -> hxxp://go.microsoft.com/fwlink/?LinkId=72407 InternetURL: C:\Users\Monika\Favorites\Links for Polska\Bezpieczeństwo w trybie online.url -> hxxp://go.microsoft.com/fwlink/?LinkId=142211 InternetURL: C:\Users\Monika\Favorites\Links for Polska\Bezpieczny Internet.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129626 InternetURL: C:\Users\Monika\Favorites\Links for Polska\Kultura.pl.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129625 InternetURL: C:\Users\Monika\Favorites\Links for Polska\Pogodynka.pl — oficjalny serwis pogodowy IMGW.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129624 InternetURL: C:\Users\Monika\Favorites\Links for Polska\Polska.pl.url -> hxxp://go.microsoft.com/fwlink/?LinkId=129622 InternetURL: C:\Users\Monika\Favorites\Links\Galeria obiektów Web Slice.url -> hxxp://go.microsoft.com/fwlink/?LinkId=121315 InternetURL: C:\Users\Monika\Favorites\Links\Sugerowane witryny.url -> https://ieonline.microsoft.com/#ieslice InternetURL: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments\Service Center\Native Instruments Homepage.url -> hxxp://www.native-instruments.net/ ==================== End of log =============================

Addition

Kod: Zaznacz wszystko: Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015 Ran by Monika at 2015-07-17 22:18:51 Running from C:\Users\Monika\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1653579745-25035085-109708339-500 - Administrator - Disabled) ASPNET (S-1-5-21-1653579745-25035085-109708339-1005 - Limited - Enabled) Gość (S-1-5-21-1653579745-25035085-109708339-501 - Limited - Disabled) => C:\Users\Gość HomeGroupUser$ (S-1-5-21-1653579745-25035085-109708339-1003 - Limited - Enabled) Monika (S-1-5-21-1653579745-25035085-109708339-1000 - Administrator - Enabled) => C:\Users\Monika UpdatusUser (S-1-5-21-1653579745-25035085-109708339-1001 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated) Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) ASUS AI Recovery (HKLM-x32\...\{38253529-D97D-4901-AE53-5CC9736D3A2E}) (Version: 1.0.13 - ASUS) ASUS FancyStart (HKLM-x32\...\{2B81872B-A054-48DA-BE3B-FA5C164C303A}) (Version: 1.0.8 - ASUSTeK Computer Inc.) ASUS K3 Series ScreenSaver (HKLM-x32\...\ASUS K3 Series ScreenSaver) (Version: 1.0.0002 - ASUS) ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.20 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS) ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.43 - ASUS) ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0011 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0030 - ASUS) ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus) Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 7.0 - Atheros) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS) Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team) Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.65 - Atheros Communications) Brother MFL-Pro Suite DCP-J315W (HKLM-x32\...\{FB83EAC4-E3F6-4666-B45B-44522F2344B6}) (Version: 2.0.0.0 - Brother Industries, Ltd.) Centrum obsługi urządzeń z systemem Windows Mobile (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation) CorelDRAW Graphics Suite X3 (HKLM-x32\...\_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}) (Version: - Corel Corporation) CorelDRAW Graphics Suite X3 (x32 Version: 13.2 - Corel Corporation) Hidden Crystal Reports for .NET Framework 2.0 (x86) (HKLM-x32\...\{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}) (Version: 10.2.0 - Business Objects) CWK (Czasowy Wyłącznik Komputera) (HKLM-x32\...\CWK) (Version: 2.52.3.43 - Damian Pasternak) doPDF (Version: 8.3.933 - Softland) Hidden doPDF 8 (HKLM-x32\...\{879ff0f8-74fc-4bdd-ba30-91c6bd15fc63}) (Version: 8.3.933 - Softland) e-Deklaracje Desktop (HKLM-x32\...\e-Deklaracje.A1909296681C7ACEFE45687D3A64758C8659BF46.1) (Version: 7.0.1 - Ministerstwo Finansow) e-Deklaracje Desktop (x32 Version: 7.0.1 - Ministerstwo Finansow) Hidden ETDWare PS/2-X64 8.0.5.0_WHQL (HKLM\...\Elantech) (Version: 8.0.5.0 - ELAN Microelectronic Corp.) Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated) Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS) FileZilla Client 3.6.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.6.0.2 - FileZilla Project) FontNav (x32 Version: 5.0 - Corel Corporation) Hidden Generator Wniosków Płatniczych dla PO KL (HKLM-x32\...\{7261ADCF-3FCE-4A4E-96B3-694FADC1A853}) (Version: 7.5.1 - JCommerce S.A.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Nazwa firmy) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2291 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan) Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation) JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden Lexmark BSD Series Program odinstalowujący (HKLM\...\Lexmark Universal v2) (Version: - Lexmark International, Inc.) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Mozilla Firefox 39.0 (x86 pl) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 pl)) (Version: 39.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MrvlUsgTracking (HKLM-x32\...\{A82D052A-0806-42DF-80CD-1730A1AC0ED3}) (Version: 1.0.7 - Marvell) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - ) Nero 7 Essentials (HKLM-x32\...\{81CD6232-10F5-4832-B3DA-1B88B1571045}) (Version: 7.02.5851 - Nero AG) novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{B76E7EF3-496E-4694-BE0E-6B4664A1125E}) (Version: 8.3.933 - Softland) novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{3940A845-3772-4018-923F-E587054F7559}) (Version: 8.3.933 - Softland) novaPDF 8 Printer Driver (HKLM\...\{045B8BF0-ADD8-453E-B931-8F92D10DC86A}) (Version: 8.3.933 - Softland) novaPDF 8 SDK COM (x64) (HKLM\...\{1A0A2039-B6E0-4021-BE0F-93A1CF884AC0}) (Version: 8.3.933 - Softland) novaPDF 8 SDK COM (x86) (HKLM-x32\...\{58FBA2A0-46E2-43B2-B198-696EF9B3A643}) (Version: 8.3.933 - Softland) Nowe Gadu-Gadu (HKLM-x32\...\Nowe Gadu-Gadu) (Version: - GG Network S.A.) NVIDIA Sterownik graficzny 267.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.21 - NVIDIA Corporation) Opera Stable 30.0.1835.125 (HKLM-x32\...\Opera 30.0.1835.125) (Version: 30.0.1835.125 - Opera Software) Pakiet sterowników systemu Windows - AUTO M3 Ltd OPCOM USB V2 Driver (10/22/2009 2.06.00) (HKLM\...\14142D0B613CE5CBC33FEB9457C6C1F9409DFD52) (Version: 10/22/2009 2.06.00 - AUTO M3 Ltd) Panel sterowania NVIDIA 267.21 (Version: 267.21 - NVIDIA Corporation) Hidden PhotoFiltre 7 (HKU\S-1-5-21-1653579745-25035085-109708339-1000\...\PhotoFiltre 7) (Version: - ) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) PITy2013 IPS 1.5.2.0 kompilacja:1.5.3.16 (HKLM-x32\...\PITy2013IPS_is1) (Version: - IPS Przedsiębiorstwo Informatyczne) PL (x32 Version: 13.0 - Corel Corporation) Hidden Polski pakiet językowy dla programu Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Polski pakiet językowy dla programu Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended PLK Language Pack) (Version: 4.0.30319 - Microsoft Corporation) Program Pit 2014 - wersja 8.0.26.35 (HKLM-x32\...\Roczne rozliczenie podatku dochodowego - PIT Gofin 2014_is1) (Version: - Wydawnictwo Podatkowe GOFIN sp. z o.o.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6294 - Realtek Semiconductor Corp.) Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.) Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.) Total Commander (Remove or Repair) (HKLM-x32\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden VBA (x32 Version: 6.2 - Corel Corporation) Hidden Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS) WinRAR 4.10 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.10.0 - win.rar GmbH) Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS) Wtyczka e-Deklaracje (HKLM-x32\...\{81BF6353-3C5B-4E6E-A566-7E162A00BF72}_is1) (Version: 4.0.0 - Ministerstwo Finansów) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1653579745-25035085-109708339-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Monika\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1653579745-25035085-109708339-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Monika\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1653579745-25035085-109708339-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Monika\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1653579745-25035085-109708339-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Monika\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1653579745-25035085-109708339-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Monika\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 23-06-2015 20:09:32 Windows Update 26-06-2015 21:20:53 Windows Update 28-06-2015 20:53:54 doPDF 8 01-07-2015 07:04:41 Windows Update 05-07-2015 18:53:23 Windows Update 10-07-2015 17:10:59 Windows Update 15-07-2015 22:56:50 Windows Update 16-07-2015 06:14:51 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06923F15-3CB1-4C13-A16D-92E32931C7A2} - System32\Tasks\e-pity2012_styczen => C:\Program Files (x86)\e-file\e-pity2012\signxml.exe Task: {735ECB18-BC1C-45AC-9AED-70971DE9FB51} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2015-06-09] () Task: {795ED1C8-E19F-4983-9BAD-5A09C12B5834} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {8200FDC8-8CA8-4232-8106-A1E112DB37A8} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.) Task: {A6CC1DC8-876B-40B8-8BA4-77CAC5DAD15F} - System32\Tasks\Opera scheduled Autoupdate 1418546923 => C:\Program Files (x86)\Opera\launcher.exe [2015-07-10] (Opera Software) Task: {B3144031-4C7E-47B0-B902-C197650A8F03} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe Task: {B4010255-7CE9-42FD-B2CD-5FF1199CE1CE} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS) Task: {CCC841C1-B8A2-4472-BCA5-32E8C7F2888B} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2010-08-02] (ASUS) Task: {E4F458EA-9AF9-4C7B-9835-A87F530D53F1} - System32\Tasks\{D80BC7FA-55FD-490B-A8BD-035D67283EC9} => pcalua.exe -a C:\Users\Monika\Desktop\irfanview_lang_polski.exe -d C:\Users\Monika\Desktop Task: {E8F12429-B528-4249-88DF-BD7F85CEDC70} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-12-01] (ASUS) Task: {E8FDF55F-8941-4966-9EF9-24801D762BBF} - System32\Tasks\{B70916DF-2C0E-49C6-B545-EAE7F389933C} => pcalua.exe -a C:\Users\Monika\Desktop\ActiveSync3.71\MSASYNC371.exe -d C:\Users\Monika\Desktop\ActiveSync3.71 Task: {F20CCAAA-1F5F-477F-B1FE-D0B5E0B85A11} - System32\Tasks\e-pity2012_kwiecien => C:\Program Files (x86)\e-file\e-pity2012\signxml.exe Task: {F3C046E7-455D-4DCF-AFCA-C4A2CD9AA7CE} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2010-11-15] (ASUS) Task: {FE581224-F81D-4439-B525-3C11560EF24A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (Whitelisted) ============== 2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2010-04-02 20:21 - 2008-10-01 00:08 - 00011264 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll 2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll 2015-06-09 12:22 - 2015-06-09 12:22 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll 2015-06-09 12:22 - 2015-06-09 12:22 - 00052512 _____ () C:\Program Files\Softland\novaPDF 8\Server\CryptUtil.dll 2015-06-09 12:22 - 2015-06-09 12:22 - 00026912 _____ () C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll 2011-04-22 09:38 - 2011-01-27 02:11 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2010-09-23 17:53 - 2010-09-23 17:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe 2013-11-09 14:19 - 2005-04-22 06:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll 2011-08-31 15:33 - 2011-08-31 15:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll 2014-08-30 18:12 - 2014-08-30 18:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll 2013-11-09 14:19 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2014-08-30 18:12 - 2015-01-31 09:24 - 00332584 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com\nponlinebanking.dll 2014-08-30 18:12 - 2015-01-31 09:24 - 00459048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll 2014-08-30 18:12 - 2015-01-31 09:24 - 00587048 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll 2015-07-14 21:15 - 2015-07-14 21:15 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:55B41E6A ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1653579745-25035085-109708339-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{ED35731A-2A2F-4C22-BD4D-5E5D294F0293}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{450CF4B0-5D44-4AB2-9CE4-B0CBCBCF2DA6}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [TCP Query User{A2AC7D50-568B-405F-8DE2-EDA74B986D95}C:\program files (x86)\nowe gadu-gadu\gg.exe] => (Allow) C:\program files (x86)\nowe gadu-gadu\gg.exe FirewallRules: [UDP Query User{06FBCA07-A4E7-45A1-96C8-B5934BC3245C}C:\program files (x86)\nowe gadu-gadu\gg.exe] => (Allow) C:\program files (x86)\nowe gadu-gadu\gg.exe FirewallRules: [TCP Query User{ADDB096E-8083-48EF-9D3C-14587855496E}C:\program files (x86)\nowe gadu-gadu\gg.exe] => (Allow) C:\program files (x86)\nowe gadu-gadu\gg.exe FirewallRules: [UDP Query User{ADC66837-3F5D-442B-BEB7-2F61A00471DB}C:\program files (x86)\nowe gadu-gadu\gg.exe] => (Allow) C:\program files (x86)\nowe gadu-gadu\gg.exe FirewallRules: [{CC636A89-0BEF-4549-A735-69B512CABB64}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{435A510B-79BB-484E-B960-84C40DECC646}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{D092F2A5-4894-42E4-8A48-5D21D58A1AAA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{4C0C6113-9B76-4E77-B16B-3FD348BF581C}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{0B002628-D8FD-4771-8556-43D676220159}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{79557BEC-C36C-4113-B95C-9A068E33332B}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{8B5417A9-9F89-4ACD-B141-F03F5F2AC7A8}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{D661D8DF-D605-44D5-ABBC-EC215FD0A48D}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{DB5749AE-7BD8-466F-B5EA-27445FE741A0}] => (Allow) LPort=54925 FirewallRules: [{6CFE72C7-86B0-48E3-8A5C-B1BBD2DEE349}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE FirewallRules: [{41E04ABD-F099-47D5-A88C-D289949D6193}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\HP1006MC.EXE FirewallRules: [{40C100C1-073B-479B-A517-5B58A2AF198C}] => (Allow) E:\Install\x64\InstallGui.exe FirewallRules: [{9EB05949-7346-4B2E-91F8-908142ECEA9C}] => (Allow) E:\Install\x64\InstallGui.exe FirewallRules: [{6BD00D2C-3CD0-463D-897A-B89B5AAC27F5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{80FE5132-0639-4BC8-8A9E-3F51AB6F3EFC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6F27D137-220C-4AE6-9E6D-62A8A8B80F88}] => (Allow) C:\Users\Monika\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [TCP Query User{0ED25E28-82F0-40CB-B75C-C0F164B395F1}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{5F95A304-F676-4A98-9DB8-E0CAA319A60E}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{83409ED6-6D99-4C44-A1A3-64E2DC632F86}] => (Allow) LPort=8501 FirewallRules: [{DAB037BD-D212-494C-8201-52893ADA6C69}] => (Allow) LPort=8501 ==================== Faulty Device Manager Devices ============= Name: Teredo Tunneling Pseudo-Interface Description: Karta tunelowania Teredo firmy Microsoft Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Bluetooth Module Description: Bluetooth Module Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Atheros Communications Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/16/2015 07:35:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 39.0.0.5659, sygnatura czasowa: 0x55934d06 Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 39.0.0.5659, sygnatura czasowa: 0x55933a83 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x00001aa1 Identyfikator procesu powodującego błąd: 0x113c Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 Error: (07/16/2015 07:35:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 39.0.0.5659, sygnatura czasowa: 0x55934d06 Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 39.0.0.5659, sygnatura czasowa: 0x55933a83 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x00001aa1 Identyfikator procesu powodującego błąd: 0x115c Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 Error: (07/16/2015 07:34:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 39.0.0.5659, sygnatura czasowa: 0x55934d06 Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 39.0.0.5659, sygnatura czasowa: 0x55933a83 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x00001aa1 Identyfikator procesu powodującego błąd: 0x78c Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 Error: (07/16/2015 07:33:32 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: ProtectWindowsManager.exe, wersja: 20.0.0.2288, sygnatura czasowa: 0x55681c9a Nazwa modułu powodującego błąd: ProtectWindowsManager.exe, wersja: 20.0.0.2288, sygnatura czasowa: 0x55681c9a Kod wyjątku: 0xc0000417 Przesunięcie błędu: 0x00021b20 Identyfikator procesu powodującego błąd: 0x690 Godzina uruchomienia aplikacji powodującej błąd: 0xProtectWindowsManager.exe0 Ścieżka aplikacji powodującej błąd: ProtectWindowsManager.exe1 Ścieżka modułu powodującego błąd: ProtectWindowsManager.exe2 Identyfikator raportu: ProtectWindowsManager.exe3 Error: (07/11/2015 05:56:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 39.0.0.5659, sygnatura czasowa: 0x55934d06 Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 39.0.0.5659, sygnatura czasowa: 0x55933a83 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x00001aa1 Identyfikator procesu powodującego błąd: 0x179c Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 Error: (07/11/2015 05:56:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 39.0.0.5659, sygnatura czasowa: 0x55934d06 Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 39.0.0.5659, sygnatura czasowa: 0x55933a83 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x00001aa1 Identyfikator procesu powodującego błąd: 0x164c Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 Error: (07/11/2015 05:56:26 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 39.0.0.5659, sygnatura czasowa: 0x55934d06 Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 39.0.0.5659, sygnatura czasowa: 0x55933a83 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x00001aa1 Identyfikator procesu powodującego błąd: 0x154c Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 Error: (07/09/2015 06:55:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 38.0.5.5623, sygnatura czasowa: 0x5563c49a Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 38.0.5.5623, sygnatura czasowa: 0x5563b229 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x00001aa1 Identyfikator procesu powodującego błąd: 0x358 Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 Error: (07/09/2015 06:55:29 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 38.0.5.5623, sygnatura czasowa: 0x5563c49a Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 38.0.5.5623, sygnatura czasowa: 0x5563b229 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x00001aa1 Identyfikator procesu powodującego błąd: 0x8d4 Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 Error: (07/09/2015 06:55:15 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Nazwa aplikacji powodującej błąd: plugin-container.exe, wersja: 38.0.5.5623, sygnatura czasowa: 0x5563c49a Nazwa modułu powodującego błąd: mozalloc.dll, wersja: 38.0.5.5623, sygnatura czasowa: 0x5563b229 Kod wyjątku: 0x80000003 Przesunięcie błędu: 0x00001aa1 Identyfikator procesu powodującego błąd: 0xcb8 Godzina uruchomienia aplikacji powodującej błąd: 0xplugin-container.exe0 Ścieżka aplikacji powodującej błąd: plugin-container.exe1 Ścieżka modułu powodującego błąd: plugin-container.exe2 Identyfikator raportu: plugin-container.exe3 System errors: ============= Error: (07/17/2015 10:13:00 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Usługa NVIDIA Update Service Daemon zawiesiła się podczas uruchamiania. Error: (07/17/2015 10:09:18 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Upłynął limit czasu (30000 ms) podczas oczekiwania na odpowiedź transakcji z usługi AVP15.0.1. Error: (07/17/2015 10:06:06 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: Usługa Windows Update nie została poprawnie zamknięta po odebraniu kodu sterującego przed zamknięciem. Error: (07/17/2015 10:05:28 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Uruchom usługę ponownie) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie: %%1056. Error: (07/17/2015 10:04:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (07/17/2015 10:04:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Intel(R) Turbo Boost Technology Monitor niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. W przeciągu 1000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (07/17/2015 10:04:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa Usługa buforowania czcionek platformy Windows Presentation Foundation, wersja 3.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 2. Error: (07/17/2015 10:04:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Ochrona oprogramowania niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 120000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (07/17/2015 10:04:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Usługa Usługa udostępniania w sieci programu Windows Media Player niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Uruchom usługę ponownie. Error: (07/17/2015 10:04:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Usługa NVIDIA Update Service Daemon niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. Microsoft Office: ========================= Error: (01/26/2015 10:14:53 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6713.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 217 seconds with 120 seconds of active time. This session ended with a crash. Error: (09/24/2013 09:49:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5001, Microsoft Office Version: 12.0.6612.1000. This session lasted 7277 seconds with 3360 seconds of active time. This session ended with a crash. Error: (08/28/2013 10:48:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2851 seconds with 1920 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-10-12 15:06:03.201 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-12 15:06:03.199 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-12 15:06:03.196 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-12 15:06:03.176 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-12 15:06:03.174 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-12 15:06:03.171 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-09 20:47:10.388 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-09 20:47:10.386 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-09 20:47:10.383 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-10-09 20:47:10.352 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz Percentage of memory in use: 58% Total physical RAM: 6055.79 MB Available physical RAM: 2495.07 MB Total Virtual: 12109.77 MB Available Virtual: 8714.13 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:250.05 GB) (Free:123.52 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Data) (Fixed) (Total:321.12 GB) (Free:217.33 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 38601C96) Partition 1: (Not Active) - (Size=25 GB) - (Type=1C) Partition 2: (Active) - (Size=250.1 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=321.1 GB) - (Type=OF Extended) ==================== End of log ============================

**Posty:** 4765 · przez **ordynat** 18 Lip 2015, 07:22

Tylko kosmetyka:
Otwórz Notatnik i wklej w nim:

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
Reg: reg delete "HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes" /f
Reg: reg delete "HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes" /f
FF HKLM-x32\...\Firefox\Extensions: [defsearchp@gmail.com] - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\extensions\defsearchp@gmail.com
FF SearchPlugin: C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\searchplugins\delta-homes.xml [2015-07-17]
FF Extension: Default NewTab - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\Extensions\default_newtabff@gmail.com [2015-07-17]
FF Extension: Default SearchProtected - C:\Users\Monika\AppData\Roaming\Mozilla\Firefox\Profiles\qgomyjlb.default-1422738746209\Extensions\defsearchp@gmail.com.xpi [2015-06-26]
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: delta-homes
FF SelectedSearchEngine: delta-homes
Startup: C:\Users\Monika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk [2014-12-14]
ShortcutTarget: HDDlife.lnk -> C:\Program Files (x86)\BinarySense\HDDlife 4\HDDlifePro.exe (No File)
EmptyTemp:

Plik zapisz pod nazwą fixlist.txt i umieść obok FRST.exe
Uruchom FRST i kliknij przycisk Fix.
.

Autor postu otrzymał pochwałę

**Posty:** 1385 · przez **cinek_1111** 18 Lip 2015, 21:13

Wielkie dzięki, pomogło.